That gawker article on Paul Reiser is embarrassing for the author not Paul Reiser.
posted by crashlanding at 7:35 PM on December 10, 2014 [21 favorites]

"It’s Joel McHale. You might remember me from such canceled Sony tv shows as—Community," is a great way to start a letter asking for a discounted Sony TV. And it worked, because they ended up just giving him one.

And I want to see this movie so, so bad.
posted by thecjm at 7:41 PM on December 10, 2014 [18 favorites]

On the one hand, I feel pretty bad about information leaking that interferes with actors' understandable wish for some privacy, but on the other hand, I'm picturing Jessica Alba introducing herself as Cash Money in her secret life as a hardboiled private investigator and it's the best
posted by kagredon at 7:41 PM on December 10, 2014 [15 favorites]

So very delicious.
posted by Brandon Blatcher at 7:45 PM on December 10, 2014

Has anyone linked the Powerpoints yet? Because they are hilarious.
posted by codacorolla at 7:48 PM on December 10, 2014 [2 favorites]

Remember when the Obamacare website crashed and that demonstrated the Government can't do anything IT and only business can because efficiency and CEOs and all that ?

Between Sony, Target and Home Depot, I am enjoying this schadenfreude pie.
posted by Pogo_Fuzzybutt at 7:51 PM on December 10, 2014 [131 favorites]

This makes me uncomfortable in the same way that other types of celebrity leaks make me uncomfortable. Not that this is as bad as leaking intimate photos and videos, but that this "leak and have a look" mentality perpetuates all of it, and it makes it exceedingly difficult to draw the line where it really matters. If we keep violating the privacy of people who didn't intend for it to be seen, and keep feeding the machine that allows it, it really is going to turn into a situation it just keeps happening, and people barely raise an eyebrow. We need to respect the value of privacy for individuals as a general value, especially if their privacy was stolen. Drawing the line at nudity or something misses the entire point for why this is wrong to revel in others' private affairs. I wish we wouldn't do any of this, really.
posted by SpacemanStix at 7:55 PM on December 10, 2014 [85 favorites]

Christ these are some toxic emails
posted by oceanjesse at 8:00 PM on December 10, 2014 [1 favorite]

Let's be honest here. A show of hands for anybody who suspects 4chan is involved...
posted by jonp72 at 8:02 PM on December 10, 2014

i haven't seen it explicitly spun this way in the press, but i'm fairly certain the hack was perpetrated by iranian state hackers on behalf of north korea because:
1. there are connections between the malware used on sony and malware used in earlier hacks on gulf state oil companies assumed to have been perpetrated by iran, and
2. just before the hack this(pdf) presentation about iran's escalation of hacking programs in the wake of stuxnet was released, which notes that iran is suspected of hacking many south korean businesses, presumably as a result of iran & nk's arms trade
i'm interested to see if it plays out this way
posted by p3on at 8:05 PM on December 10, 2014 [7 favorites]

Pascal replied, “I doubt it. Should I ask him if he liked DJANGO?” Rudin responded: “12 YEARS.” Pascal quickly continued down the path of guessing Obama preferred movies by or starring African Americans. “Or the butler. Or think like a man? [sic]” Rudin’s response: “Ride-along. I bet he likes Kevin Hart.”

Charming!
posted by StopMakingSense at 8:13 PM on December 10, 2014 [4 favorites]

"If we keep violating the privacy of people who didn't intend for it to be seen, and keep feeding the machine that allows it, it really is going to turn into a situation it just keeps happening, and people barely raise an eyebrow" is a perfect description of how the Hollywood press has acted since movies began. So, I agree with your gentle scolding in terms of the recent photo hacking, and certainly in terms of the personal information of the rank and file Sony employees being exposed, but the specific insider info in the links above is not on the same level.
posted by FreezBoy at 8:19 PM on December 10, 2014 [3 favorites]

The BF and I were chuckling while reading the Pascal/Rudin back-and-forths. My gods, the egos. It's a wonder any movies ever get made.
posted by computech_apolloniajames at 8:26 PM on December 10, 2014 [3 favorites]

"Adam Driver is a terrible idea, I'm with you." So good.

(Scroll down to subhead: "David Fincher's Star Wars Zing.")
posted by Mothlight at 8:29 PM on December 10, 2014 [4 favorites]

So, I agree with your gentle scolding in terms of the recent photo hacking, and certainly in terms of the personal information of the rank and file Sony employees being exposed, but the specific insider info in the links above is not on the same level.

I would say that being entertained by people's private, stolen information is bad enough on its own merits. I'm not overly concerned with how often it's been done in the past to determine whether it's okay. Minimally, people are embarrassed by having their private correspondence made public. Worse, there is medical information getting out there. It all sucks, and none of it is justified. And it all feeds the machine that keeps taking it to higher levels of suckiness.

I don't say this to embarrass you as the poster, as that wasn't my intent. Your post serves to frame an important discussion. But I don't think that reveling in this has any redeeming merit. If someone thinks it does have value, I'd be interesting in hearing a positive spin on it. I don't think it's value neutral, and that only leaves two other options.
posted by SpacemanStix at 8:30 PM on December 10, 2014 [16 favorites]

The hacked salary info and the leakage of their "creative bookkeeping" is far more damning than the celebrity peccadillos
posted by Renoroc at 8:35 PM on December 10, 2014 [3 favorites]

A show of hands for anybody who suspects 4chan is involved...

Were any of the victims singled out just for being women? No?

Then probably not.
posted by mhoye at 8:39 PM on December 10, 2014 [8 favorites]

This makes me uncomfortable in the same way that other types of celebrity leaks make me uncomfortable. Not that this is as bad as leaking intimate photos and videos, but that this "leak and have a look" mentality perpetuates all of it, and it makes it exceedingly difficult to draw the line where it really matters

You know, I get you. And to some extent you are right - Sony, Target and HD, et al were all victims and there is a fair bit of victim blaming involved in mocking preventable idiocy and bad practices.

That said, Sony has long had a reputation for playing fast and loose with other peoples data and being very, very bad at basic security.

The first time, well, yeah. The second ? By the third, you gotta wonder if they issue drool rags to the goobers upon hire.
posted by Pogo_Fuzzybutt at 8:45 PM on December 10, 2014 [4 favorites]

If someone thinks it does have value, I'd be interesting in hearing a positive spin on it. I don't think it's value neutral, and that only leaves two other options.

Sony attackers also stole certificates to sign malware

Well, there's a social good if I've ever seen one.
posted by figurant at 8:46 PM on December 10, 2014 [4 favorites]

You know, I get you. And to some extent you are right - Sony, Target and HD, et al were all victims and there is a fair bit of victim blaming involved in mocking preventable idiocy and bad practices.

That said, Sony has long had a reputation for playing fast and loose with other peoples data and being very, very bad at basic security.

The first time, well, yeah. The second ? By the third, you gotta wonder if they issue drool rags to the goobers upon hire.

I'm not saying that Sony and company shouldn't have some serious consequences. I'm saying that as part of what happens here, we shouldn't revel in the unfortunate circumstances of those who were innocent and titter over their private information as part of a discussion towards a just conclusion. Paul Reiser, for example, didn't mess up three times. Why scrutinize his email?
posted by SpacemanStix at 8:54 PM on December 10, 2014 [5 favorites]

Paul Reiser, for example, didn't mess up three times. Why scrutinize his email?

After what he did to Ripley and Newt in the medlab there on LV-426 ?
posted by Pogo_Fuzzybutt at 8:58 PM on December 10, 2014 [60 favorites]

Sony, Target and HD, et al were all victims and there is a fair bit of victim blaming involved in mocking preventable idiocy and bad practices.

I'm not prepared to agree that these organizations qualify as 'victims' in any sense other than that someone targeted them for data theft. The victims are the people inconvenienced, whose shit is rifled through and maybe their credit jerked around with. The fact that there were financial costs for these businesses was just a matter of them making a bad tradeoff choice - they slacked on protection to save a buck.

Maybe that was a buck in hiring good people, maybe it was a buck in buying services, whatever. But they did it because the data wasn't sufficiently important to them to take care of, and in no small part because it's not data about them - it's customer's data, and if someone fucks up one of their lives, eh, so what? They'll bulk buy some credit monitoring - and really, it's already offensive that this is a service people have to pay for considering it's to secure and protect facts about them - and go on.

Compare that with the level of effort Target put into mining that data, where they could monitor purchases well enough to tell that someone is pregnant. Let's be serious: if they gave a fuck (if the penalties were high enough) that shit would be secure. In the US, at least, where the lenders are on the hook for any fraudulent charges, the monitoring of abnormal purchasing behavior on credit cards is impressive. The moment you step out of expected line, boom, lockdown.

You want to tell me those companies couldn't secure the data they collect about us if it was sufficiently important to them? I don't buy it. It would cost, and it would make some things harder for them. But the shredders and privacy markers that these retailers sell aren't exactly entertainment to employ and yet people use them. Because they have stakes, or have been convinced they do. Target and HomeDepot and whoever is next week's security scandal aren't convinced.

Sony, I dunno what the fuck their problem is. I have to assume it's because they're really a few dozen companies pretending to be one company while existing in this marginal detante with each other.
posted by phearlez at 9:04 PM on December 10, 2014 [10 favorites]

Compare that with the level of effort Target put into mining that data, where they could monitor purchases well enough to tell that someone is pregnant.

How much do you think Target spent building up a data mining operation? How much do you think they spent on data security? How much do you think they will have to pay out in liability due to the data breach(es)?

I'm asking seriously -- you're writing as if they spent mostly on A and next to nothing on C and B will come in somewhere in between, but how do you know that?
posted by leopard at 9:23 PM on December 10, 2014

I've been reading the Lainey Gossip coverage of this story. My favorite bit is about George Clooney predicting a hack (possibly facetiously).
posted by immlass at 9:28 PM on December 10, 2014

On the plus side, Sony execs hate Adam Sandler films.
posted by a lungful of dragon at 9:50 PM on December 10, 2014 [8 favorites]

If someone thinks it does have value, I'd be interesting in hearing a positive spin on it.

First off, this. Because you know, people don't talk about their salaries, which is how wage gaps survive.

Secondly and somewhat more abstractly: The current, increasingly-calcified class system in the US has, as its emotional foundation, a basically Calvinist notion that the rich are "better" than poor people, and that's why they're rich. In other words, Joe Average, busting his ass to take home $30k a year, is only willing to believe that an executive deserves to be paid $3 million a year because Joe Average has basically fuckall idea what a CEO actually does from 9 to 5, and on some level, genuinely believes it's something he couldn't do.

Pulling back the curtain like this is, in that sense, really valuable. I mean, read those emails and tell me why Amy Pascal is worth $3 million dollars a year. (Which, tbh, is chump change compared to what true Wall Street big shots make.) Do these emails seem like they are one hundred times better than what somebody making $30k a year would write? Because the invisible hand of the market says they are. Now, personally, I think the invisible hand of the market is largely full of shit on the subject of CEO compensation. But it's hard to convince people it's wrong so long as it stays invisible.

Don't get me wrong. I'd rather see the internal emails from JPMorgan or Bank of America or ExxonMobil or UnitedHealth. Sony is, in the grand scheme of these things, a small fish. But any kind of reminder, of any shape or form, that the rich are not some other species, that they're exactly the same dumb dirty apes as the rest of us, is not a bad thing in this day and age, IMO.
posted by mstokes650 at 10:02 PM on December 10, 2014 [104 favorites]

Jesus, those Powerpoint presentations are straight out of the Golgafrinchan B ark.
posted by dialetheia at 10:18 PM on December 10, 2014 [33 favorites]

Although I have my misgivings over the ethics of this, just the sheer amount of irony in the Jobs biopic situation--Christian Bale not being able to grok Jobs' control-freak essence, given some of his own past reported behavior, and Angelina Jolie trying to get a Cleopatra movie made, given, you know, the last notorious one--is just too rich. Plus, of course, the idea that someone felt it necessary to slap together a PowerPoint slide explaining the success of Grown Ups 2. mstokes650 is right: not only do the emperors and empresses not have any clothes, they have huge boils on their asses that no one dares lance.
posted by Halloween Jack at 10:25 PM on December 10, 2014 [2 favorites]

Yeah, it's kind of a bummer it's not Goldman Sachs. But let's be honest here: Sony leadership would put your grandmother feet-first into an industrial shredder and then use their own grandmother to push the gristly bits through, if they thought it would help their bottom line, so while it sucks for the rank-and-file employees, my sympathy for the C-suite is ... limited.

Also, several people seem to need a refresher in How To Not Run Your Goddamn Mouth In Email. Oof. Do people not realize that corporate email is almost always getting archived somewhere? Pick up the phone, guys. (Really, don't though, the historical record gains much when people don't.)
posted by Kadin2048 at 10:47 PM on December 10, 2014 [6 favorites]

Oh, OK, let's talk about that goddamn "wage gap."

There is a significant gender wage gap in America. Women get paid less than men.

This, however, is not at all that and to suggest otherwise is willful incompetence on the journalist's part (and there has been an excess of willful incompetence surrounding the journalism of the Sony hack) and a strong lack of critical thinking on every reader who's tweeted "OMG women get paid less then men at Sony OMG."

First: Minghella is 35. De Luca is 49. Minghella has been working as a senior executive for fewer than ten years. De Luca has been working as a senior executive for more than twenty.

Second: De Luca ran New Line for years, and his tenure there resulted in a dozen movies you love. He made Boogie Nights, for chrissakes. Then he produced a bunch more movies you love - The Social Network, Captain Phillips, Moneyball among others. A year ago, Sony decided to hire De Luca as Co-president of production because of his reach and his relationships. He has been doing this for a long long long time. He is very very good at making great movies.

Minghella also has a lot of great experience, all of it within Sony, where she's worked under Belgrad and Pascal, making lots of movies for Sony that have been very successful - but again, all of her experience is within Sony.

Third: Minghella has been promoted from within. She's gotten some very nice raises. De Luca was a new hire, as of a year ago. When Sony said "Hey we wanna hire you" he said "Here's how much I want" and then Sony probably said "How about this number" and then they met in the middle I'm guessing. Minghella doesn't have that negotiating power, because she's being promoted from within. She started at a salary in 2005, and then she's gotten increases every year since, especially with each new promotion. But it isn't as if when De Luca came aboard at X, she could say "Oh you need to give me a sudden raise to X." And of course she wouldn't say that, because a 49 year-old who built New Line into a powerhouse probably deserves more money than a 35 year-old whose only experience is working at Sony.

Is there wage disparity in Hollywood? Absolutely. Are women treated poorly? Yes. Is there a gender wage gap in Hollywood (just as there is everywhere else)? Certainly.

Is this that? No. This is tabloid muckracking journalism, and airing the information here is tantamount to Metafilter linking to the Fappening.
posted by incessant at 10:54 PM on December 10, 2014 [17 favorites]

I mean, read those emails and tell me why Amy Pascal is worth $3 million dollars a year.

You'd last ten minutes in that job, mstokes.
posted by incessant at 10:55 PM on December 10, 2014 [1 favorite]

From the Kevin Hart leak:

It's not as if we paid him 3M and 4M respectively for his last 2 films thinking he might be nominated. We paid for his ability to open a film which included his social media savvy.

It sounds to me like they paid him millions of dollars to act in a film.

I feel like this is something that should be negotiated going into the film as opposed to after the fact.

Uh, yeah? Ya think? If that's something you want? No matter what you're already paying someone they aren't obligated to do anything more for free. So weird.
posted by brundlefly at 10:57 PM on December 10, 2014 [1 favorite]

Is there wage disparity in Hollywood? Absolutely. Are women treated poorly? Yes. Is there a gender wage gap in Hollywood (just as there is everywhere else)? Certainly.

I never knew Robert Evans hung out on MeFi! Loved "The Kid Stays in the Picture" baby!
posted by PenDevil at 10:58 PM on December 10, 2014 [7 favorites]

I should clarify that I don't believe this is as explicitly bad as the celebrity picture leaks, which I consider a sex crime - but this is a terrible invasion of personal privacy just as that was.
posted by incessant at 11:02 PM on December 10, 2014

Whoa. The slide about the marketing for Grown Ups from tittergrrl's link to the leaked Powerpoint slides features a photo that was the subject of this MeFi fpp.

Small world!
posted by notyou at 11:06 PM on December 10, 2014 [1 favorite]

I never knew Robert Evans hung out on MeFi! Loved "The Kid Stays in the Picture" baby!

That's nice of you to say. This reminds me of the time Ali and I were on the way to the premiere of Serpico, and we'd just stopped off to pick up Waldo Salt at his home in Bel Air...
posted by incessant at 11:06 PM on December 10, 2014 [17 favorites]

In the entertainment industry, it's practically a skill for people to war talk to each other this way over email and text. My read is that Pascal and Rudin are probably really good trench buddies. Of course I could be totally wrong. But nothing they say stands out as being particularly offensive.

I have some friends that work at SPE, and I actually feel very bad for them. These are real people we're talking about here. They've had to come into work under very difficult circumstances, and their families have been threatened. And it's not like they've even remotely figured this out yet. This is a much bigger deal than the celebrity picture leak. This is a crime as well.

On the other hand, some of the leaked information is pretty funny in nature, and it's hard not to admire the takedown. I'm kind of curious how the information is leaking. Is there a file dump being mined? Because every day, there's something new. Unreleased movies, payrolls, private emails. The news value of these items is being handled very well. I wonder if that's attributable to the hackers or the media outlets.
posted by phaedon at 11:10 PM on December 10, 2014 [2 favorites]

Am I the only person picturing every single person in every single email chain being Ari Gold from Entourage?
posted by Bugbread at 11:36 PM on December 10, 2014 [14 favorites]

I never knew Robert Evans hung out on MeFi! Loved "The Kid Stays in the Picture" baby!

This is an excellent example of what people are talking about when they say there's certain opinions you can't express here without instantly getting bombed.

Like, challenge what he said on its merits but this sort of "you said something I don't agree with so I'm going to snark on you and not address what you said" shit wears really thin sometimes.

And to me at least, it doesn't strike me as typical wage gap truther bs. Is anything they're saying factually incorrect? That did seem like a stretch in the article.
posted by emptythought at 1:46 AM on December 11, 2014 [14 favorites]

emptythought, you do know that Robert Evans has a distinctive, much-pastiched speaking style, similar to the line PenDevil was quoting, right?
posted by kagredon at 2:45 AM on December 11, 2014 [10 favorites]

I'm picturing Jessica Alba introducing herself as Cash Money in her secret life as a hardboiled private investigator and it's the best

Jessica Alba founded and runs a baby products company which is worth a billion dollars. I know, that's what I said.

Am I the only person picturing every single person in every single email chain being Ari Gold from Entourage?

Ari Emmanuel, Rahm's brother and the real life model for Ari Gold, was actually included on part of tht exchange.
posted by Diablevert at 3:17 AM on December 11, 2014 [9 favorites]

> ...i'm fairly certain the hack was perpetrated by iranian state hackers on behalf of north korea because:

Hackers demand Sony cancel release of Kim Jong-un-baiting comedy
posted by ardgedee at 3:48 AM on December 11, 2014

Marc Andreessen is a notorious piece of shit, and I am not interested in his opinions on this.
posted by rorgy at 3:54 AM on December 11, 2014 [5 favorites]

I agree, this kind of release of private information/communication is crap, and the fact that Metafilter is joining in is crap as well.
posted by HuronBob at 3:56 AM on December 11, 2014 [3 favorites]

Diablevert: "Jessica Alba founded and runs a baby products company which is worth a billion dollars. I know, that's what I said."

Wow. That has to be the bluntest, plainest region blocking page I've ever seen.
posted by Bugbread at 4:22 AM on December 11, 2014 [1 favorite]

I can't get past how bad Amy Pascal's grammar and spelling is
posted by pxe2000 at 4:24 AM on December 11, 2014 [2 favorites]

I too would like more Mad About You on DVD. :(
posted by Potomac Avenue at 4:28 AM on December 11, 2014 [7 favorites]

Also apparently the screener version of Annie leaked as part of this.
posted by smackfu at 4:57 AM on December 11, 2014

Sony Pictures Tries to Disrupt Downloads of its Stolen Files

The company is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter.

Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said. The tactic was once commonly employed by media companies to combat Internet movie and music piracy.
posted by mediareport at 4:58 AM on December 11, 2014

But Clooney would need to be Ceasar.

A good attempt, but still not as monumentally poor a choice as Rex Harrison.
posted by Leon at 5:03 AM on December 11, 2014 [2 favorites]

Also: The Sony Hacks Are Goddamn Terrifying

The scariest part of what happened is the collateral damage, the Sony civilians whose entire digital lives have been exposed to the world.

The most painful stuff in the Sony cache is a doctor shopping for Ritalin. It's an email about trying to get pregnant. It's shit-talking coworkers behind their backs, and people's credit card log-ins. It's literally thousands of Social Security numbers laid bare. It's even the harmless, mundane, trivial stuff that makes up any day's email load that suddenly feels ugly and raw out in the open, a digital Babadook brought to life by a scorched earth cyberattack.

These are people who did nothing wrong. They didn't click on phishing links, or use dumb passwords (or even if they did, they didn't cause this). They just showed up. They sent the same banal workplace emails you send every day, some personal, some not, some thoughtful, some dumb...What happened to Sony Pictures employees, though, is public. And it is total.

You may assume you'd be fine in the same scenario, that you have nothing to hide, that you wouldn't mind. But just take a look through your Sent folder's last month. Last week. Yesterday. There's something in there you wouldn't want the world to see. There's some conversation that would be misread without context, or read correctly for its cloddishness. Our inboxes are increasingly our id, a water cooler with infinitely expandable memory.

If there's any positive outcome from all of this, it's the brute-force reminder that we're all vulnerable in ways we don't even realize.
posted by mediareport at 5:07 AM on December 11, 2014 [22 favorites]

Maybe I'm naive, but I can't help but feel this is like The Jungle for show biz. How can we keep watching when we know there are chunks of toxic producer in the vat?
posted by condour75 at 5:27 AM on December 11, 2014 [2 favorites]

Someone asked above, so to clarify, the hackers are releasing the data in batches and promising more to come. The latest dump is the email history of a top Sony lawyer.
posted by mediareport at 5:30 AM on December 11, 2014

And of course she wouldn't say that, because a 49 year-old who built New Line into a powerhouse probably deserves more money than a 35 year-old whose only experience is working at Sony.

Deserve's got nothing to do with it.
posted by Steely-eyed Missile Man at 6:03 AM on December 11, 2014 [2 favorites]

Compare that with the level of effort Target put into mining that data, where they could monitor purchases well enough to tell that someone is pregnant. Let's be serious: if they gave a fuck (if the penalties were high enough) that shit would be secure. In the US, at least, where the lenders are on the hook for any fraudulent charges, the monitoring of abnormal purchasing behavior on credit cards is impressive. The moment you step out of expected line, boom, lockdown.

Look, I mine data for a living exactly the way that Target does - maybe I can't tell if you are pregnant, but I can tell you a wide assortment of other things. For instance, you do not want me to secure a server - ever. Your statement is a total red herring as it is a totally different skill set, a totally different mentality and totally different set of tools. You'd be surprised at the number of people that make sure I run through the appropriate hoops to safeguard my data externally - and I'm thankful when I get support from them. Data Security and Data Analysis are two totally different things.
posted by Nanukthedog at 6:04 AM on December 11, 2014 [8 favorites]

It's literally thousands of Social Security numbers laid bare. It's even the harmless, mundane, trivial stuff that makes up any day's email load...

People send SSNs via email? O.o
posted by entropicamericana at 6:07 AM on December 11, 2014

After what he did to Ripley and Newt in the medlab there on LV-426 ?

It was a bad call, Pogo_Fuzzybutt, it was a bad call.
posted by entropicamericana at 6:13 AM on December 11, 2014 [5 favorites]

But just take a look through your Sent folder's last month. Last week. Yesterday. There's something in there you wouldn't want the world to see.

No, my work Sent folder is squeaky clean. Because it's my work email.
posted by smackfu at 6:25 AM on December 11, 2014 [18 favorites]

Btw, Fusion has been good at getting scoops on this story; here's a good piece on one exec's shockingly casual attitude towards security:

Sony Pictures has said little about its security failures since the hack, but seven years ago, its information security director was very chatty about “good-enough security.” Back in 2007, Jason Spaltro, then the executive director of information security at Sony Pictures Entertainment, was shockingly cavalier about security in an interview with CIO Magazine. He said it was a “valid business decision to accept the risk” of a security breach, and that he wouldn’t invest $10 million to avoid a possible $1 million loss. He seemed not to consider the costs of a breach that are harder to immediately calculate, such as the blow to a company’s reputation, the loss of trust among employees, or the possibility that James Franco might be upset that the world now knows he gets paid $6,000 to drive himself to movie sets.
posted by mediareport at 6:53 AM on December 11, 2014 [5 favorites]

Look, I mine data for a living exactly the way that Target does - maybe I can't tell if you are pregnant, but I can tell you a wide assortment of other things. For instance, you do not want me to secure a server - ever.

Like most comments that start with "look," this misses the point by a mile. The original comment was obviously speaking of priorities and resources allocation and had nothing whatsoever to say about which specific people should be securing data.
posted by Steely-eyed Missile Man at 6:57 AM on December 11, 2014 [6 favorites]

People send SSNs via email? O.o
posted by entropicamericana at 9:07 AM on December 11
[+] [!]


As someone who occasionally day-plays on movies, this affects me. No, I didn't email Sony my SSN. Or my credit card. Or give them my passwords.

What I did was fill out reams of 'new hire' paperwork and non-disclosure agreements to work a movie for two days. And now, apparently, some assholes have splayed my information out in public to attack Sony.

Will Sony have to get paranoid about their credit? Clearly not, but I will.

Let's not celebrate this, it's rotten fruit from a poison tree.
posted by rock swoon has no past at 6:58 AM on December 11, 2014 [34 favorites]

There's probably already a half dozen or more scripts in the pipeline about the hack.
posted by Chitownfats at 6:59 AM on December 11, 2014

back around 2002/3 one of the embattled companies, i think worldcom, ended up getting all their corporate emails put online through a searchable database. i think it was related to the court stuff they were going through. is that different because it wasn't hacked? surely the violation of the employees (who had already been victimized by their company) was the same...

i will say it was a super instructive lesson to never talk about personal shit in work email.
posted by nadawi at 7:00 AM on December 11, 2014 [1 favorite]

I have no idea who would play Antony because I'm not really up on the younger actors of today.

Chris Hemsworth, the guy who plays Thor? You need someone jockish and cocky, believeable as a popular and charismatic soldier but also someone you might see getting in a little over his head. Not stupid, but not quite clever enough to see all the angles that need to be played.

Andrew Garfield as Augustus.
posted by Diablevert at 7:01 AM on December 11, 2014 [3 favorites]

No, my work Sent folder is squeaky clean. Because it's my work email.

Exactly.. Had a discussion last night with the mrs about what was in these emails and she more or less said the same -- veeeery careful about anything she says in emails for those reasons..
posted by k5.user at 7:04 AM on December 11, 2014 [1 favorite]

I am kind of curious, though. If rank and file employee information hadn't been released...would the people in this thread decrying this still care? I mean, I couldn't really give two shits about the privacy of movie stars and executives, to be honest.
posted by Steely-eyed Missile Man at 7:11 AM on December 11, 2014

Like most comments that start with "look," this misses the point by a mile. The original comment was obviously speaking of priorities and resources allocation and had nothing whatsoever to say about which specific people should be securing data.

Sorry I was a huge jerk with this comment, by the way. I guess I just really get peeved by comments that start with "look".
posted by Steely-eyed Missile Man at 7:12 AM on December 11, 2014 [2 favorites]

I think everyone deserves some privacy in their private communications, movie stars and execs included. Sometimes private communications should be made public, if doing so is in the public interest, as in situations involving serious wrongdoing. But I don't think this is one of those situations, and I think we should resist the urge to use these communications as fodder for the lulz beast.
posted by burden at 7:23 AM on December 11, 2014 [4 favorites]

But I don't think this is one of those situations, and I think we should resist the urge to use these communications as fodder for the lulz beast.

No, I kind of think it is one of those situations.

Between Target and Home Depot and TJMaxx and Sony and and and and and and and and, at what point do we start requiring or regulating IT networks to ensure they are taking security seriously ?

Because, as we've seen, the companies don't care about losing your data, and why should they ? What real repercussions will any of the people responsible for safeguarding that data face for their failure ?

I say this - I've been doing IT for ~20 years. Securing a network is hard and requires vigilance and a willingness to devote the time and money to it. As we've seen, the mere threat of losing customer/employee data isn't enough to persuade these companies to invest in security.
posted by Pogo_Fuzzybutt at 7:31 AM on December 11, 2014 [3 favorites]

back around 2002/3 one of the embattled companies, i think worldcom, ended up getting all their corporate emails put online through a searchable database.

The really famous one is Enron. The email archive is actually famous enough to be just generally referred to as the "Enron Corpus", and it's heavily used for research, training spam filters, etc. Some emails have been redacted from the research corpus at the request of former employees, but it's not hard to find the original archive if you really want to.

I'm sure there are many other places it has happened, though. I would never consider my company email account 'private' by any reasonable definition of that term.

The HR documents are really bullshit though. It'd be interesting to see if Sony failed according to some negligence standard in protecting employee data, particularly in light of their IT security director's comments.
posted by Kadin2048 at 7:49 AM on December 11, 2014 [2 favorites]

I don't think you can justify hurting innocent parties (or taking schadenfreude in their injury) to raise awareness of the importance of IT security. I mean, how much influence do you think James Franco had in setting Sony's IT security policies and budget priorities? Or even these non-IT execs?
posted by burden at 7:53 AM on December 11, 2014 [3 favorites]

Oh, OK, let's talk about that goddamn "wage gap."
...
Minghella is 35. De Luca is 49. Minghella has been working as a senior executive for fewer than ten years. De Luca has been working as a senior executive for more than twenty.

Neither I or nor the article I quoted is particularly interested in what those two specific execs make. Here, let me quote the article for you: "In other words, unless I’m missing something, the upper pay echelon of Sony Pictures is 94 percent male, and 88 percent white." I'm sure you can go one-by-one and explain why each of those white dudes totally deserves to make what they make, and I'm also sure that is called "missing the forest for the trees".

You'd last ten minutes in that job, mstokes.

At least my ten minutes' worth of emails would have decent spelling and grammar. (I know, I know, 'really important people' are much too busy to be bothered with trivialities like "spelling" and "grammar", so the terrible spelling and grammar functions as proof-of-importance.) No, I'd genuinely love to know what remarkable qualities you believe she has that I don't. If it's just the ability to predict that Cleopatra will be a moneysink and trainwreck, well, I am all over that, let me tell you.
posted by mstokes650 at 8:03 AM on December 11, 2014 [3 favorites]

That "one exec" who has a "shockingly casual attitude towards security"?

That was their current senior vice president of information security. Back then (7 years ago) he was the executive director of information security. He got rewarded with promotions and pay raises for not taking their corporate data security seriously. Now the shit has hit the fan and what'll happen now?
posted by I-baLL at 8:15 AM on December 11, 2014 [4 favorites]

"People send SSNs via email?"

It wasn't a hack of Sony Pictures' email. It was a hack of Sony Pictures' entire network. Even their gym got shut down.
posted by I-baLL at 8:17 AM on December 11, 2014 [3 favorites]

For instance, you do not want me to secure a server - ever. Your statement is a total red herring as it is a totally different skill set, a totally different mentality and totally different set of tools.

No, your flawed interpretation of my statement would be a red herring. I am unsure how you get from "the business needs to care as much about X as Y" to "we should have the exact same people doing Y do X!" If I suggest you might want to care as much about your car maintenance as you do your hair I am not suggesting you ask your barber to change your oil.

I picked the data mining comparison for three specific reasons.

One, one of the breached companies notoriously spends a lot of money and effort on data mining.
Two, both are IT related disciplines
Three, both are efforts that have payoffs that are not necessarily immediate and obvious.

Target invests in data mining because they believe that using that information to target advertisement and outreach results in increased sales. That's somewhat provable but only using those same data mining strategies. There's some vulnerability in asking the barber if you need a haircut and if your haircut looks good, even if you keep the barber on staff. So I would wager they have policies that help them make sure they're not just throwing money down a hole and trusting the people in the hole to tell them it's a good thing.

My observation is that we need them to be as invested in ensuring that their security efforts are equally robust, and that I believe they do not in no small part because (a) it's not their data and (2) the pain they suffer when the data is taken isn't commensurate. By which I mean the financial costs are not commensurate with the pain the people represented by the data feels, nor is it enough to make them believe that money & effort they'd spend preventing it would have been less.

Leopard asks I'm asking seriously -- you're writing as if they spent mostly on A and next to nothing on C and B will come in somewhere in between, but how do you know that? and mediareport answers in a way that is entirely consistent with the sort of statements I often heard when I was in the consultant gig. People don't take the cost of a breach seriously because the concrete impact doesn't compare to the concrete costs of preventing one.

Some of this is innate human nature. Bruce Schneiner has written for many many years about people's poor conception of risk. I don't recall him specifically addressing the question of people having an issue with keeping up concerted efforts at preventing them, though he has discussed the way the US's limits on personal credit card liability impact company behavior. That's a case where risk has been sufficiently quantified to motivate companies to take it seriously.

Personal data doesn't have that, and the deck is stacked against it. This tremendous system of data collection about people already treats the subjects of the data poorly. The big three Credit Reporting Agencies (CRA) collect this information about us and take money in exchange for sharing it with other people. It took the Fair Credit Reporting Act (FCRA) to give us some consistent rights to address whether that data is accurate and to give us access to it that we don't necessarily have to pay for.

Even then, what's the access we get? You're legally guaranteed a free look once a year, though it's updated constantly. You have a right to see it again if you're denied credit based on it, but not if the credit you're offered is incredibly bad. And the cost of a bad loan if you're talking about cars can be into the thousands. In houses it could be in the tens of thousands. I'm unaware of any provision mandating disclosure if you're denied a job or housing based on it, both of which would require the decision maker admitting that's why they denied you anyway.

I talk about the CRAs not because I am suggesting anyone hire them to do data security or give you a haircut, but because they show how use of this data can necessitate outside forces to set costs of bad action. The CRA doesn't have to innately care about a single fucked up person because they're dealing with a huge aggregate. To an extent before the FCRA they didn't even arguably need to worry too much about accuracy in the aggregate so long as they were fucked up in a fairly consistent manner - after all, if all the risk is wrong in the same way then the credit scores, for example, still work as a comparative measure.

Now we have a lot of vendors of consumer services - or corporations selling to them - collecting data on a similar order of magnitude as the CRAs. And they DON'T have the FCRA applying to them and setting penalties that are privately actionable. If Experian fucks up your shit and doesn't deal with it there's statutory penalties you can sue them for. That's not happening to the Targets and Sonys of the world in any real way yet, and it's a worry so long as that information impacts us way more than them.
posted by phearlez at 8:20 AM on December 11, 2014 [10 favorites]

Let's not celebrate this, it's rotten fruit from a poison tree.

Damn straight.
posted by gwint at 8:30 AM on December 11, 2014 [4 favorites]

So now that it's pretty clear that North Korea was behind the hack, will Gawker feel a little bad about acting as a wing of the North Korean propaganda department? Probably as bad as they felt about denouncing the Jennifer Lawrence pictures when they gleefully leak celebrity nudes themselves. I am eagerly awaiting the Nick Denton leaks.
posted by ThatFuzzyBastard at 8:37 AM on December 11, 2014 [1 favorite]

The Target data breach cost that company a lot of money. A LOT. Because the data they lost was collected unilaterally, and because it's linked to the regulated world of payment systems, financial institutions, credit reporting and identity protection. Not to mention the credit card companies themselves, and trade entities like the PCI Standards Council that huge retailers need to be on good terms with.

I'm hopeful that mishandling of individual's private data that leads to its compromise will eventually be seen as actionable negligence (and more generally, that IT comes to be seen as a professional field with a standard of care etc) for now most of the breaches that occur are of companies whose users' accounts are governed by a TOS and/or EULA, a company-friendly privacy policy, and a contract (of adhesion) that attempts to foreclose all liability and dump whatever might remain into mandatory arbitration.

My gut reaction is that a big bugaboo for Sony here is probably HR-related personal information that they do have a duty to protect, and any deal-related information that they had a duty to keep confidential on IP they don't (fully) own, should that IP be devalued by the leak -- the entertainment industry version of compromising trade secrets shared under a contract.
posted by snuffleupagus at 8:38 AM on December 11, 2014

The really famous one is Enron. The email archive is actually famous enough to be just generally referred to as the "Enron Corpus", and it's heavily used for research, training spam filters, etc. Some emails have been redacted from the research corpus at the request of former employees, but it's not hard to find the original archive if you really want to.

Going through the Enron corpus for a class in social network analysis was fascinating. I'm pretty sure I found a love affair between two really low level employees, since they had different last names, he would often talk shit about her husband, and the two of them would say what fun they had on Friday and how they can't wait for it to happen again.

Also, Ken Lay's younger brother (I believe, at least one of the top level executives) wrote TERRIBLE detective fiction that Lay shared with other top level executives.
posted by codacorolla at 8:43 AM on December 11, 2014 [4 favorites]

So now that it's pretty clear that North Korea was behind the hack,

Or the hacker are just embracing that narrative, now that it's got a lot of press.
posted by smackfu at 8:48 AM on December 11, 2014 [3 favorites]

So now that it's pretty clear that North Korea was behind the hack...

I am amused that Rogin and Franco are using this to generate more buzz for The Interview.

I am even more amused that, if accurate, the most damaging direct action that The Guardians of Peace could take to specifically punish The Interview and its creators at the box-office would be to widely disseminate it pre-release, as they did Annie, which is of course the one thing they won't do.
posted by snuffleupagus at 8:50 AM on December 11, 2014 [2 favorites]

Based on the trailer, I'm wondering why anyone would watch it even if they did widely disseminate it.
posted by blucevalo at 9:07 AM on December 11, 2014 [2 favorites]

You need someone jockish and cocky, believeable as a popular and charismatic soldier but also someone you might see getting in a little over his head. Not stupid, but not quite clever enough to see all the angles that need to be played.

Channing Tatum?
posted by malocchio at 9:16 AM on December 11, 2014 [2 favorites]

Am I the only person picturing every single person in every single email chain being Ari Gold from Entourage?

Scuttlebut is that Scott Rudin will be played by Tom Cruise a la Les Grossman in the upcoming Sony Hack, from the North Korean upstart People's Patriotic Productions .
posted by snuffleupagus at 9:20 AM on December 11, 2014 [1 favorite]

Now the shit has hit the fan and what'll happen now?

He'll be made Supreme Sony Leader for Life.

Of the MiniDisc division.
posted by a lungful of dragon at 9:24 AM on December 11, 2014 [4 favorites]

But remember kids, there's no good reason to encrypt.
posted by eclectist at 9:26 AM on December 11, 2014 [2 favorites]

Based on the trailer, I'm wondering why anyone would watch it even if they did widely disseminate it.

Never, ever underestimate people's ability to fail to confront just how limited their time on this earth is. I'm on here, after all.
posted by Steely-eyed Missile Man at 9:46 AM on December 11, 2014 [2 favorites]

ah-ha, yes, enron, that makes sense. and, yeah, we certainly didn't have a redacted version and we totally found what appeared to be affairs between employees/gambling problems/etc. i
posted by nadawi at 9:54 AM on December 11, 2014

will Gawker feel a little bad about acting as a wing of the North Korean propaganda department?

I don't find myself often defending Gawker, but Variety, The Hollywood Reporter and a wide range of other sites are also combing through the data dump to report this story. It's hard to imagine any entertainment journalist *not* combing through the data dump, and certainly hard to imagine why Gawker would hold off when mainstream outlets like Variety and THR are not holding off at all.
posted by mediareport at 10:08 AM on December 11, 2014 [2 favorites]

No, I'd genuinely love to know what remarkable qualities you believe she has that I don't.

Oh, could you face down Steve Zallian, Steven Soderbergh, and Brad Pitt and pull the plug on Moneyball a week before it's about to shoot?

I'll answer my own question.

You couldn't.

Ten minutes.
posted by incessant at 12:07 PM on December 11, 2014

The one major quality that most high-level executives seem to have in common is "being an asshole". By that metric, mstokes650, perhaps you should be gratified that incessant doesn't think you can cut it. On the other hand, this "ten minutes" verbal tic is so much (ironically) macho bullshit cribbed from Alec Baldwin's Glengarry Glen Ross monologue.
posted by Steely-eyed Missile Man at 12:23 PM on December 11, 2014 [14 favorites]

Seriously, that's some tired and unoriginal vitriol. Brinksmanship in negotiation is a skill, and its not unique to such high altitudes.

Pray tell, what happens at minute eleven?
posted by snuffleupagus at 12:55 PM on December 11, 2014

Pray tell, what happens at minute eleven?

You greenlight an Adam Sandler movie.
posted by kagredon at 12:56 PM on December 11, 2014 [12 favorites]

You greenlight an Adam Sandler movie.

I am definitely not enough of an asshole to do that to the world.
posted by mstokes650 at 1:05 PM on December 11, 2014 [9 favorites]

I'm sorry for the vitriol - I'm just sick of people thinking running a movie studio is a job for idiots and they could do better. These people deal with massive egos and huge money and juggle hundreds of projects, and it's not a job anyone could do. It's certainly not a job I could handle. I'd probably last eight minutes to mstokes's ten.

I am also rather peeved that metafilter is trawling through this, and that's part of what's fueling my anger here. I have many many friends who have been affected by the leak, and lots of them are not doing well. While this thread "hurf durf corporate richies are jerks!" ad infinitum, this is having serious, sweeping ramifications among thousands of people, and it is apparently only going to get worse.
posted by incessant at 1:12 PM on December 11, 2014 [9 favorites]

Mashable has a good piece:

Don't believe the hype: Sony hack not 'unprecedented,' experts say

Adam Caudill, an independent security researcher, has doubts about the description of the attack as "unprecedented" and "unparallaed" that came from Mandia and Sony. "At this point their goal is to save face, to their investors, to their employees, to their partners," Caudill told Mashable. "To protect their image, they need this to be an unpreventable, incredibly sophisticated attack."

Caudill explained that making undetectable malware is not particularly hard. Hackers likely had access to Sony Pictures network for weeks, when they were siphoning huge amounts of data, which should have been noticed.

"Even if they couldn't detect the malware, they should have detected the unusual activity. You don't steal such a large amount of data without raising some red flags — the question is, was anyone watching," Caudill added. "This wasn't a smash-and-grab-type attack that was pulled off quickly, to have penetrated the network so completely, the attackers had clearly been at it for some time."

His view was shared by Adrian Sanabria, a cybersecurity analyst at 451 Research, who criticized Sony's security practices. "You should definitely be able to detect somebody copying 40GB of data systematically," he told Mashable.
posted by mediareport at 1:27 PM on December 11, 2014 [4 favorites]

"Sony says the recent breach of its servers and weeklong cyber humiliation is an "unprecedented" strike and an "unparalleled crime." If they're shocked by these events, they've been shocked for almost a year: leaked emails obtained by Gawker show security troubles dating back to February."
posted by nadawi at 3:30 PM on December 11, 2014 [3 favorites]

And they were so shocked by the 2011 Playstation Network hack that it took them 3 weeks to recover. Perhaps these incidents are a result of bad karma from the infamous rootkit fiasco?
posted by tonycpsu at 4:00 PM on December 11, 2014 [1 favorite]

I'm probably not going to do it myself, but I'm a little disappointed that someone with access to 6000 salary numbers only bothered looking at the first seventeen for their "gender analysis".
posted by the agents of KAOS at 5:13 PM on December 11, 2014 [2 favorites]

I'm still not clear on who is behind the hack. North Korea seems to be jumping on the bandwagon. If early reports were correct, the hackers were asking for money -- extortion, in other words. I'd like to hear more about this aspect of things because it seems to me a harbinger: "Give me $ or I will publish your e-mails!"
posted by CCBC at 5:14 PM on December 11, 2014

North Korea taking credit just makes me think of this.
posted by figurant at 6:51 PM on December 11, 2014

Mark Ruffalo had a few interesting things to say about Scott Rudin's insults aimed at producer Megan Ellison (the "bipolar 28-year-old lunatic" in the Rudin-Pascal email exchange):

"It's more like holding up a mirror to those people saying those things than what Megan Ellison is like...I would make 100 movies with her. I love her and she's risky and her risks pay off. There's a different kind of film being made in America because of her and they're not really inside the system..."

"They don't like talent," he said, seemingly referring to studio executives and the like. "There's been a huge disrespect to what the talent brings. Where does the value really lie? In the people making the deals or the people making stories?"
posted by mediareport at 5:01 AM on December 12, 2014 [9 favorites]

A disturbing new email leak sent to Sony Pictures CEO Michael Lynton in 2012

I have to admit, I'm not able to parse this opening, and it doesn't really improve from there. The text of the email at the link does not mention piracy and involves a proposed meeting between:

-The Assistant Secretary of Homeland Security
-The President/CEO of Eli Lilly "who is very involved in fighting counterfeit pharmaceuticals"
-President/CEO of the National Center for Missing & Exploited Children
-Vinton Cerf, VP at Google and Stephen Crocker, board chair of ICANN -- childhood friends "responsible for laying the Internet's foundation"
-CEO of Sony

What exactly is so sinister about this?
posted by leopard at 10:52 AM on December 12, 2014

How about "why is Homeland Security involved in finding extralegal schemes for corporations?" With "Why is a government agency involved in helping set up corporate plans and meetings with an express effort towards hiding it from the public?"
posted by phearlez at 11:02 AM on December 12, 2014

Homeland Security, despite being a government agency, has legitimate reasons to not be fully transparent in its dealings, and has legitimate reasons to meet with corporate leaders. That said, the language of the article is incredibly unclear, and I have no idea why DHS would want to coordinate a confidential meeting between people from Google, Sony, Eli Lilly, and the National Center for Missing & Exploited Children. Like, seriously no idea -- before I can find this email "disturbing" I need to have a clue about what these people would be talking about.
posted by leopard at 11:10 AM on December 12, 2014

The article is 9 kinds of awful and so poorly written and rambling that I absolutely wouldn't trust it to tell me the right way to spell SONY. But you asked what is sinister about a meeting of those people. And while I agree there are times when DHS has reasons not to be transparent I wholeheartedly disagree that one of those times should be when trying to find ways to end-run around passing legislation that had a large negative public outcry.

You need to do some things internally to support the mission as defined by passed legislation or enacted federal regulations, sure. You want to legislate? Walk your happy ass out of the executive branch and either go work in congress or private industry.
posted by phearlez at 11:22 AM on December 12, 2014 [1 favorite]

missing kids/child porn/ etc is one of the avenues that corporations and government lean on to get popular support and laws passed that help handbag makers, pharmaceutical companies, and media corporations fight counterfeit goods and piracy. it's not that strange that they would all meet together, but, yeah, it's probably pretty sinister.
posted by nadawi at 11:49 AM on December 12, 2014 [1 favorite]

I guess what I find sinister (or at least worth investigating) is when unaccountable private corporations do secretive, backroom deals with government agencies to decide on public policy that affects you, me, and anyone else who uses the Internet. Particularly when the arrangement is designed explicitly to do an endrun around public opposition, which automatically makes this sketchy. If corporate-government collusion isn't sinister, it is certainly undemocratic.
posted by a lungful of dragon at 12:29 PM on December 12, 2014

The Daily Beast today unashamedly announced it "has combed through much of the hundreds of thousands of emails that have made their way online" (nice passive voice there) and has posted a new, rich trove of gossip culled from the hacked emails.

[I understand some MeFites won't want to click that link because they do not want to participate in discussions of illegally hacked emails from Hollywood executives. I can respect that. They should also avoid the rest of this comment, as I'll be summarizing and quoting from the Daily Beast's roundup.]
.
.
.
.
.
.
.
Among other items, the article includes:

1. Sony brass discussing taking "aggressive" legal action against Bill Murray if he continues to refuse to have anything to do with a new Ghostbusters movie.

2. Sony removing all references to the company name from the credits of "The Interview," its movie about killing Kim Jong Un, and lying about the extent of Sony's creative involvement in the picture.

3. George Clooney boasting about hurting Rupert Murdoch and altering the culture at CNN with the release of a movie about the UK phone hacking scandal:

“how much fun are we gonna have…the stakes are higher than citizen kane…if we tell the truth in a compelling way…rupert won’t get time/warner…cnn won’t be fox….i’m so excited to do this film..and for those of you listening in…i’m the son of a news man…everything will be double sourced..so come on with your lawsuits…fuckers...”

4. An exec forwarding a Democratic fundraising request from Steven Spielberg with the following comment:

“This is from steven spielberg, who has hit me for 32 fucking k for some Hilary event for the senate Can you pls check and see if, please god, I have already given to that so that I can't give that much now. These guys are killing me...”

It's private, personal, and revealing, for sure. I'd hate for it to have happened to me. Sites like Daily Beast, Fusion and Defamer are openly admitting to digging through the hacked material, but it's a very good bet that entertainment editors at the NYT and WaPo have their own people doing the same, even if they're mostly waiting to run stories about specific emails until other folks have posted them online first. I'm not sure that makes the NYT and WaPo any better than the gossip sites. I'm definitely sure I'm no better for finding so much of the stuff fascinating and passing it along here.
posted by mediareport at 9:21 PM on December 12, 2014

If folks haven't seen it yet, The Hollywood Reporter has a good article exploring the liability issues Sony faces, including speculation at the end about the admissibility in court of info gained from the hacked documents, and quotes from entertainment lawyers who are "scrutinizing Sony's leaked information to analyze whether clients are getting everything that has been contractually promised."
posted by mediareport at 5:54 AM on December 13, 2014

Perhaps these incidents are a result of bad karma from the infamous rootkit fiasco?

This kind of suggestion tells me that the concept of corporate personhood has now leaked far enough from the realm of legal fiction to become something people take for granted without really thinking it through.

Personally, I can't see how a corporation has moral responsibility.

I can see how the people who decided to perpetrate the rootkit fiasco do, and I am firmly of the opinion that those people should have had their arses firmly kicked - as should the C suite execs whose decision-making style created the corporate culture in which perpetrating such a thing could ever have been seen as a good idea.

But punishing Sony as an entity for past misdeeds done in Sony's name makes very little sense to me. Doing so makes it far to easy for the actual people who deserve punishment for those misdeeds to get away with it completely unnoticed.
posted by flabdablet at 8:51 AM on December 14, 2014

I am guessing that my Sony-employed friend who on Friday discovered that his six month old daughter's SSN has already been stolen and used probably didn't deserve punishment for Sony's rootkit fiasco. But maybe his daughter did? She drools a lot. Certainly some punishment deserved there.

He's trying to figure out what's next, but according to the people he's talked to, this is "the worst case scenario for identity theft." They caught it early, but significant damage has already been done.
posted by incessant at 9:16 AM on December 14, 2014 [8 favorites]

James Franco and Seth Rogen cancel press appearances for The Interview after hacker threats.
posted by dirigibleman at 3:59 PM on December 16, 2014

The first class action lawsuits have been filed by Sony employees. The 2nd one actually goes after Sony for doing a film like The Interview in the first place.
posted by mediareport at 4:10 AM on December 17, 2014

And to add to the confusion: FBI doubts North Korea link to Sony Pictures hack:

A senior FBI official said that they had been unable to confirm links between the hack and Pyongyang or affiliated groups.

“There is no attribution to North Korea at this point,” Joe Demarest, assistant director of the FBI’s cyber division told a panel at a cybersecurity conference.
posted by mediareport at 4:18 AM on December 17, 2014

the only people i've seen pushing the korea angle are ones who are finger wagging about others looking at the leaks and people who are promoting that seemingly god awful film.
posted by nadawi at 6:50 AM on December 17, 2014

What I hadn't realized until going through a timeline of the leaks is that the hackers are leaking individual mail files from their overall data dump. So if certain people like Amy Pascal are getting a lot of attention, that's part of the reason why. And the other execs who haven't had their emails leaked are still on edge, I'm sure.
posted by smackfu at 7:29 AM on December 17, 2014

The link to NK seems pretty speculative. And have the North Koreans ever showed this sort of technical aptitude before? It seems, just on its face, a bit... subtle. Plus, they don't seem like they'd pass up the opportunity to take credit.

The APT groups generally assumed to be Chinese military have to be on the shortlist, though.
posted by Kadin2048 at 8:26 AM on December 17, 2014

Sony emails reveal Jennifer Lawrence paid less than male co-stars: Leak shows that American Hustle’s female star was on 7% deal, while male co-stars Christian Bale and Bradley Cooper were on 9% each

She had a hell of a lot less screen time in that film than Bale and Cooper.
posted by Thoughtcrime at 9:02 AM on December 17, 2014

Amy Adams had a lead role and also got only 7%... not sure why this wasn't highlighted in the sexism story. More sexism?
posted by leopard at 9:25 AM on December 17, 2014 [2 favorites]

The pay gap story between Lawrence/Adams and Bale/Cooper would have more teeth if we knew the entirety of their contracts - just focusing on one aspect of their deals doesn't mean much. Giving or taking points on a deal like this is always about getting negotiating power elsewhere. If you need money tomorrow, you're not going to be interested in lots of producer points - you're going to take more money up front. Often these things build from project to project, too - 7% may be more points than Lawrence has ever received on a movie, which would make sense because she's still young. I'm not saying this isn't gender discrimination - just that right now we're looking at the painting through a keyhole.

It certainly feels like a government attack, whether it's NK or China or someone else acting for NK. The hackers were sitting on literally millions of dollars worth of information which Sony would've been happy to pay them to squash, and all they did was send a blackmail email to an exec four days before the dumps started? And this isn't a for the lulz hack. This is a concerted effort to bring down a company.

I mean, look at the Sony movies the hackers released online -- and then look at one movie they didn't release. THE INTERVIEW.

Could be because they didn't have it. Or it could be because all they've wanted all this time was to do whatever they could to make sure the movie never came out.

It seems they're close to accomplishing their goal.
posted by incessant at 12:30 PM on December 17, 2014

Wow, Sony cancels the initial release date of The Interview. It's unclear if/when the new release date would be.
posted by codacorolla at 2:35 PM on December 17, 2014 [3 favorites]

Huh, looks like investigators are going to make an announcement tomorrow officially tying the attacks to NK.
posted by codacorolla at 3:49 PM on December 17, 2014

'The Interview' disaster is the perfect ending to 2014

As depressing as this all is, the controversy over "The Interview" also feels like a fitting coda to 2014, a year in culture that has been defined by actual and imagined totalitarianism.

The year kicked off with the Winter Olympics and an opportunity for Russian President Vladimir Putin to show himself and the nation he leads on the world stage. There is a long-standing tradition of un-free countries using the Olympics to grandstand, but corruption in the selection process and the rising cost of staging the games has raised the unsettling possibility that fewer democratic countries will be willing to take on the hassle and expense.

[...]

Given Russia's use of culture to consolidate its self-image and further its adventurism, there was something sadly hilarious about the dark tones some of our domestic debates took on this year. From the Gamergate kerfuffle to worries over the speech climate on college campuses, we spilled gallons of ink debating the influence - real or imagined - of feminist critics and campus activists, seeming to lose all sense of scale and perspective on what censorship and cultural manipulation really look like.

Gamergate, for example, was a broad cultural umbrella, including everything from consumer complaints about gaming sites that readers felt were running too few user-focused reviews to vituperative attacks on individual creators and critics. But among the narratives that emerged from Gamergate was the idea that a censorious feminist cabal that wanted, as bandwagoning conservative cultural critic Christina Hoff Sommers put it, "the male video game culture to die," had infiltrated major gaming sites and even distributors like Steam.

posted by tonycpsu at 5:44 PM on December 17, 2014 [1 favorite]

I have extremely mixed feelings about Sony pulling The Interview. I don't believe it is a movie that should have been made. But caving to threats is a bad precedent. It's like if the publishing houses had refused to publish Rushdie because of the threats made against him 25 years ago. The relative quality of the two pieces of art in question is really not material to the ethical question.

The complicating factor is that the threats against Rushdie were, so far as I am aware, aimed more or less solely at Rushdie while these (almost certainly fake) threats were aimed at everybody in the vicinity of the movie. But on balance I think its a bad call.

Does anybody take NK's threat of a "9/11 style attack" against movie theaters seriously? These are a bunch of yahoos who regularly threaten nuclear war or whatever.
posted by Justinian at 6:22 PM on December 17, 2014

Also, its too bad this post was about the salacious gossip and not the very real, important, and interesting issues surrounding this film, art in general, and the geopolitics surrounding it.
posted by Justinian at 6:23 PM on December 17, 2014 [1 favorite]

The relative quality of the two pieces of art in question is really not material to the ethical question.

Maybe the artistic merit of the work itself isn't directly relevant, but I do think that the fact that this movie didn't look like it was going to be a sure-fire hit had to factor into the decision of the theater owners and chains to back away. On some level, the artistic merit for all but the most bankable franchises does loosely correlate with audience demand / "you've got to see this" buzz, which affects the bottom lines of the theater owners, which in turn affects how much they'll want to risk the infinitesimal but non-zero chance of an incident (even a sub-9/11 one.) I doubt many of those theater operators are considering the free speech implications all that much, but if they are, certainly the artistic merit of the film affects how well the satirical message comes across as well.

Of course, there would have been a bit of a Striesand effect that would have goosed sales, so it's hard to know what opening week receipts would have looked like. RottenTomatoes has a 96% "I want to see it" rating for it right now, but I would guess much of that has occurred since the it's been yanked.

Does anybody take NK's threat of a "9/11 style attack" against movie theaters seriously? These are a bunch of yahoos who regularly threaten nuclear war or whatever.

On one hand, the tiny risk of an incident. On the other hand... a movie most people expect to be mediocre at best. Or, you know, devote those screens to extra Big Hero 6 showings. The amount they have to take it seriously need only be as large as the potential benefits of running the film.
posted by tonycpsu at 7:31 PM on December 17, 2014

Much sadder fallout than the Rogen/Franco cancellation:

Steve Carell's North Korea Thriller Dropped After Sony Hack

Carell's movie was based on Pyongyang, Guy Delisle's amazing 2004 graphic novel memoir about his time working as a contract animator in North Korea, which I've raved about here more than once. I'm not sure how it would've become a "thriller" (maybe false accusations of spying?) but the memoir was a sharp, sad, funny glimpse behind the curtain of North Korean society from a relatively privileged Westerner's perspective. Really sad to learn there was a planned movie version that's been dropped because of this mess.
posted by mediareport at 7:59 PM on December 17, 2014 [6 favorites]

Holy crap. Sony Has ‘No Further Release Plans’ for ‘The Interview’

Sony Pictures Entertainment has chosen to stand down for “The Interview,” deciding against releasing the Seth Rogen-James Franco comedy in any form — including VOD or DVD, as U.S. officials reportedly link Sony’s massive cyber attack to North Korea.

That can't be the final word. I'm guessing they're weighing their options?
posted by brundlefly at 8:10 PM on December 17, 2014

They are in such a bad PR situation right now that I'm guessing this is about weighing how damaging it would be if someone actually did do something violent at a theater as threatened. I have no idea about lawsuit potential, but there is no way they would not be judged for that decision, which would probably bring more attention to whatever negligence led to the leak in the first place. Additionally, Sony really isn't in a moral position in the court of public opinion to be holding the line on this out of principle or anything. If you want to make a PR disaster go away, releasing this movie has no possible connection to that potential state of affairs.
posted by SpacemanStix at 8:25 PM on December 17, 2014 [1 favorite]

I'm not sure I blame Sony for pulling the flick after the big theater chains already said "no thanks." The liability issues alone make it a no-brainer. But if some folks at the top of Sony feel they're protecting themselves from further info dumps by being conciliatory, that would seem a bit delusional. There's no way the hackers are going to stop releasing damaging secrets; it's working too well to disrupt the enemy.

That said, I think the "HOW COULD THEY?!" reaction of stars like Jimmy Kimmel and Judd Apatow on display here is a bit too glib coming from folks whose personal inboxes aren't in danger of being released next.
posted by mediareport at 8:30 PM on December 17, 2014 [1 favorite]

I wonder how much more money it would make if they released it now after it's been canceled. Sony executives have to be thinking the same thing. $42 million in production and however many more tens of million in promotions is a tough loss to swallow.
posted by codacorolla at 9:27 PM on December 17, 2014

Rogen and Franco were promoting The Interview hard on various Youtube channels. All that effort on Epic Meal Time for nothing!
posted by PenDevil at 2:33 AM on December 18, 2014

The Satanic Verses got published despite the threats. To completely bury this movie is disgusting cowardice. Even if it sucks as a movie - though given Rogen/Franco's track record I'm pretty sure it's at least amusing.
posted by dnash at 5:13 AM on December 18, 2014

The Wired article homunculus just posted is really good at debunking easy conclusions that North Korea is behind the hack.
posted by mediareport at 5:51 AM on December 18, 2014

More analysis debunking the North Korea claim. Be sure to follow the link at the end to this detailed timeline and analysis at Risk-Based Security.
posted by mediareport at 6:18 AM on December 18, 2014

dnash: "To completely bury this movie is disgusting cowardice."

Wow. Not just cowardice, but cowardice that inspires actual disgust. If a crazy armed person told you they would kill one of your customers if you set up a certain database or coded a certain snippet of script, I assume you'd have the bravery to go ahead with your project and let them possibly kill a customer? Anything less than that would be truly revolting.
posted by Bugbread at 6:42 AM on December 18, 2014 [1 favorite]

From a business standpoint, Sony pulling this movie makes total sense. "Annie" and "Into the Woods" are also huge films for Christmas day, and if even a fraction of the people who were going to take their families to either of those movies decided to stay home, that would've been a financial impact bigger than the impact "The Interview" would have ever made. I know I was feeling apprehensive about our plans to go see "Annie" on Christmas day. (I guess that makes me a coward? I'm okay with that.)
posted by jbickers at 7:00 AM on December 18, 2014

Huh. I still find the NK thing a bit of a stretch for the hack itself, but that crazy email and threats of violence, that does seem about their speed. So much for subtlety.

If Sony had any backbone, what they'd do now is take their Bittorrent-poisoning boxes that they've been burning kilowatts on the past few days, trying to prevent the email leaks, and they'd package up The Interview and dump it on the Internet for anyone who wants to see it.

It doesn't look like a very good movie; using it as a statement seems like the best possible use for it anyway.

But, of course, this is Sony, so I fully expect them to somehow mismanage this in such a ridiculous way that they end up coming out looking like the bad guy, even compared to a crazed nuclear-armed murderous dictatorship. It's a stretch, sure, but if anyone can hit PR rock bottom and then send down for more dynamite, it's Sony.
posted by Kadin2048 at 7:09 AM on December 18, 2014 [2 favorites]

The AP is reporting that US intelligence officials will announce shortly that they believe North Korea is behind the hacks. More at the NYT.
posted by zombieflanders at 7:15 AM on December 18, 2014 [1 favorite]

To completely bury this movie is disgusting cowardice.

It's easy to put other people's lives in jeopardy.

(No, the threats weren't very credible, but tell your employees they have to come in anyway)
posted by dirigibleman at 8:04 AM on December 18, 2014 [1 favorite]

They already released everything that would harm the employees.
posted by smackfu at 8:08 AM on December 18, 2014

I'll just have to read the leaked e-mails on Christmas Day instead.
posted by malocchio at 8:10 AM on December 18, 2014 [1 favorite]

They already released everything that would harm the employees.

Not of the theaters or any businesses near to them.
posted by zombieflanders at 8:28 AM on December 18, 2014

"We don't negotiate with terrorists."
posted by entropicamericana at 8:37 AM on December 18, 2014 [1 favorite]

Worth emphasizing, zombieflanders, that the two links you posted citing anonymous officials on a North Korea connection are discussed in the "debunking" links by Wired and Marc Rogers. And the AP article's citation of "Mandiant's work on its highly regarded China investigation" is specifically refuted in the Risk-Based Security analysis:

The same article mentions that Mandiant was brought in to address this breach before it became public. Yet, Mandiant has not made a statement on the matter, while being notoriously media-friendly in blaming hacker sources, specifically the Chinese, even if they may not have been involved.

That last link goes to an article discussing "critical analytical flaws" in Mandiant's past work, which got massive media attention but may not have been definitive (or even anything close to definitive).
posted by mediareport at 8:39 AM on December 18, 2014

This is (Hopefully) Not the End: Watching the North Korea–lampooning, Sony-hack-inciting, hilariously unnerving ‘The Interview’ with Seth Rogen in a movie theater for perhaps the last time
posted by nubs at 8:46 AM on December 18, 2014 [1 favorite]

Sony should have taken more of a lead on whether or not to pull the movie. It now looks like Sony decided to pull the movie only because movie theaters aren't showing it, which makes Sony look indecisive. If they publicly announced first that they were pulling the movie, I think it would have at least looked a little more principled and less being pushed between Hollywood and the movie theaters.
posted by FJT at 10:20 AM on December 18, 2014

Will this be the first major-studio motion picture that's ended up on general release via BitTorrent after actually being pulled by the studio, or could the leak possibly not have included a copy of the BluRay master?
posted by flabdablet at 10:27 AM on December 18, 2014

I think the movies that were leaked were awards screeners. Not sure this movie would get screeners.
posted by smackfu at 10:46 AM on December 18, 2014

The movies leaked were DVD screeners, not awards screeners - three of the films aren't even due to come out until 2015. DVD screeners are used for press, for producers and execs and agents, for anyone in the company who needs to see a certain movie. Sony would have DVD screener masters of THE INTERVIEW on its servers.
posted by incessant at 1:25 PM on December 18, 2014

The current scuttlebutt around town is that Sony killed the entire movie so that they could invoke Force Majeure and collect insurance on the film. Had they released the film in any way, shape, or form, the insurance company would not have paid out. This was a decision made entirely by accountants - which, for the record, is par for the course at a major studio.
posted by incessant at 1:28 PM on December 18, 2014 [3 favorites]

Actors get a cut of the box office, right? I'm assuming they don't have a commensurate insurance policy if the film doesn't open?
posted by codacorolla at 1:30 PM on December 18, 2014 [1 favorite]

I've never heard of individual policies like that, but that doesn't mean that they don't exist. Suffice it to say, everyone involved will be trying to figure out some way to make at least some of the money they should've made off the release, and I wouldn't be surprised if this ends up in court, with agencies and managers claiming force majeure was applied inappropriately here.
posted by incessant at 1:58 PM on December 18, 2014

flabdablet: "Will this be the first major-studio motion picture that's ended up on general release via BitTorrent after actually being pulled by the studio, or could the leak possibly not have included a copy of the BluRay master?"

At one of the links in the thread (forgot which one, sorry) it says that they leaked a bunch of movies but not The Interview, as one of their major demands was "Don't release The Interview". So the leak contains no BluRay, DVD, awards, or any other form of screener for The Interview.
posted by Bugbread at 3:09 PM on December 18, 2014

But they would almost certainly have collected a copy from Sony. My guess is that once these arseholes have had their fun jerking the security agencies and the press around, at least one of them will break ranks and seed the thing.

"North Korea did it" has about as much credibility as "Saddam Hussein is hiding WMDs".
posted by flabdablet at 5:45 PM on December 18, 2014

This was a decision made entirely by accountants

CBS: "These are unchartered waters we are faced with in the new world of computer terrorism," he said in an interview

I see what he did there.
posted by flabdablet at 5:48 PM on December 18, 2014

Those of you who don't believe North Korea had anything to do with the hack: would any piece of evidence change your mind? Is there anyone you'd trust if they said "North Korea did it"?
posted by incessant at 8:31 PM on December 18, 2014

Perpetrator found guilty after a trial with competent counsel on both sides would do it for me.
posted by flabdablet at 8:35 PM on December 18, 2014

And then also after Sarah Koenig does a season of Serial on it?
posted by incessant at 10:08 PM on December 18, 2014 [1 favorite]

The New Yorker, Did North Korea Hack Sony?:

Still, not everyone is convinced that North Korea carried out the attack, or was even indirectly responsible for it. “There is such a level of vindictiveness toward Sony that it feels more like an ex-employee or a business dispute,” Martyn Williams, a long-time North Korea watcher, who has taken a contrarian view on the attack, said. Williams believes that the hackers could be using North Korean software, or possibly imitating North Korean tactics, to cover their own tracks. He notes that the Guardians of Peace hackers didn’t mention “The Interview” before this week. He also believes that a recent message on a text-sharing Web site that threatened moviegoers and invoked 9/11 was unlikely to have come from North Korea. “North Korea is definitely capable of annoying its neighbors, but to make these kind of threats, saying ‘Remember 9/11,’ I don’t think North Korea is so stupid,’’ Williams said.

From the 2nd link:

- Computers at Sony displayed a message threatening the release of internal documents if undisclosed demands were not met. North Korean hackers have never made such public demands.
- The message claimed the hack was carried out by “#GOP,” which stands for “Guardians of the Peace.” Attacks linked to North Korea have never included such claims of credit.
- The attackers posted messages on several Sony Twitter accounts, personally attacking Sony Pictures CEO Michael Lynton. North Korean attacks have never used such a tactic and state media has never called out Sony executives when criticizing the movie.
- North Korea has never launched such a targeted and public attack at an institution that angered it, and many organizations have angered it in the past.

incessant: Those of you who don't believe North Korea had anything to do with the hack: would any piece of evidence change your mind?

That's a strange way to frame the situation. The burden of proof is on the folks who are claiming with certainty to know who did the hacking, a notoriously difficult task. What evidence have you seen that has convinced you it was North Korea?
posted by mediareport at 8:39 AM on December 19, 2014 [1 favorite]

Those of you who don't believe North Korea had anything to do with the hack: would any piece of evidence change your mind? Is there anyone you'd trust if they said "North Korea did it"?

The thing is, at this point, the story doesn't make much sense. If I rob a bank, the last thing I do is crow about it. In fact, the smart thing to do is keep quiet and hope they don't notice so I rob it again.

I know NK doesn't always do the most rational thing, but what has gone on just hasn't matched their MO. Also, I haven't seen anything that is definitively NK and Sony really does need to reframe the story from being about their relentless incompetence and stupidity.

So, yeah, in my mind, it's not NK. I'm open to evidence and whatever - it is certainly possible - but so far I am just not convinced.
posted by Pogo_Fuzzybutt at 8:58 AM on December 19, 2014

I don't NOT think North Korea had something to do with it, but I guess I have an inherent skepticism about government involvement in data theft catch-and-release.

It's one thing to have targeted spying/sabotage operations like Stuxnet, but when we get into this mass data lifting, sharing with reporters, and all the showboating... that feels to my old-school computing self to seem more like hacker group shenanigans. Goofy skull images, for example? That doesn't smell like a government agency.

Now, when we get into a question of government-encouraged, I guess I get a little more willing to accept the idea. Perhaps I should be more generous in accepting that as "involvement" since I'd certainly have described the Contras as being involved with the CIA. But when it's inside your own country and your own citizens... I dunno. I guess I can accept the idea that the North Korean government might give some special treatment and material things to groups of hackers and encourage them to start shit with people/organizations/governments they dislike. But it's hard to reconcile that sort of hands-off behavior with an authoritarian regime.

So for me, to believe NK is involved in any way beyond looking the other way for criminals who share their values and don't mess up the home base... I need something resembling some testimony and evidence. Otherwise it reminds me somewhat of the morons I grew up around in South Miami who thought it was a good idea to wage a little civilian war against the Castro regime. The US government didn't support them but they often looked the other way or treated them like idiot children rather than folks in inappropriately meddling in foreign affairs. Were we "involved" with the folks who flew a small plane over Cuba, violating foreign airspace, if we just didn't take their offense seriously? I guess it's a definitional thing, but my inclination is to view that as neglect more than action.
posted by phearlez at 9:03 AM on December 19, 2014

That's a strange way to frame the situation. The burden of proof is on the folks who are claiming with certainty to know who did the hacking, a notoriously difficult task.

I'm wondering what evidence would make other people believe it was NK - a statement from the FBI, a statement from North Korea, a smoking gun piece of code. I'm not asking people to show that evidence - I just am curious what hypothetical thing would make doubters believe.

If I rob a bank, the last thing I do is crow about it. In fact, the smart thing to do is keep quiet and hope they don't notice so I rob it again.

But NK's ostensible motive is to stop the release of the film, which is the "why now" part of the equation. They've already been in for apparently months and months, keeping quiet, robbing the bank over and over and over again.

Now the FBI has released a statement that they believe North Korea was responsible for the hack. George Clooney gave a great interview in Deadline last night that discussed a few interesting pieces of evidence (Clooney's production company has been part of Sony since 2009).

I understand the skepticism - our trust in institutions is blown to hell since Iraq/WMDs and the financial collapse, and for weeks this attack felt like some rabble-rousers kicking dirt in the face of a bunch of rich execs, which is a narrative people enjoyed. That this might have been far more sinister I think catches people off guard and means they'd have to alter their initial feelings about the attack, which is hard to do.
posted by incessant at 9:26 AM on December 19, 2014

Huh. Tabloidy site seems to have legit news.

Direct link to FBI statement.
posted by ardgedee at 9:35 AM on December 19, 2014 [3 favorites]

for weeks this attack felt like some rabble-rousers kicking dirt in the face of a bunch of rich execs, which is a narrative people enjoyed. That this might have been far more sinister I think catches people off guard and means they'd have to alter their initial feelings about the attack, which is hard to do.

What an oddly insulting armchair psychological analysis. For the record, it describes neither my own mindset nor that of any of the analysts I've read who were initially skeptical. For me, the lack of any mention of The Interview in the first few weeks was the initial reason I was hesitant, and the flimsiness of the evidence presented made reserving judgment the smart choice. The first official FBI statement is about as clear as I'm gonna get, I suspect, and at this point I'll take them at their word.
posted by mediareport at 1:58 PM on December 19, 2014 [1 favorite]

mediareport: "That's a strange way to frame the situation. The burden of proof is on the folks who are claiming with certainty to know who did the hacking, a notoriously difficult task."

The burden of proof lies with the folks who are claiming with certainty to know who did or did not do the hacking. If you're saying "I don't know who did it", there's no burden of proof. If you're saying "I know North Korea did it", then the burden of proof lies with you. If you're saying "I know that North Korea didn't do it", then the burden of proof lies with you, too.

And the question was "would any piece of evidence change your mind?" This comes up all the time with conspiracy theorists. Note: I am not saying that anyone in the thread is doing what I am about to depict below, I'm just pointing out that asking "what proof would you accept" is not an unreasonable question for a person with the burden of proof to ask, given that situations like this do occur:

Bob: "You think we landed on the moon? Prove it!"
Alice: "Ok, here you go, evidence A, B, and C."
Bob: "I don't accept that because blah blah blah."
Alice: "Ok, more evidence, D, E, and F."
Bob: "I don't accept that because blah blah blah."
Alice: "Evidence G, H, I?"
Bob: "Nope, won't accept that, either. Also, you've failed to prove your position, and since the burden of proof lies with you, that means we didn't land on the moon."

This kind of conversation happens a lot, so saying "fine, even if I have the burden of proof, what level of evidence would you even consider 'proof' in the first place?" is not an unreasonable question.
posted by Bugbread at 2:37 PM on December 19, 2014

I agree with your last point in general, Bugbread. It just doesn't match my experience of how this conversation evolved, both here and nationally. The folks skeptical of the NK connection themselves offered many pieces of evidence - more of it, and more suggestive, to me - than the handful of anonymously-sourced reports we'd gotten from the other side until today.

On a more interesting note, did folks see the bit in the Times today noting "several Sony vendors" aside from theatre chains have also "begun receiving threatening correspondence from the attackers"?
posted by mediareport at 4:15 PM on December 19, 2014