
Loading summary
Narrator
Now hackers have stolen $600 million. It's one of the biggest crypto heists today.
Nicole Perlroth
The WannaCry virus crippled computer systems in
Narrator
at least 150 companies and countries.
Nicole Perlroth
Last week, cyber thieves stole $81 million
Dan Sterling
from the Bangladesh Bank's account with the U.S. federal Reserve.
Nicole Perlroth
Looking back now, the warning signs feel obvious. But at the time all, almost nobody saw them. Probably because the first North Korean cyber attack to really lodge itself in the American consciousness was disguised as a Hollywood scandal.
Narrator
Sony's computer network was hacked in what may be a blackmail attempt. The source says the hack is being linked to a group called Guardians of Peace and that the incident began when a picture of a skull appeared on company computer screens.
Nicole Perlroth
Staff was greeted by wallpaper of a
Narrator
skeleton and a message warning the hacking was just begin.
Nicole Perlroth
The assailants called themselves the Guardians of Peace. But that was just a distraction from the real assailant, North Korea.
Michael Linton
That some Sony Pictures employees are concerned after receiving a rambling email yesterday. Written in broken English, it asked them to sign a statement cutting ties with Sony. If you don't, the email said, not only you, but your family will be in danger.
Nicole Perlroth
The strange thing about the Sony hack is that almost everyone remembers it, but almost nobody remembers it for what it actually was. One of the most destructive and costly cyber attacks ever to hit American soil. An act of censorship, and a successful one, In case you were living under a rock between Thanksgiving and Christmas in 2014, Sony Pictures was hacked badly over a movie.
Anonymous skeptic
Look at this.
Nicole Perlroth
Kim Jong Un wants to do an interview with Dave Skylark. He's a fan.
Andrew Scott
Look at him.
Nicole Perlroth
If that ain't a real story, what is? Okay, let's do it.
Dan Sterling
We're going to North Korea.
Nicole Perlroth
The attack was in retaliation for the Interview, a Seth Rogen, James Franco stoner comedy about journalists who land an interview with Kim Jong Un and get approached by the CIA.
Narrator
The CIA would love it if you
Nicole Perlroth
could take him out.
Andrew Scott
Hmm.
Nicole Perlroth
Take him out?
Mark Rogers
Like for drinks?
John Holtquist
Like to dinner?
Kevin Mandia
Take him out of the town?
Nicole Perlroth
No, take him out. At the time, it felt like a bizarre collision of Hollywood cyber and geopolitics. But revisiting the Sony hack now, more than a decade later, it lands differently. Like the opening sequence of something much bigger. While Americans were caught up in celebrity emails, North Korea was quietly building a playbook. One that would be picked up and co opted by nation states and cybercriminals for years to come. And had we been paying closer attention, we might have seen that Sony was a preview of what would come. That North Korea was evolving into a formidable cyber aggressor. One that didn't just launch crippling attacks, but would successfully steal millions, then billions of dollars in cryptocurrency and eventually capable of silently infiltrating American companies at scale. We might have seen that the caricature we all clung to was keeping us one step behind.
Jenny Town
The US Intelligence community constantly underestimates what the North Koreans are capable of doing, given all the constraints that they have.
Nicole Perlroth
That's Jenny Town, the director of 38 North, a think tank focused exclusively on North Korea.
Jenny Town
And what the North Koreans have proven over the years is never underestimate North Korea. Once they've decided to do something, they will figure out a way to do it. And it isn't necessarily the most high tech solution, it's not necessarily the most sophisticated solution, but it is definitely capitalizing what they do have and maximizing its impact over time, just out of sheer will and perseverance.
Nicole Perlroth
I'm Nicole Prolaroth, and this is To Catch a Thief. If you ask Americans what they actually remember about that attack, it's probably not the fact that North Korea reduced Sony to digital rebel. It's most likely the emails. Everybody remembers the emails
Narrator
now officially blown boom up.
Nicole Perlroth
I mean, boom.
Narrator
Leaked emails between two major Hollywood power players now reveal racist jokes against President Obama. Kevin Hart being called a greedy whore and Angelina Jolie called a spoiled brat. Actor Ben Affleck has apologized after hacked Sony emails published by WikiLeaks showed he asked that the revelation he had a slave owning ancestor be omitted from the PBS documentary Finding youg Roots.
Nicole Perlroth
It wasn't just emails. They dumped millions of dollars worth of stolen ip, unreleased films and personnel records, Social Security numbers and salaries that revealed Hollywood's glaring pay gap. Yeah, and we've got that with Jennifer
Michael Linton
Lawrence and Amy Adams as well.
Steve Stone
Being paid less than their co stars.
Michael Linton
Exactly.
Narrator
17 top owners who own over a million dollars, we understand that have been leaked.
Michael Linton
Two.
Narrator
Only two aren't white and only one is a female.
Nicole Perlroth
Very quickly, the hack stopped being treated as a national security event and it became content. The leaks were endless. WikiLeaks turned them into a searchable archive. It was a complete media spectacle. And it wasn't just Page Six or Entertainment Tonight or Cable news. These leaks were covered by the Times, the Wall, the Washington Post. They trended for weeks on Twitter and inevitably became late night television fodder. And doing what it does best, Saturday
Kevin Mandia
Night Live took on this Sony scandal.
Narrator
The skit gets help from actor Mike Myers, reprising his Dr. Evil character from the Austin Powers trilogy.
Steve Stone
What is your take on Sony pulling the movie the Interview?
Nicole Perlroth
Are we going to send some sort
Narrator
of a stern message to Kim Jong
Nicole Perlroth
Un that he's going to understand Sony emails? Things they never wanted you to see. Nicholas Cage said the script is terrible and he's in. We've run out of comic books. How about movies based on phone books?
Dan Sterling
My name is Dan Sterling and I am the screenwriter of the movie the Interview, also the story creator. Although I share story creation credits with Evan Goldberg and Seth Rogen, the initial
Nicole Perlroth
concept for the Interview actually had nothing to do with North Korea. Dan Sterling had been developing a rom com with Seth Rogen. When Rogan and Evan Goldberg approached Dan
Dan Sterling
with an idea, they said, we have this crazy idea. And the idea was like, what if Dan Rather got Osama bin Laden in a room to interview him? Should Dan Rather kill him? And this was before Osama bin Laden was killed. And, you know, what should he do? And so that's all it was. So I went out for drinks with my friend Josh Christ. And he was like, it has to be the North Koreans. I was like, oh, that's a brilliant idea. He's like, yeah, these are the people who nobody's talking about. The whole world would be on our side for this one. What I thought was the least controversial thing in the world, that Kim Jong Un is an asshole. I didn't want to attack or satirize starving, misinformed North Korean people. But the North Korean government and the people around Kim Jong Un seemed worthy of epic satire. And boy, oh boy, did we give it to them.
Nicole Perlroth
Initially, they didn't even plan to call the movie's dictator Kim Jong Un. But then came a fateful conversation with a Sony executive.
Dan Sterling
I was sitting in a trailer on the Sony lot in pre production with Seth and Evan and one of the executives, this wonderful woman, I won't name her name, she said, listen, what if, just as an experiment, what if you went through and you changed out all the fake names and you made him Kim Jong Un? And I was like, oh, I love that. That's super edgy. This is a thousand times funnier and better and more rock and roll.
Nicole Perlroth
So they go for it, they tweak the script and they start filming. But as they near production, Sony gut checks the plot with defense experts at the Rand Corporation. Rand tells them, this is a bad idea.
Dan Sterling
This is going to upset them very much and just use fake names. That's all we're asking. But Seth and Evan said, no, it's too far, we've gone too far. We're gonna do it.
Nicole Perlroth
Where executives dug in their heels though, was the film's over the top bludgeoning of Kim Jong Un. Ran told Sony this was a really bad idea.
Dan Sterling
You're gonna have to trim back some of these death scenes and blah, blah, blah. I just kind of stayed out of it. The version of it they have now more than, I mean, they have this very slow acoustic downbeat score of Katy Petty's Firework.
Nicole Perlroth
Going to it, baby, you're a firework.
Rob Joyce
Come on, let you come.
Dan Sterling
And just as Kim Jong Un's face is being ripped from skin through muscle, tissue through bone, that set off the red flags. But they said, yeah, this is going to be a problem. I certainly don't remember them saying, oh, it's going to be a hack where it shuts down everything Sony owns. They're going to have to lose a billion dollars worth of computing infrastructure. None of that was clear to me at all.
Steve Stone
The hack shut down the company's entire computer system and according to the LA
Nicole Perlroth
Times, employees were reduced to using old
Steve Stone
fashioned pen and paper to complete assignments
Nicole Perlroth
and God forbid, taking calls on landline telephones.
Steve Stone
We even fired up our fax machine. One person told the paper.
Kevin Mandia
I'd never seen what we were starting to see unfold in 2014 at Sony.
Nicole Perlroth
That's Kevin Mandiat, who's responded to more cyber attacks than anyone in the private sector. It was his firm, Mandiant, that Sony called in to investigate their attack. So did you ever watch the movie?
Kevin Mandia
I loved the movie. How do you not? You almost feel a moral obligation to watch it. And I genuinely went into it with a low bar and I was pleasantly laughing a lot.
Nicole Perlroth
Can you tell us why it was so unprecedented?
Kevin Mandia
I call it a red lever event. You're off the grid or it's just total destruction. Let's delete everything and post a message meaning phones may not work, gate may not come up. Employees generally go outside to get on the phone network because that's the network working now people are trying to figure out what's the impact of this destructive attack and what can we do as a business.
Nicole Perlroth
So pretty quickly Mandiant was able to map the attack back to North Korea. The malware shared digital infrastructure, IP addresses, tooling and tactics. With the previous DPRK espionage operation they tracked. It also overlapped with a little noticed North Korean attack against South Korea a year earlier.
Dan Sterling
It's called Dark Seoul. Seoul, not S O U s as in the South Korean capital.
Steve Stone
Correct.
Narrator
In March of 2013 and June of 2013, there was an attack on South Korean companies, agencies with government. And it's because part of Seoul went dark. The banks, some of the media companies were knocked off the air. People couldn't get money out of their ATMs.
Jenny Town
It was incredible.
Narrator
Incredibly disruptive.
Nicole Perlroth
North Korean hackers wiped hard drives at major South Korean banks and broadcasters. There were other more subjective signals too. Here's John Holtquist, chief analyst of Google's Threat Intelligence Group.
John Holtquist
They'd use this imagery that had, like, skeletons. It was really interesting because in the Dark Soul incident, they'd also used the same, very similar, like, skeleton imagery. And they call themselves Guardians of Peace, but they had actually previously called themselves God's apostles.
Nicole Perlroth
And while Mandiant had no doubts this was North Korea, the sophistication of it still caught them off guard. This is Marshall Heilmann, the CEO of dtex, a security firm. But back then he led Mandiant's response to the Sony attack.
Marshall Heilmann
They had some pretty complex malware that was very effective. And when you have those type of weapons and you understand how to deploy them properly, that's a well oiled, well trained team of people.
Nicole Perlroth
At that point, how aware were you of North Korea's cyber capabilities? You know, how big of a threat did you consider North Korea to be?
Marshall Heilmann
Yeah, honestly, it wasn't even on my radar. Now, to be fair, you know, I was not an intelligence analyst and so I feel like if I was an intelligence analyst, it probably would have been more on my radar. But given that I was, as I love to say, an incident response junkie, I just went from one incident to the next to the next, just trying to solve all the crime that I possibly could. And so for me, North Korea came a bit out of nowhere.
Steve Stone
Like we were just totally wrong in our assessments to North Korea.
Nicole Perlroth
That last voice was Steve Stone, who also worked on the Sony Aftermath for Mandiant. Unlike Marshall, Steve had spent time in the intelligence community.
Steve Stone
It really forced us to confront a lot of the incorrect intelligence assessments we had about this threat group. We were just wrong in many, many ways and, and tackling all of that in the middle of a really intense intrusion. That's just a lot.
Nicole Perlroth
It was pure coincidence that Steve was in la that Thanksgiving at the terminal at lax, he gets a call from a senior exec at Sony.
Steve Stone
I knew this person, this person knew me. We had both worked in the government together and their question was, no joke, is this North Korea? The main point I was conveying was this is North Korea we are confident in, and here's why. We've seen different pieces before. We're not taking someone's word, we're not reading a report. We're looking at the forensics. We're looking at the data that we have collected and stored and curated from other intrusions. And we're focused on the organic data the incident responders are pulling out of Sony directly.
Nicole Perlroth
What made this call particularly frustrating was the fact that Mandiant wasn't the only firm to come on site. Sony had also called in consultants from the Big Four who didn't have the same forensic depth as Mandiant and these other consultants. They told Sony's execs the attack had to be the work of a disgruntled insider.
Steve Stone
There were, let's call them, competing hypotheses, to be generous. The other organizations that are arguing a different outcome, they just don't have access to the data. So whatever they're saying, they do not have the core strength that we do, which is we are looking at the ones and zeros. If you're not looking at that, I don't know why anybody would have an opinion on what happened because they actually have no idea.
Marshall Heilmann
I think at the end of the day that was their opinion. They couldn't fathom that this was actually North Korea.
Nicole Perlroth
Steve and Marshall both said they rolled their eyes, did one of these, okay, whatever you say, took their computers and basically switched war rooms. Talk to me about what that was like for you. Just on a human level, it's frustrating
Marshall Heilmann
when you look at something and you believe that you have unequivocal proof that a thing is what you say it is. In this particular case, it was North Korea. And you have all these other people who don't have access to the same data. They're not part of the investigation. They're just talking on the sides, if you will. It becomes very frustrating because you spend almost as much time defending your work as you do actually doing the work.
Nicole Perlroth
Far beyond Sony's war room, officials in Washington had also reached the same conclusion.
John Carlin
And so for years, we war gamed in this space. What will it look like if a rogue nuclear armed nation decides to attack the United States through cyber means?
Nicole Perlroth
Here's John Carlin. He ran point on national security matters at the Justice Department at the time.
John Carlin
And we did a lot of different scenarios. We did electrical grid and water grid and attacks against missile systems and our overall ability to communicate so telecom, we all got it wrong, right? And no one anticipated that the first time that that would happen would be over a movie about pot smoking journalists with Seth Rogen in it. The thing that sticks to me is not a forensic point or an it point. It was really getting a sense of the fear that employees had, you know, to work that day. You have a skull and crossbone of a foreign power that's nuclear armed.
Nicole Perlroth
It was John Carlin's job to brief the President, the FBI director, and the Attorney General.
John Carlin
We had these morning threat briefings with the Attorney General, the director of the FBI inside the SIAC or secure space at FBI headquarters. And the threats of the day could include war, terrorism threats, most significant cyber threats, criminal threats. And we had a morning where we were learning about an attack against Sony that had to do with a movie about a bunch of pot smoking journalists. Called the interview not the normal fodder for that morning briefing. And the director of the FBI at the time brought an agent who had a clip of the interview which they showed us in the psyoc where you normally are seeing infrared satellite photographs would be the type of thing that you're seeing in that morning briefing. Instead, we see a movie clip about this movie that had agitated the head of North Korea. There was notable disbelief in the room that we were seeing that preview. Even wackier is the only time my career I've had to briefly the President of the United States in the situation room around national security incidents. And it's the only time that I had to start the briefing here to the assembled national security secretaries with a plot synopsis.
Rob Joyce
So inside the intelligence community, we had a bead on what was going on.
Nicole Perlroth
We understood that was Rob Joyce, who was running NSA's hacking division, Tao at the time. And while he has to be circumspect on the classified intelligence they had definitively pointing to the dprk, he confirmed that the initial public assessments were right on target.
Rob Joyce
After the Sony attack, even the cybersecurity community focused in on North Korea. They got it right. If you watched the kind of the Twitter community that I follow, everybody was talking about the fact that Sony was a North Korean job. It was really funny, though. After the White House came out with attribution and the FBI named them, then all the conspiracy theories popped out and people had all sorts of reasons why it wasn't the North Koreans, which really just surprised me because the wisdom of crowds was already there. And the fact that the government said it pulled everybody into a whole different region.
Nicole Perlroth
From the moment the White House and FBI formally came out and pinned this on North Korea, the backlash began. Here's Andrew Scott, who spent years tracking North Korea both inside the CIA and for the National Security Council. It was actually Andrew who wrote the FBI's attribution statement.
Andrew Scott
As you might imagine, there was not an insignificant amount of debate about doing that for all kinds of reasons. Are we going to create more risk to Sony? The threats that were being made around physical violence to moviegoers? If we do this, is there going to be corresponding risk to the American population? There are a whole lot of debates for understandable reasons. But the reality is that we really wouldn't hold back in almost any other domain in calling out a nation state for malicious activity against the American population. We shouldn't do that here. Now, if there's questions of uncertainty about attribution or anything, look, that's a different conversation. But if you've got it dead to rights and you know it, come out and say it. As you can imagine, lots of agencies have lots of opinions on what should be said. We were getting input from the intelligence community where we're getting language from the State Department, we were getting language from DOJ and the FBI to sort of aggregate into one cohesive document that ultimately the FBI would issue. And your job is to kind of try and pull them all together in a cohesive narrative. And I'm sitting there like bleary eyed, haven't gotten enough sleep, typing it out. And there was this moment where it was like, I'm done and I'm sending this.
Narrator
We have got some breaking news out of Washington. The FBI is now officially accusing North Korea of being behind the Sony hack attack.
Dan Sterling
The FBI statement was definitive. The North Korean government is responsible for
Nicole Perlroth
the cyber attack on Sony.
Unidentified news reporter
The FBI announced today that, and we can confirm that North Korea engaged in this attack. I think it says something interesting about North Korea that they decided to have the state mount an all out assault on a movie studio because of a satirical movement.
Nicole Perlroth
If you thought the FBI and the President of the United States coming on national television to pin this on North Korea would quell the conspiracy theories, you'd be wrong. For reasons that probably deserve their own podcast. Iraq, WMDs, Snowden, collapsing institutional trust. Many people simply refuse to take the government's word on this one. And it wasn't just Internet conspiracy theorists. Here's John Holtquist again.
John Holtquist
It was unprecedented for the FBI to go out and say here's all the reasons why, like the solid reasons why we can connect this stuff, right? But there was a startup at the time that had this entirely counter theory on what was going On. They were on the news. And you can imagine from those of us who did this for a living, it was infuriating to see that alternate reality being put up on a pedestal and broadcast out to the world.
Nicole Perlroth
It became a debate on every major news station, even PBS NewsHour. Mark Rogers, what's your problem with that?
Mark Rogers
I think the biggest problem with this is a lot of this information is based on evidence that isn't accessible to a lot of folks. There are hints, however, that there may be things like signals intelligence and other information they can't disclose for national security purposes. Unfortunately, without being able to access that information, there's no way for other security experts to really validate the forensic trail
Dan Sterling
of the Sony hack. It's mysterious, difficult to follow. Experts have lingering doubts about North Korea's ability to carry out such a sophisticated attack.
Andrew Scott
It's beyond the skill level that we've been able to observe. Maddening. I mean, maddening seeing and hearing people on the news, being interviewed, or reading news articles like, you know, the emoji with the guy with his head exploding? That was me.
John Holtquist
Hell, I remember there was reports that Seth Rogen didn't even believe that they had done it because he talked to some IT guy and his IT guy said it was. Wasn't possible or something like that.
Nicole Perlroth
As all of this debate spiraled outward, the finger pointing, the conspiracy theories, the obsession with Sony's leaked emails, something important was getting lost. The focus had shifted off the attackers and onto the victims.
Michael Linton
Hi, I'm Michael Linton. I'm the former chief executive of Sony Entertainment. Everybody was so caught up at the time in the salaciousness of the emails and in this conspiracy theory that actually this was not happening as the result of a North Korean hack, but rather that there was a disgruntled employee that might have done it, that nobody actually chose to look at.
Nicole Perlroth
The bigger issue in this case, hackers weren't content just trying to stop the interview from coming out. They were trying to bleed Sony executives dry.
Michael Linton
It was very complicated to try and talk to the employees at Sony who understandably had not really signed up for something like this. You know, the majority of people there were there to make commercial television and film. They were not trying to stand up for putting movies out that foreign hostile powers didn't want to have out. And so to encourage people to continue to come to work and. And continue to participate was really complicated. It was complicated and unpleasant to see the way that the media treated my partner, Amy Pascal. It was unpleasant and complicated to see how my Personal emails were put out all over the place.
Nicole Perlroth
Amy Pascal, who co chaired Sony Pictures with Michael Linton at the time, took the brunt of the leaks. They included her candid assessments of everyone from a list actors like Leonardo DiCaprio to racially insensitive jokes about President Obama's imagined film preferences. All of which was covered ad nauseam in the tabloid media and even my own paper, the New York Times. Here's Kevin Mandia.
Kevin Mandia
I think no one deserves to have their email hacked and leaked. I don't care who they are. Going through something like that is just a massively and grossly unfair thing. And in 2014, it was way more common to co mingle your private and public data together than other industries that are regulated. And so I just think to see that happen to people, and by the way, I've lived through it myself as a victim of knowing some emails are compromised. You don't know the fallout. And what's amazing to me in a negative way is how fast the press can go through 50,000 emails and find the one that will hang you, you know, the one that'll crucify you, the one that'll take your career and change it. That is a horrible thing to witness. And to me, I think adversaries take advantage of that.
Nicole Perlroth
Lost in the back and forth over the emails was the fact that the hackers were escalating, threatening to launch terror attacks against any movie theater that showed the film. Here's John Carlin again.
John Carlin
The other part that I think gets forgotten here is that they also were threatening to bomb movie theaters that distributed the film at a time when we were seeing terrorist attacks and we were still living at a time closer to September 11th, and we were seeing this burst of another type of terrorist attack. So people took that threat very seriously. And I think that added to that climate of initial fear.
Nicole Perlroth
Get this now. The Sony hackers threatening violence in America. The new hackers are now threatening to do more damage. They call this latest online warning just the beginning of a Christmas gift, saying, quote, whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. Dan Sterling, the interview screenwriter, said the threat of violence was palpable.
Dan Sterling
What I remember is that at a certain point, they attached bodyguards to Seth and Evan and to Diana and to Randall. These are the main actors. They had three bodyguards a piece, a bodyguard for themselves, their spouses, and then one for just outside their homes. And I thought, shouldn't I have a bodyguard? And so I asked my lawyer if he could look into this. So Sony Set him up with some Israeli lawyer. And I only say Israeli because I'm going to do the accent so badly. I said, hi. I was just wondering, should I not have a bodyguard in this situation? He goes, oh, no, no, no. You are the writer. Nobody cares about you. I said, oh, okay. Well, that's good. He said, yeah, yeah, yeah. You're the right. You're the intellectual. Nobody cares about the intellectual. It's like you're a nothing to them. I'm like, okay, I get it, I get it. He's like, you're dead to them. I said, okay.
Nicole Perlroth
The Interview held its world premiere in LA on December 11, 2014. But it was not your normal screening.
Dan Sterling
Yeah, the premiere was weird. I took as one of my guests, Sarah Silverman, and she was saying, I don't know what to do. You know, my manager saying, don't go. They could blow you up. You could get hurt there. And I was saying, I totally understand. You don't have to come. But she came. It was a real downbeat kind of situation.
Nicole Perlroth
Hackers kept upping the ante with threats against the theaters. Michael Linton assumed the theaters would stay strong. He'd come to Sony from publishing at Penguin and seen the fallout after the imprint published Salman Rushdie's Satanic Verses. Iran issued a fatwa on Rushdie, essentially a death order. And Linton had seen how the entire publishing industry rallied to Penguin's defense. He assumed Hollywood would do the same for Sony. Not so.
Michael Linton
In truth, Sony was not the canary in the coal mine. Penguin was. Because when Penguin first published that book, the Satanic Verses, Peter Mayer was in charge of the company. And nobody had any experience up until that moment with what an authoritarian regime could do when they were threatening violence. And at the time, Penguin stood by the book, continued to publish the book, kept it in bookstores. The aftermath or the result of the threat was much more serious than what we experienced at Sony, because three people died. But the biggest difference was the way that the publishing industry responded as compared to the way that the movie industry responded. The publishing industry was almost, in fact, completely supportive of what Penguin was trying to do. All the various book publishers came out in support of the company. The booksellers came out in support Port of the Company. The major chains at the time, B. Dalton and Walden, continued to stock the book despite the risk to their security. There were major ads put out in the New York Times by the industry in support of. Of the issue. And quite the opposite was the case with Sony. There wasn't a single reach out with one possible exception, by any of the studios, to be supportive. And at the very end, and when the North Koreans actually threatened the theaters themselves, they said they weren't going to carry the picture. So it was really a study, in contrast, in terms of how one creative community or media community behaved as compared to the other.
Nicole Perlroth
Imagine if, in the middle of Iran's fatwa against Salman Rushdie, the conversation had shifted from the the threat to whether Iran was really behind it. If pundits spent days on CNN and PBS asking, but is this actually Iran? That's essentially what happened after Sony, a foreign dictatorship, had just carried out a destructive act of censorship against an American movie studio. But instead of focusing on that extraordinary fact, the conversation was consumed by whether North Korea was even capable of it. That reflex to question the attribution staring us right in the face, to dismiss North Korea as incapable or too unsophisticated would become the pattern. And our adversaries learned that they didn't have to hide completely. They just had to sow enough doubt to hijack the conversation. But what haunts me still is the censorship worked. Ask yourself, when was the last time you saw a major Hollywood film about Kim Jong Un? You haven't.
Michael Linton
You think that when you're standing up for free speech, you're always going to be standing up for something like the Pentagon Papers. You don't imagine in the back of your mind that you're going to be standing up for a Seth Rogen comedy. And the truth of the matter is you don't get to choose what you're standing up for. And it actually doesn't matter ultimately, whether it's the Pentagon Papers or it's Seth Rogen's comedy, both have equal merit when it comes to the point of censorship.
Nicole Perlroth
Sony wanted to stand up for this film, to stand up to censorship, but the theaters ultimately held the final say. The interview had been slated for Christmas Day, but after major theater chains buckled under the threats, Sony pulled the film from wide theatrical release altogether. President Obama called the decision a mistake. But within days, Sony announced it had found a new venue. It would release the interview through online platforms like YouTube and select independent theaters. The theaters that showed the film got courtesy FBI sweeps. Some handed out American flags. Moviegoers in Georgia spontaneously broke into God Bless America.
Kevin Mandia
And for this crowd in Atlanta, the extreme experience is nothing short of patriotic.
Unidentified crowd reporter
Thousands of people spent their Christmas Day taking in the movie. That sparked an international incident with North Korea. Earlier this week, Sony Pictures reversed course and decided to release the interview to about 300 theaters. Despite earlier threats to theaters that decided to show the film, tickets sold quickly, and many saw it as their patriotic duty to see it.
Nicole Perlroth
But at the end of the day, when you look back 12 years later, North Korea achieved most of its objectives.
Steve Stone
I think what bothered me the most was it worked like when. When the day was done. This accomplished every single goal North Korea had. I think if you could line up all the North Koreans that were involved, they would tell you it was a universal success, 100% success. I think our own assessments say that that bothered me. I've learned a lot since that event, and I remember in many ways, my worldview was very naive. The good guys win, the bad guys don't. Bad guys won. Like, they definitively won. And that really bothered me. We hadn't really seen the name and shame like that before. We really hadn't seen the we're going to make this as painful as possible kind of element before. Now we see it every day.
Nicole Perlroth
That was Steve Stone, and he's right. The operation was so effective that less than two years later, Russia would adopt the same playbook. Here's Rob Joyce, who watched this unfold in real time at the nsa.
Rob Joyce
The strategic moment was the Sony breach, where it wasn't just a breach. It was reaching into an American company and kind of bleeding them in public. Before 2014, Russia absolutely hacked networks. But leaking stolen data to shape the public narrative was not a central repeatable doctrine for them. Russia was doing classic espionage. They steal quietly, stay hidden. Leaks happen occasionally through intermediaries or journalists, but not timed as influence operations. The Russian model was still steal for intelligence, not steal to publish. Sony, I think, gave them a template. In 2014,
Nicole Perlroth
maybe North Korea didn't fully understand what they'd unleashed or how many Americans would run with it, but others did. Russia watched how stolen emails amplified by headlines, influencers, and algorithms can take on a life of their own. And soon, hack and leak operations became the norm.
Dan Sterling
Tonight, as the FBI investigates, cybersecurity experts are blaming the hack attack on the intelligence agencies of Russian President Vladimir Putin, a former KGB colonel himself. The hackers went undetected for more than a year. There's a lot they stole that has yet to be made public.
Nicole Perlroth
When we first heard that Russia had hacked the DNC in 2016, it looked like classic espionage. Political campaigns are always prime targets in election years. Nation states want insight into policy strategy, anything that might help them prepare for the administration that could soon take power. And at first, the Democratic National Committee hack seemed no different. But then came the online Persona Guccifer 2.0. And the leaks, not all at once. Drip by drip, for maximum political damage. Online, the mundane became scandalous. Stolen emails, opposition research, private speeches, even John Podesta's tips for risotto were weaponized online. And suddenly America was living through its own version of Sony.
Dan Sterling
Posing as Guccifer 2.0, the Russians offered up stolen documents to to Julian Assange's WikiLeaks and self proclaimed dirty trickster Roger Stone.
Nicole Perlroth
Donald Trump tonight seizing on a controversy brewing for Democrats after thousands of leaked emails showed Democratic party officials possibly plotting against Bernie Sanders in his race against Hillary Clinton. WikiLeaks releasing nearly 20,000 internal DNC emails. Pizzagate, an Internet rumor alleging a Clinton campaign child sex ring. Online, even innocent references to pizza were twisted into deranged conspiracy theories about child trafficking rings. Lies with no basis in reality. The Pizzagate conspiracy began with the Clinton WikiLeaks and an email stolen from campaign chief John Podesta. The conspiracy theory quickly spread to Reddit and YouTube, feeding fake online news stories, then jumping to Facebook and Twitter. And before long, those fantasies spilled into the real world as physical threats and violence of their own. At a pizza restaurant, a gunman with an assault rifle targeting a Washington D.C. spot. According to police, he had read online that the Comet ping pong restaurant was harboring child sex slaves and that he wanted to see for himself. Himself if they were there.
John Carlin
The suspect said he was armed to help rescue them.
Nicole Perlroth
As for the adversary, Russia, once again, Americans tied themselves in knots over the attribution. Was it really the Kremlin or was this some lone wolf?
Anonymous skeptic
I don't think anybody knows it was Russia that broke into the dnc. She's saying Russia, Russia, Russia, but I don't. Maybe it was. I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds.
Nicole Perlroth
Okay, what do you think of the Dems trying to push the blame on Russia? Is there proof of that?
Michael Linton
No. And in fact, this has been proven false. Even the New York Times said that it was ridiculous.
Nicole Perlroth
Even as cybersecurity firms, intelligence agencies, and independent researchers converged around the same conclusion that Russia was behind this, the public debate drifted somewhere else entirely. The operation had done exactly what it was designed to do. Not just steal information, but fracture consensus itself. As Americans turned their attention to the 2016 election and everything that followed, Sony became something of a distant memory. Maybe we assumed it'd been contained that North Korea had Gotten the message, heeded our warning. After that attack, Obama had publicly promised the US Would respond in kind.
Unidentified news reporter
We will respond. We will respond proportionally, and we'll respond in a place and time and manner that we choose.
Nicole Perlroth
And then days later, something very strange happened. North Korea went dark.
Michael Linton
Staying with North Korea, the nation's Internet connection went dark for 9 hours and 31 minutes yesterday and again briefly today.
Narrator
And North Korean websites are back online this morning after a temporary shutdown. It's not clear who or what caused the widespread outages. Experts say it's one of the worst network failures in years.
Nicole Perlroth
For a country of 25 million people, North Korea's Internet connection is astonishingly small. But from the outside, the timing of it, well, it looked like the US was sending a message.
Narrator
Well, it's not known who's responsible, but the timing of the incident is interesting. It comes just weeks after a cyber attack on Sony Pictures, which made like
Nicole Perlroth
a movie script for sure. North Korea's Internet outage was the country and its widespread Internet failure. A US Attack in response to the Sony picture hacking. Nobody ever officially claimed responsibility. The White House stayed conspicuously quiet. Those I asked never offered any confirmation. Some told me it was totally unrelated, but it was a nice theory. The bad guys getting their comeuppance, even for a brief moment. And when we didn't hear from North Korea for a year, year, we sort of assumed that maybe they'd learned their lesson. But in reality, North Korea wasn't done. Their Hollywood test run had gone well, and now it was time to set their sights on something bigger. Money. US Law enforcement is now working with Bangladeshi authorities to probe one of the biggest transnational cyber theft cases in the world.
Dan Sterling
It was like in a movie where
Nicole Perlroth
you have a bank vault heist, except
Dan Sterling
there's no mask, there's no hacking into
Nicole Perlroth
the camera, there's no getaway cars, there's just guys at keyboards.
Dan Sterling
And it's just amazing for a nation
Steve Stone
state to do this.
Nicole Perlroth
This was unheard of. That's next on To Catch A Th. Follow To Catch a Thief to make sure you don't miss the next episode and if you like what you hear, rate and review the show. To Catch a Thief is co produced by me, Nicole Prilaroth and Rubric in partnership with POD People with special thanks to Julia Lee.
Episode 4: The Sony Playbook
Host: Nicole Perlroth
Date: June 30, 2026
Episode 4, "The Sony Playbook," examines the notorious 2014 cyberattack on Sony Pictures by North Korea and its profound, long-term impact on geopolitics, media, and hacking tactics globally. Host Nicole Perlroth, joined by insiders and experts, unpacks how the Sony hack became a strategic playbook adopted by adversaries like Russia, cemented new norms around information warfare, and had chilling effects on free expression and industry resilience.
On Underestimating North Korea:
"The US Intelligence community constantly underestimates what the North Koreans are capable of doing, given all the constraints that they have... Never underestimate North Korea." – Jenny Town, 03:37
On the Weaponization of Leaks:
"No one deserves to have their email hacked and leaked... It is a horrible thing to witness. And to me, I think adversaries take advantage of that." – Kevin Mandia, 27:12
On the Chilling Effect of Censorship:
"You don’t get to choose what you’re standing up for... It actually doesn’t matter whether it’s the Pentagon Papers or it’s Seth Rogen’s comedy. Both have equal merit when it comes to the point of censorship." – Michael Linton, 34:12
On the Lasting Impact:
"When the day was done, this accomplished every single goal North Korea had... The bad guys won." – Steve Stone, 36:03
On the Shift to Influence Operations:
"Sony, I think, gave them a template... leaking stolen data to shape the public narrative was not a central repeatable doctrine [for Russia] before." – Rob Joyce, 37:07
For more context, follow “To Catch a Thief” for further exploration of the evolution of state-sponsored cyber threats and their societal impacts.