When Sony Pictures employees booted up their computers a year ago, scowling skulls and the audio-recorded ratatatat of submachine gun fire announced that their IT systems had been gutted. So unfolded the movie studio’s colossal hacking. (Read Fortune’s epic three-part investigation into that fiasco here, here, and here.)
When the screen lit up inside the seventh floor theater of Sony’s New York headquarters on Wednesday night for an advance viewing of the latest James Bond adventure, the scene revealed a skeleton-scattered landscape—a raucous Día de Muertos fiesta in Mexico City—followed, eventually, by the pewpewpew of an assassin’s semi-automatic rifle. So opened Sony-made Spectre, the twenty-fourth installment of the secret agent series.
Perhaps one would be mistaken to read too much into the coincidental display of bones and bullets in Sony’s digital ransacking and the Bond movie’s prelude. Hackers had leaked a version of the script already containing these elements in the course of their vandalism. So the stagecraft might just be a harmonious accident.
The film does grapple, however, with questions of cybersecurity, data privacy, and government authority. One would not be mistaken then, in reading the story as a serendipitous commentary on very real legislative initiatives under review in the United Kingdom at this very moment. A draft bill wending its way through the parliament, for instance, proposes to grant intelligence agencies and law enforcement officials sweeping surveillance powers within the country. To anyone who sees the film, this may sound familiar.
Rest assured, I will not spoil what happens in the spy’s fictional universe, but I will reiterate the exasperated advice of many a cybersecurity expert: Building backdoors into people’s private communications is a bad practice. Villains will find ways to exploit this access just as much as the supposed good guys can. (Side note: if you’re looking to read more on proposed cybersecurity laws, keep an eye out for the next issue of Fortune magazine, where I plan to have the download on a U.S. cybersecurity bill called CISA that recently passed in the Senate.)
To return to Spectre, the film is exceptionally entertaining, though the plot leaves something to be desired. The story often feels disjointed—leaping from country to country on a dizzying world tour. An attempt on the part of the screenwriters to tie the narrative strings together on the Daniel Craig-acted Bond series resembles a knotty threadbare tangle. But the glamorous aspects of “007” espionage are as enthralling as ever—the car chases, the helicopter fights, the explosions, the seduction, and yes, the martinis.
My review can be summarized thusly: I was shaken, not stirred. (At least in comparison to Skyfall.)
Robert Hackett
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.
THREATS
NSA says it almost always alerts companies about serious vulnerabilities. The U.S. National Security Agency—seeking to counter the accusation that it hoards information about "zero-day," or previously unknown, software flaws—said it notifies tech companies about the issues 90% of the time. The agency, of course, may have already exploited them by then. (Reuters)
Cybersecurity firm FireEye's stock tanks. CEO Dave DeWalt dubiously blamed the company's miss in third quarter billings on a detente between the U.S. and China in cyberspace. FireEye's share price tumbled as much as 23% to $22.46 on Thursday. (Fortune)
Iranians up hacking against U.S. officials. After the arrest of an Iranian-American businessman in Tehran, U.S. government officials say they have seen a spike in hacking activity attributable to the Islamic Revolutionary Guard Corps. The campaign may have to do with the military unit trying to keep foreign business interests out of the country. (Wall Street Journal, Fortune)
Team reportedly wins $1 million for cracking iOS. Zerodium, a cybersecurity startup, said it will pay out this sizable prize to an anonymous team that was apparently able to bust Apple's mobile operating system. Without release of many details though, it could just be a publicity stunt. (Washington Post)
United Kingdom surveillance bill alarms Brits. The draft Investigatory Powers Bill proposes to give British police and intelligence agencies incredibly intrusive insight into the digital lives of UK citizens. In its current form, the draft bill would grant spies warrant-less access to people's "internet connection records," a listing of every website visited. (Guardian)
BlackBerry Priv reviews are out. The handset has "moments of brilliance and moments of frustration," according to Fortune gadget guru Jason Cipriani. If BlackBerry's phone division fails to turn a profit in 2016, CEO John Chen has threatened to shut it down. (Fortune)
Chrome OS lives? Google has adamantly denied reports that it is folding its Chrome operating system into its mobile operating system Android. Computer security experts have lauded Chrome OS, which powers the company's Chromebooks, for its security features. (Fortune)
Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/
Looking for previous Data Sheets? Click here.
ACCESS GRANTED
Fortune assistant managing editor Adam Lashinsky explains the key to corporate cyber safety.
"The biggest threat to cybersecurity in corporate IT departments isn’t the Chinese government or hackers in Eastern Europe, says the head of one of Silicon Valley’s hottest security-software startups. It is pathetic basic hygiene." Read the rest on Fortune.com.
TREATS
Meet Mr. Null. The invisible man. (Wired)
Internet addicts. Have a questionable disorder. (Atlantic)
Hackers in Hollywood? Let's get real. (Fortune)
The KKK. Took my baby away. (Daily Dot, Vice Motherboard)
Burt's Bees. Espionage escapade? (MuckRock)
FORTUNE RECON
Boeing, Lockheed Cry Foul Over Loss of Huge Stealth Bomber Contract by Clay Dillow
This Craft Brewer's 'Transgender' Beer is Causing Controversy by Michal Addady
Activision Blizzard Goes to Hollywood by John Gaudiosi
This Secret of British Women in Tech is Coming to the U.S. by Jaclyn Peiser
Theranos is Looking for a New Lab Director in California by Valentina Zarya
ONE MORE THING
Daniel Craig is the least funny Bond—and other "007" data points. Craig's version of the spy averages just two and a half double entendres per film. (Bloomberg)
EXFIL
“WE DO NOT BREAK USERSPACE! Seriously. How hard is this rule to understand? We particularly don’t break user space with TOTAL CRAP. I’m angry, because your whole email was so _horribly_ wrong, and the patch that broke things was so obviously crap."
Creator of the open source Linux operating system, Linus Torvalds, ranting in a public email exchange about a proposed fix to his code in Dec. 2012. Torvalds is known to be very particular (and occasionally cranky) in his approach to managing the "kernel," a computer program foundational to operating systems. Read more about Linux and its tension between cybersecurity and performance in the Washington Post's latest excellent installment in its "net of insecurity" series. (Washington Post)
