Home / / Bond script was casualty in Sony Pictures hack

Bond script was casualty in Sony Pictures hack

‘SPECTRE’ outed as victim while reports emerge of DDoS counterstrike

Bond script was casualty in Sony Pictures hack
From left to right: Lea Seydoux, Daniel Craig and Monica Bellucci, during an event to launch the 24th James Bond film 'SPECTRE' at Pinewood Studios on 4 December, 2014.

Eon Productions, the film studio behind the James Bond franchise, this weekend revealed that an early version of the latest 007 script "SPECTRE" was among sensitive documents and media files stolen from Sony Pictures Entertainment as part of a devastating cyber-attack.

"Eon Productions is concerned that third parties who have received the stolen screenplay may seek to publish it or its contents," the company said in a statement, also reminding the public that the script is protected by UK copyright laws.

The revelation came just a day after widespread reporting of a DDoS counter-attack by Sony against the websites that held its sensitive data. According to tech site Re/code, Sony used "hundreds of computers in Asia" to execute the counterstrike, citing one inside source that claimed Amazon Web Services (AWS) cloud infrastructure had been used as part of the operation.

Amazon has been quick to respond to the claims referring to use of its infrastructure, saying the "activity being reported is not currently happening on AWS".

"AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services," the company told Re/code.

Such an attack by Sony would constitute a crime in many countries and, as cyber security firm Incapsula advised, could be counter-productive.

Continues on next page>>

"If, in fact, Sony is planning retaliatory attacks against websites that are keeping their leaked information, this probably won't stop hackers from attacking them; it may only spur them to greater action," said Marc Gaffan, CEO and co-founder of Incapsula, in an email circular on Thursday.

"However, launching DDoS attacks is illegal, regardless if it is in response to an attack or in self-defence. While these types of attacks are effective in shutting down websites, it will also impact innocent parties that are caught in the line of fire. If Sony is fighting back, we hope that they are better prepared to thwart these attacks than they were two weeks ago."

The precise culprit in the 24 November attack on Sony Pictures' network is unclear. The attack not only resulted in data theft, but wiped PCs and disabled network infrastructure. It took Sony more than a week to restore its systems and the cost to its business may have been as much as $100m, according to one analyst's estimate.

North Korea was touted as a prime suspect by many media reports, including one by Re/code, which referred to an inside source who said Sony was ready to name the reclusive nation as the perpetrator. But a senior FBI investigator poured cold water on these claims, citing lack of evidence. Pyongyang's government is on record as strongly disapproving of a forthcoming Sony movie that depicts the graphic assassination of North Korean leader Kim Jong Un.

The Bond script leak will be a significant embarrassment to Sony. The secret agent's last outing, "Skyfall" took $1.1bn worldwide at the box office, a record for the series. The latest edition, with Daniel Craig as 007, co-stars Lea Seydoux, Christoph Waltz and Monica Bellucci, and pits Bond against classic cat-stroking adversary Ernst Stavro Blofeld.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.