Industry News

Leaked emails reveal that hackers demanded money from Sony Pictures before attack

At 9:44am PST on November 21st, just three days before Sony Pictures’ network was brought down in dramatic fashion by hackers with locked screens and grisly displays of skulls, the company’s top executives received an unsolicited email.


Subject: Notice to Sony Pictures Entertainment Inc.

Message body:

We’ve got great damage by Sony Pictures.

The compensation for it, monetary compensation we want.

Pay the damage, or Sony Pictures will be bombarded as a whole.

You know us very well. We never wait long.

You’d better behave wisely.

From God’sApstls

Details of the attackers’ prior warning to Sony have come to light after thousands of email messages were leaked online, from the mailboxes of hacked executives Steve Mosko, president of Sony Pictures Television, and Sony Pictures Entertainment co-chairman Amy Pascal.

Perhaps predictably, interested observers have been sifting through the stolen communications and leaked files to see what titbits they can find.

And, aside from scripts, box office projections, social security numbers and even Brad Pitt’s phone number, the hackers’ apparent warning to Sony Pictures has been unearthed.

The email, which claimed to come from a Gmail address belonging to someone called “Frank David”, was sent to five of Sony Pictures’ top executives, including CEO Michael Lynton.

What the poorly-worded email doesn’t reveal, of course, is precisely how much money the extortionists wanted Sony Pictures to cough up.

Furthermore, the email contains no apparent reference to the upcoming Seth Rogan comedy “The Interview: which some commentators (but not me) have speculated might have resulted in North Korea backing an operation to hack the Hollywood studio.

So just who might God’sApstls (God’s Apostles?) be?

No-one is sure. But they did warrant a mention in a message embedded within the malware that struck Sony’s hacked computer systems just days later:

“We’ve already warned you, and this is just a beginning.

We continue till our request be met.

We’ve obtained all your internal data including your secrets and top secrets.

If you don’t obey us, we’ll release data shown below to the world.

Determine what will you do till November the 24th, 11:00 PM(GMT).

Post an email address and the following sentence on your twitter and facebook, and we’ll contact the email address.

Thanks a lot to God’sApstls [sic] contributing your great effort to peace of the world.

And even if you just try to seek out who we are, all of your data will be released at once.”

Whether “God’sApstls” are related to Guardians of Peace (aka GOP) who previously claimed responsibility for the attack on Sony Pictures remains unclear.

Hopefully the apparent extortion email from the hackers will be one of the avenues that police will be pursuing in their attempt to determine who is responsible for what is turning into one of the most embarrassing corporate hacks of recent times.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment
  • Well, two days ago North Korea denied it :

    they did however, praise it, which isn’t all that surprising, potentially even if it wasn’t for the film they’re enraged about….

    In addition, while I’m not sure where it is, I seem to recall there was a screen dump of GOP and a twitter post (or something like that…) with a link to them which they are taking suggestions. Not sure where this was, however… very likely the BBC too. So for whatever it may be worth, it seems indeed NK did not do it (I never thought they did, either, and in any case speculating does no good and in many respects does more harm). I would be quite surprised if they did do it and now are denying it and even more so praising it. That seems very out of character (or at least, out of character based on what little is known of the secret state) of them. While it isn’t out of character for them to praise it, I would think it is out of character to deny it when they had done it and at the same time (together) they would praise it (surely they’d want the credit if they did indeed do it). But you’ll never silence those who like to speculate, somewhat like censorship doesn’t always work as planned…

  • What’s interesting is that the federal response is inversely proportional to the magnitude of the breach. It would appear the feral gov is so completely inept as to be asleep at the wheel, still what else could be expected from the dumbest parasites in the universe.

    Sony should be setting up a bitcoin wallet for a bounty offered for the heads of those responsible.
    Since the gov isn’t able to do anything useful ever, the Sony staff should simply put a bounty on the open market and let the heads roll. I figure a ten million bounty would have the hackers mothers turning them in.

  • How on earth is Sony Pictures a national security issue? What’s funny is that if it was North Korea attacking Sony pictures how come NSA didn’t pick up traffic of 10 Terrabytes of information from US to North Korea… Just wait and see, this is one step of trying to attack North Korea by putting more sanctions.