The hack of Sony Pictures Entertainment has escalated into a humiliating public crisis for the company as deeply held secrets — including business practices, pay disparities and ugly personal feuds — continue spilling onto the Internet in ways that experts say could damage the Hollywood studio for years to come.
The architects of the attack have shown little interest in the traditional targets of cyber-intrusions, such as credit cards, choosing instead to use information as a weapon of vengeance for supposed misdeeds by the company. The massive troves of stolen information have found a voracious audience online, where Sony long has been a favorite target because of its aggressive anti-piracy efforts.
The consequences for Sony have been swift and devastating since the attack became public last month, exposing the company to potential lawsuits and backlash from key Hollywood players.
The inside drama revealed this week was the unraveling of a high-profile project at Sony to produce a biopic of the late Apple founder Steve Jobs — the movie was eventually lost to a rival studio. Reams of emails were released showing one of the studio's top executives embroiled in a fight with a powerful movie producer, with the producer at one point calling actress Angelina Jolie a "minimally talented spoiled brat," according to emails published by Gawker.
In one exchange between Amy Pascal, Sony Pictures' co-chairman, and Scott Rudin, the producer who brought the Jobs project to the studio, the two are arguing over Jolie, who wants director David Fincher to direct her movie on Cleopatra, rather than the Jobs biopic. Rudin is adamantly against letting Jolie have her way.
"She's a camp event and a celebrity and that's all and the last thing anybody needs is to make a giant bomb with her that any fool could see coming," writes Rudin.
Beyond the gossip about movie stars and failed projects, Sony now faces real-world financial and business threats. Leaked health information, Social Security numbers and other personal data about employees and actors could invite lawsuits under California's strict laws on data protection. Data on employees' and actors' pay could be used in labor disputes and may ripple across the industry. Just last week the hackers, calling themselves "Guardians of Peace," sent threatening emails to Sony employees.
But perhaps the most damaging will be harm to Sony's reputation. With only a small portion of the documents — some reports put it at more than 100 terabytes — now online, the drip-drip-drip of revelations could continue for months or years.
"There is a ring of fire around the trade secrets of Hollywood, and the value of executives is in their ability to keep confidences and secrets and to maintain a level of distance," said Jeremy Goldman, an entertainment and intellectual property attorney for Frankfurt Kurnit Klein & Selz.
The Sony hack has underscored the vulnerability of corporate computer systems in an increasingly connected world. In an era when even powerful U.S. government agencies have experienced large-scale theft of secrets, private companies often seem overmatched by hackers. The damage to Sony, which did not reply to a request for comment on Wednesday, could spur copycat attacks against other major companies, cybersecurity experts warn.
"I think it's bad times ahead, and for the most part, people are not prepared for it," said Haroon Meer, founder of Thinkst Applied Research, based in South Africa, which warned clients about the risk of similar attacks in a recent report.
Sony long has been something of a favored target of hackers, enduring several significant intrusions. The most serious, in 2011, came after the company sued a prominent hacker for developing a way to breach the security on his Sony PlayStation.
The company has endured a wave of criticism — bordering on ridicule — in recent days for a reportedly lax approach to cybersecurity. In one widely mocked remark, Sony's top information security official told CIO magazine in 2007 that it was "a valid business decision" to accept some cybersecurity risk because preventing an attack could be more expensive than simply enduring it.
"The phrase 'blaming the victim' is not a good one," said Parker Higgins, director of copyright activism for the Electronic Frontier Foundation, a civil liberties group. "But there are people who are willing to do that when the victim is Sony."
Investigators say they believe that the Sony hack probably emanated from North Korea, perhaps in retaliation for the company's role in producing "The Interview," a comedy built around a fictional CIA plot to assassinate that country's leader, Kim Jong Un, say people familiar with the probe. The movie, which North Korean officials have publicly denounced, is due for release on Christmas. Government officials have denied responsibility for the hack.
Investigators have identified seven proxy servers around the world that the hackers used to route their attack, one of which was based at a hotel in Thailand. The others were in Poland, Italy, Cyprus, Bolivia, Singapore and the United States, said a person familiar with the investigation who spoke on the condition of anonymity because the probe remained incomplete.
The FBI, which has been investigating the incident, has not yet publicly fingered a culprit.
"Before we attribute a particular action or a particular actor, we like to sort the evidence in a very careful way to arrive at a level of confidence that we think justifies saying 'Joe did it' or 'Sally did it,' and we're not at that point yet," in the Sony case, FBI Director James Comey said in a roundtable session with reporters Tuesday.
Some movie producers and actors have jumped to Sony's defense. "Lego Movie" producer and writer Philip Lord wrote on Twitter that the hack is "terrorism." He said publishing the massive amount of information obtained by hackers "aids terrorists." Director Judd Apatow also tweeted: "in life we all decide what is right and I think printing private information because evil people leaked it is wrong."
But the vast exposure of the inner workings of Sony has disoriented an industry built on confidentiality and relationships.
Seth Rogen was paid about $2 million more than his co-star James Franco in "The Interview," according to Bloomberg News. Such information can be used by other actors in future negotiations. Sony documents on film expenses also included costs that are normally kept hidden but deducted from the pay of actors and directors.
"It opens the veil for Hollywood lawyers, filmmakers and actors who will now have information they can say they are entitled to," said Jonathan Handel, an entertainment lawyer and professor at the University of Southern California. "This is really important access, because Hollywood studios are always claiming poverty and that they don't make money on their movies, but then they go to Wall Street and say otherwise."
Data on Sony's employee pay revealed a huge gender gap among the highest-paid U.S. employees. According to data on 6,000 employees, 17 U.S. employees are making $1 million or more, and only one is a woman.
The leaked emails by Pascal cast a dark cloud over one of corporate America's most powerful female executives.
The movie career of Pascal, once named one of Fortune Magazine's most powerful women, took off in the late 1980s when she developed "Groundhog Day" and "Awakenings" for Columbia Pictures. She became co-chair of Sony Pictures Entertainment in 2003 and has overseen the development of such box-office hits as "The Amazing Spider-Man" and several James Bond films.
"To see very candid and rather brutally expressed opinions out there in the public is definitely going to hurt relationships," Handel said.