Sophos Cloud Optix
Sony Pictures Entertainment has warned the media not to publish the details of anything that was stolen in last month’s hack by a group calling itself Guardians of Peace (GOP).
David Boies, Sony’s attorney, sent out a three page letter referencing “stolen information” to various news publications on Sunday.
The Wall Street Journal reports it received the communication along with Bloomberg News, the New York Times and other media outlets.
The letter – seen here addressed to The Hollywood Reporter – also demands that the publications destroy any Sony data already within their possession:
SPE does not consent to your possession, review, copying, dissemination, publication, uploading, downloading, or making any use of the Stolen Information, and to request your cooperation in destroying the Stolen Information.
Boies asks recipients of the letter to notify his law firm as soon as they realise they are in possession of any information that came from the Sony hack and to pass the message onto anyone with whom they may have shared it with.
Failure to comply, the letter says, will leave Sony Pictures Entertainment with “no choice but to hold you responsible for any damage or loss arising from such use or dissemination by you, including any damages or loss to SPE or others.”
After a series of disclosures by the hackers, over the weekend it was also announced that an early version of the screenplay for upcoming James Bond film SPECTRE had been stolen by the hackers who subsequently posted it online.
EON Productions, the producers of the James Bond franchise, said it is “concerned that third parties who have received the stolen screenplay may seek to publish it or its contents,” and referenced the legal protections afforded to it under copyright law in the UK and other nations.
And, in a weird twist to the story, re/code reports that Sony employees have been offered the chance to keep their hacked emails out of the limelight.
In broken English, the offer was made via Pastebin and Friendpaste:
Message to SPE Staffers. We have a plan to release emails and privacy of the Sony Pictures employees. If you don't want your privacy to be released, tell us your name and business title to take off your data.
It’s impossible to tell whether the communication really came from the hackers, and even less apparent whether the offer is genuine. But whoever was behind the message referenced another upcoming “Christmas gift” leak which will contain “larger quantities of data. And it will be more interesting.”
I’ve put a lot of thought into this since I read about this letter. I believe Sony is trying to stop the bleeding, but like the government, they can say that they aren’t authorized to be in possession of it, but Freedom of the Press is a really highly held position here in the United States. It could put a serious damper on it if the court were to side with Sony.
It will be interesting to see how this plays in, but I imagine Sony won’t be in a better position for having sent this letter in the first place.
Sony might not be able to do much in law against publications that the leaks (freedom of speech etc), but many Hollywood magazines probably depend quite heavily on good will from the movie studios for press photos, access to premières, start interviews etc.
If Sony decide to freeze some of them out because of what they print over the next few months, then they will suffer consequences even if they have done nothing legally wrong.
Freedom to speak protects us from the GOVERNMENT, not from private entities. In every US state it is a crime to knowingly keep or pass on stolen property. One’s only allowed action is to return it.
It is possible that the entity receiving the property back will grant a reward for doing so, but that is not required (not sure if that’s true in all states, but it is in Minnesota).
Let’s see: Sony did not properly protect its data, and now it is asking innocent parties who might come across it to not do anything with it but report back to Sony–on the honor system?
Is this the best they can do to mitigate/improve their security?
Regards,
Innocent parties? The media!!! Haha…..
There’s not much Sony can do about mitigation in this instance when they’ve been breached and data has already been stolen. The issue here is not Sony’s data, it’s the information they have on individuals (actors, etc) that could cause some potential damage. And if we’re interested in privacy then we should also be interested in the privacy of everyone regardless of their pay packet, status or role.
Literally, it could have happened to any company, even the ones we work for and then our data would be out there for release. Not much fun and I don’t see why these individuals should suffer because Sony had a gap in their security.
In any case it’s probably just a load of Xbots sour over the fact that the PS4 was doing better. Perhaps it will stop now that the XB1 has gained some ground.
I teach computer and internet security classes to the public, which are usually poorly attended. I tell the classes that e-mail is like a post card, except instead of just the mail handlers and the sorters in the post offices being able to read it, messages exist forever on mail servers and can be read by anyone with enough interest in viewing them, so don’t put anything in an e-mail that you would put on a sign and carry down the street, or around your office or home. It always surprises me how little people understand about how the internet works.
I’m not sure that applies as much to corporate environments.
This really isn’t any different than a celebrity having their nude pictures stolen and then taking legal action against any site that posts the pictures. Sony has every right to tell news outlets not to publish stolen data. They may not have very sound ground to stand on, but they have every right to ask for it.
The other thing that bothers me is all this talk about Sony having a hole in their security and not protecting their data. Do you really think they didn’t try to protect their data? ANYONE CAN BE HACKED, ANYONE! It doesn’t matter what your security protocol is, if someone (or a group of someones) want in bad enough, they’re getting in. Stop blaming the victim (I know that’s a strong word but I think it does fit here) and start blaming the hackers!
Brian M wrote “Stop blaming the victim (I know that’s a strong word but I think it does fit here) and start blaming the hackers!”
There’s still a lot of resentment towards Sony for:
1) Deploying a rootkit with their music media
2) Their probably role in getting DMCA passed
3) Killing the option to boot an alternate OS (Linux) on PlayStation 3
4) Other things I can’t recall now
Under (4), some people might include “going after George Hotz for trying to fix problem (3).”
Which hackers? Sony (rootkit) or the hackers of Sony (GOP)?
You are correct. To put it in real-world terms: If I lock my garage door, and someone breaks in, it’s called burglary.
If I fail to lock my garage door and someone steals my bike, it’s only the name of the crime that changes: larceny. It’s still a crime.