Last November, Sony Pictures Entertainment became the victim of one of the largest cyberattacks in U.S. history, with a group calling itself Guardians Of Peace infiltrating the company’s networks, stealing terabytes of data, and then wiping it from the system. The attack was a massive blow for the company, knocking its communication technology back to the fax machine, rendering it a public laughingstock, and ruining Tobey Maguire’s second life as enigmatic ramblin’ man Neil Deep. But now, six months and one fired co-chair later, the battered company might reasonably have come to the conclusion that things were finally cooling down. Sure, Julian Assange made news in April by posting all of the company’s stolen e-mails on a publicly searchable site for prurient perusal, but beyond that, it seemed that the worst was finally over.
But the worst is not over, it turns out, because six months is how long it took for Fortune magazine investigative reporter Peter Elkind to put together “Inside The Hack Of The Century,” a three-part examination of the company, and how its corporate culture contributed to the attack. Elkind apparently talked to more than 50 Sony employees about the hack, putting together a wide-ranging look at why Sony was such an alluring target for cybercrime.
The most striking anecdote in the piece is the one that Elkinds leads off with, with a team of IT consultants describing their unescorted entry into the studio’s Information Security department:
“After a quick security check at the front gate and then proceeding to the George Burns Building on the east side of the Sony lot, the Norse group walked straight into the unlocked first-floor offices of the information security department, marked with a small sign reading info sec. There was no receptionist or security guard to check who they were; in fact, there was no one in sight at all. The room contained cubicles with unattended computers providing access to Sony’s international data network.”
Beyond that, much of the first part of Elkind’s piece is an examination of Sony’s corporate culture and struggles over the last few years, bolstered by information gleaned from the stolen e-mails. (Fortune ran a defense of their use of the pilfered material here.) Elkind’s goal seems to be to establish that the company’s desire to indulge the star talent in its roster—a policy spearheaded by the now ousted Amy Pascal—lead to the development of the most handjob-joke-filled international incident in the history of the world, Seth Rogen and Evan Goldberg’s movie The Interview. While Elkind quotes security experts who dispute the FBI’s claims that the Sony cyberattack had its genesis as a North Korean response to the film—in which Rogen and James Franco play the bumbling would-be assassins of real-life leader Kim Jong Un—he also includes a quote from Pascal’s co-chair, Michael Lynton, who told NPR back in December that his company’s online defenses would have been adequate to fend off an attack not supported by the full weight of a foreign government.
Elkind’s report is only a third-completed—the second portion will go live on Friday, with the entire piece running in this month’s edition of Fortune, but it so far paints a picture of a company too distracted by its financial struggles to worry much about cyber security. It remains to be seen if Elkind’s later pieces will unearth more concrete examples of the company specifically failing to address those concerns, or if it’ll remain more softly focused as it attempts to lay the blame for Sony’s fate at the company’s own feet.