02:11 - Source: CNN
Sony's history of being hacked

Story highlights

Sony in Japan has been a popular target of hackers for years

PlayStation network was shut down in April 2011 when hackers stole information of 77M people

Former Sony employees are suing the company for failing to protect their privacy

Analyst says attack reveals lax cyber-security among Sony's ranks

Tokyo CNN —  

As Sony Pictures struggles to recover from one blow after another related to the devastating cyber attack, one may overlook the fact that its parent company in Japan has been a popular target of hackers for years.

Three years ago, in April 2011, Sony’s PlayStation network was shut down for nearly a month when hackers stole the personal information of an estimated 77 million people.

That same year, in June, hackers released 150,000 Sony Pictures records including usernames and passwords and claimed to have compromised the private information of more than one million people.

In October 2012, hacker group “The Three Musketeers” released a security key that allowed PS3 users to run pirated games.

Despite those incidents, a group with suspected ties to North Korea calling itself “Guardians of Peace” was able to infiltrate Sony’s computer system, steal an incredible amount of data, and use it to launch the most vicious cyber-attack in history on an American corporation.

Former Sony employees are suing the company for failing to protect their privacy. Many are asking what lessons – if any – Sony learned from those previous hacks.

Asia Strategist Keith Henry says Sony was taken by complete surprise last month when the cyber-terrorists successfully stole massive amounts of data and used it to devastate the company.

“They can inflict damage. Immense amount of damage to corporate America,” Henry says.

They posted personal information like addresses and social security numbers, private emails that contained embarrassing revelations about top executives and Hollywood stars, insider information about the studio’s tactics, and they even posted five Sony movies on file-sharing websites.

Tokyo-based cyber security firm LAC is the only line of defense for about 850 clients. It has a confidential list of private companies and government agencies.

“The hackers are always getting more advanced,” says LAC Chief Technology Officer Itsuro Nishimoto.

And they are sometimes too far ahead of those trying to keep up. Nishimoto says a devastating hack like the one on Sony Pictures can penetrate even the best cyber-defense. He says the Sony network may be more vulnerable because of the large amount of users with varying degrees of access.

Sony appears to be trying to avoid further provoking North Korea, the prime hacking suspect, telling CNN simply “the investigation is ongoing.”

The Japanese government is also distancing itself. A spokesperson for the Ministry of Foreign Affairs tells CNN the hack is a “United States issue.”

Henry says the world is coming to terms with the new reality of cyber-terrorism.

“One of the reasons nobody is willing to make a statement is because they don’t know what to say,” Henry says.

Jeff Kingston, a professor of Asian Studies at Temple University in Tokyo says the attack reveals lax cyber-security among Sony’s ranks. But he suspects it is a more widespread problem in Japan.

“I think this is a wake-up call for Japan that this is a problem. This is a huge vulnerability. And they’re not really managing this risk very well or very aggressively,” Kingston said. “It does suggest a certain level of corporate complacency.”

Defector: North Korea has vast hacker network

5 lessons from the Sony hack