Blaze News investigates: 10 years after the Sony Pictures breach, we still don’t have any details about North Korean hackers

The tenth anniversary of the Sony Pictures hack, which was centered around the Seth Rogen and James Franco comedy “The Interview,” has come around.

In the film, Rogen and Franco team up to interview North Korean leader Kim Jong Un to save their dwindling television careers.

The movie’s plot was allegedly so egregious in the eyes of the DPRK dictator that North Korean hackers breached the servers of Sony Pictures, releasing massive data dumps that included troves of emails from Sony executives like CEO Michael Lynton and co-chairman Amy Pascal.

'Typically, it’s the IT staff you have to worry about.'

It took just four days after the November 24, 2014, hack for the first report, published by Re/code, to attribute the attack to North Korean entities.

The Guardians of Peace

Initially, Sony received messages from a group called “God’sApstls,” littered with statements about Sony's bad business practices.

“We’ve got great damage by Sony Pictures,” the message said in broken English. “The compensation for it, monetary compensation we want. Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You’d better behave wisely.”

The God’sApstls were only referred to again in follow-up messages by a group called the Guardians of Peace.

“We’ve already warned you, and this is just a beginning. We continue till our request be met,” the other group’s message said, per Deadline. “Thanks a lot to God’sApstls contributing your great effort to peace of the world,” it added.

This is where allegations began that the hack originated from inside the Sony lot rather than a North Korean entity.

Lucas Zaichkowsky, a cybersecurity expert, remarked at the time that state-sponsored hackers typically do not adopt catchy names like Guardians of Peace.

“Attackers don't create cool names for themselves,” he stated.

Researcher Ken Heckenlively agreed, saying the hackers’ messages “sounded like what comes from a group of disgruntled employees.”

The author told Blaze News in an interview that he spoke to tech experts, cybersecurity firms, and even former members of the intelligence community, all of whom were skeptical of the official government narrative.

The author joked through a choppy internet connection that “the powers that be will not stop this information from getting out!” The feed then stabilized enough to show his book.

On the cover, a cartoon Barack Obama and Kim Jong Un fight like Godzilla and Rodan in front of a Hollywood backdrop. The subjects inside, however, are much more serious than the cover may let on.

Inside the Sony Hack: The Story Behind America’s Most Notorious Brink-of-War Cover-Up

Heckenlively explained that in 2014, several cybersecurity agencies wanted to jump into action and save the day.

He referred to cybersecurity agencies as being “like bounty hunters” who all want to play hero for the big tech companies.

Cybersecurity company Norse got the job and began its investigation in late December 2014.

"Sony had gone through a significant downsizing in [May] 2014," Heckenlively told Blaze News. “And a lot of that included IT staff. Typically, it’s the IT staff you have to worry about because they have access to your network,” he laughed.

"Pretty quickly it appeared to [Norse] that the hack was done by an insider, using this other hacker group called Lizard Squad that had previously hacked the Sony PlayStation,” Heckenlively stated, emphasizing yet another curious hacking group name.

That hack, which took place just a few months earlier in August 2014, took down the PlayStation Network, Xbox Live, and Facebook.

"That wasn't the narrative that the United States government wanted, though,” the author continued. "It was the North Koreans! It was Kim Jong Un! ... But the North Koreans didn't have the capacity to do that. The hack was done by an insider, probably with an actual physical presence on the Sony lot."

Kurt Stammberger, then senior vice president of Norse, presented his findings to the FBI. They also suggested the breach was an inside job.

“Sony was not just hacked; this is a company that was essentially nuked from the inside,” Stammberger told CBS News. “We are very confident that this was not an attack masterminded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history.”

Stammberger posited that the security lapse likely stemmed from six disgruntled former employees who were among those laid off earlier in 2014.

But this wasn’t a case of Norse going rogue and defying the government; other cybersecurity professionals agreed with the company.

Los Angeles Times columnist Michael Hiltzik characterized the evidence implicating North Korea as “circumstantial” and noted that other experts were also “skeptical” about linking the attack to the regime.

Wired’s Kim Zetter described evidence against the North Korean government as "flimsy,” while an actual hacker also doubted the North Korean connection.

Hector Monsegur, who previously hacked Sony with the group Anonymous, said that the latest attack on the company happened way too fast.

“For something like this to happen, it had to happen over a long period of time. You cannot just exfiltrate one terabyte or 100 terabytes of data in a matter of weeks,” he told CBS News.

Monsegur doubted North Korea's capability to manage such a transfer due to its limited internet infrastructure. He also suggested that the attack could have been executed by hackers sponsored by China, Russia, or North Korea, but he leaned toward the possibility that it was an inside job by a Sony employee.

Why Sony?

Critics have long pointed to a possible cover-up by U.S. intelligence agencies; a lack of direct evidence implicating the North Koreans has only strengthened those claims.

By most accounts, it took seven to nine days after the hack for the reticle to be placed over North Korea as the perpetrator. According to the Hollywood Reporter, it took just 25 days for the FBI to label Guardians of Peace as acting on behalf of the North Korean government.

The reasons for an alleged cover-up were numerous but not unending.

One possible reason was the reauthorization of the Corporate Terrorism Risk Program. The federal program provides compensation to companies that have suffered losses due to terrorist acts.

The “temporary federal program,” which began after 9/11, was reauthorized in January 2015, just two months after the Sony hack. It has been renewed twice and remains in place through December 31, 2027.

According to the program’s 2024 report, the program has paid out $56.7 billion in premiums to insurance companies between 2003 and 2023.

Heckenlively’s most lucid explanation was regarding another possible reason for a cover-up: to drum up conflict between North Korea and the United States, which would have benefitted the military/intelligence contractor Rand Corporation.

Sony’s connections to that organization were through former studio head Lynton, who was on the Rand board of trustees at the time, as revealed by emails in the data dump.

“Lynton's father was in British intelligence and served on the board of directors for Rand Corporation,” Heckenlively stressed. “As did [Amy] Pascal's father.”

Contacts between Lynton and Rand showed that the organization wanted to invite stars like George Clooney to events and showed Lynton offering a contract to Barack Obama adviser Valerie Jarrett.

Simply put, executives on the Sony lot were deeply tied to those with direct connections to the federal government.

'I came away thinking he was a pretty good guy, that he wanted to know the truth.'

The Seth Rogen factor

The collusion allegedly started when Rogen and his writing partner, Evan Goldberg, submitted “The Interview” as a script.

“The movie was originally meant to be about an unnamed, ambiguous [leader], much like Sacha Baron Cohen's movie ‘The Dictator,’” Heckenlively explained. “But at some point in development, a Sony executive suggests that Kim Jong Un be made the antagonist of the film.”

When asked if Rogen would have known about a connection between Sony and Rand as the reason for the change, Heckenlively pointed to remarks the actor made in 2019 to the Hollywood Reporter.

Rogen said at the time that the fact North Korean entities never targeted him, and that “raised suspicions in [his] head.”

“That didn’t seem like North Korea’s MO. That seemed more like young, amateurish hackers than a foreign government launching a systematic attack on another country,” he said.

After suggesting that North Korea could have been used as a cover story, Rogen added, “It would be nice to know the truth.”

“I don’t think I would feel drastically different on a personal level if it was or wasn’t North Korea. I do think other people would probably feel vindicated,” he concluded.

Heckenlively made it a point to get across the fact that through all his research, he was pleasantly surprised by the way Rogen handled the ordeal.

“I came away thinking he was a pretty good guy, that he wanted to know the truth,” Heckenlively said.

The author smiled at the idea that someone in Hollywood was interested in knowing the truth.

In the end, Heckenlively came to a simple conclusion: Intelligence agencies are working with movie studios to create entertainment pieces that will be provocative and serve a certain agenda.

Whether that is foreign-policy-based or to push specific legislation, government agencies may have their hooks even deeper into Hollywood than the common person realizes.