The now infamous “Sony hack” alleged to be carried out by hackers associated with the North Korean government in response to the then-pending theatrical release of “The Interview” is perhaps a water-shed event for cyber-warfare.

The two nation-states involved had clear objectives that they felt were under attack by the other:  North Korea sought to preserve its information dominance internally and likely felt the need to re-establish respect for itself externally, which they might have seen undermined by the synopsis of the movie. The United States, on the other hand, saw the opportunity to demonstrate its willingness to respond to cyber-attacks, which often occur without a cyber-response by the government.

However, some pundits have dismissed this attack as “just average,” of “little consequence” and “not really cyber-warfare.” For instance, the data loss through a “wiper” malware was previously seen in the 2012 Saudi Aramco attack. Obtaining and exposing a company’s internal communication has been repeatedly demonstrated by hacker groups such as Anonymous.  Many also question the graveness of the hack’s impact compared to attempted breaches against SCADA which could lead to power-outages, contaminated water, etc.  However, we believe that this attack is nonetheless significant in quite a number of ways: the use of the Internet to shape and impact international relations, the swift attribution of the attack, the precedent of a politically formulated response to cyber-attacks within the U.S., and the involved threat of violent physical attacks.

The actors involved – namely the U.S. and North Korea – were both more brazen in their actions and responses than in the past.  While technically there is really little new about the attack, geopolitically, it is highly significant.  The two governments wanted to make it clear that they were willing to take up the means of cyber-space to support their objectives.

North Korea

For many months the North Koreans objected to the making of “The Interview”, the plot of which pursues the assassination of the North Korean leader by two journalists, who are hired on by the CIA. When the elder head of government died, the makers of the film “updated” the script to accommodate Kim Jong-un, the new leader of North Korea. To the North Korean people, the Suryong (supreme leader) is not merely a political leader, but takes on mythical proportions. According to one source, Kim Il-sung (the first in the patriarchal line of the leader family) is widely held to have created the world and is viewed as God, while his son, the late Kim Jong-il, controlled the weather. The supreme leader is ubiquitous, but his person is highly sterilized and beyond and above a biological human being. The activities Kim Il-sung engaged in became the only content of North Korean cultural heritage. In response to the release of the Seth Rogen-comedy Kim Jong-un threatened “merciless action” referring to it as an “act of war”.

Authoritarian regimes such as North Korea carefully seek to control the information within the country and are extremely sensitive to any perceived threat to their near total information dominance within the country. For instance, although equipped with some of the newest technology, the government goes to great lengths restricting access to the Internet to the North Korea’s population. Likewise, the North Korean government is also keenly aware of governments, such as the United States, and activist groups who seek to erode this control.

From their point of view, “The Interview” is not a movie, but an informational weapon.  Are they paranoid in thinking this way?  State media upholds the cult of Kim – the reverence of the Kim-family; though after the death of Kim Jong-un there were reports of North Koreans growing weary of the propaganda. During the 1970s and ‘80s western governments distributed mini-copies of The Gulag Archipelago throughout Eastern Europe to provide readers with an alternative narrative to those of the Communist regime – thus causing information fissures that eventually aided the fall of those governments.  Further, recent news reports describe individuals smuggling movie posters of The Interview and even plans to launch a balloon featuring the movie into North Korean territory seem to show that such a fear had merit. After all, the movie concludes in the character of a North Korean propagandist, Sook: “Killing Kim won’t change anything […] the people need to be shown that he is not a God, but a man”.

Kim Jong-un’s statements following the hack on Sony praised the hackers (known as the “Guardians of Peace” or GoP) as “fighters for justice,” branding their activities a “just struggle,” and warning that the hackers were “sharpening their bayonets” for further action.

This is hardly the language of a world leader attempting to distance himself from the attack. Though he falls short of claiming his government’s involvement or even association with the hackers, he clearly presents them as a facility supporting the aims of his regime. In making such statements, he appears to be only paying lip-service to plausible deniability and brandishing this cyber-attack.

In our book, Introduction to Cyber-Warfare, we look at cyber-warfare as an extension of state policy in response to a real or perceived threat – in his statements, Kim Jong-un makes it clear that “The Interview” takes on the form of a perceived threat and that the GOP is implementing his policy.

The following excerpt from Chapter 6 of Introduction to Cyber-Warfare highlights Cyber Attacks and Public Embarrassment:

Download (PDF, Unknown)

The United States

The U.S. government responded by providing a surprisingly swift and confident declaration attributing the Sony hack to North Korea – an unprecedented move gaining the ire of many in the computer security community.  The supposed response in cyber-space was also rapid, noticeable and generally attributed to the U.S.: the subsequent unprecedented North Korean Internet outage, which kept the entire country offline for nine and a half hours. Along with the targeted sanctions, this likely sent a direct message to the North Korean elite who are the country’s primary users of the Internet.

The security community’s complaints of the U.S. Government’s swift attribution stem from counter-analysis and the perception that attribution normally results from a time-consuming investigation.  However, through a combination of officially released and leaked statements, it appears that through a NSA program, the U.S. was already following the actions of the hacking group before the incident occurred – making it easy to connect the dots in the aftermath of the attack.

In our book, we base good attribution decisions upon two key principles: the strength of the intelligence and the likelihood of a deception hypothesis.  In light of the recent revelations, it would appear that the evidence was solid and Kim Jong-un’s statements indicate that deception was unlikely. After all he was quick to laude the attack and to empathize with its presumed motivation. All the more, his feeble call for joint investigation of the attacks has left many doubting his sincerity.

Some may ask about the connection between the hackers and the North Korean government, but the Korean leaders own statements and inaction against them make this detail of little difference. Further, if the latest news – suspected to be leaked by the Obama administration – is accurate, the U.S. government had an excellent intelligence stream on this group – if there was evidence of support by Pyongyang on those systems the Americans would likely have grounds to claim such a connection.

But why would the U.S. government invest political capital in making such statements and conducting more overt activities in the cyber-domain? 

First, any cyber-weapon used on the GoP was inherently fleeting to begin with – the hacking group and associated government sponsors likely took steps to purge systems of any potential malware immediately following the attribution statement. Hence, the Americans had little to lose by leaking details last week.

Second, since the attacks on American banks by Iranian hackers in 2012, the U.S. government has felt the need to identify a proportional response to acts of cyber-warfare – and in the case of North Korea doing so in a very public manner functions to provide a cyber “show of force” to adversaries – who until lately have believed that corporate entities in the U.S. could be targeted without fear of reprisal from the government.

Terrorism

Perhaps the most disturbing aspect of this attack was the warning that the virtual attack might spill over into a real-world terror attack – threatening crowds of American moviegoers on Christmas. The spread of fear is an essential part of terrorism and in light of theater chains’ decisions to withhold the “The Interview” out of security concerns it can be viewed as successful. This is in stark contrast to prior cyber-attacks that targeted corporate America which were generally restricted to theft or damage to virtual systems.

The cyber-delivered threat of near-term loss of life in the Sony hack created an unacceptable worst-case scenario to the theater chains. Unlike cyber-operations against defense contractors (i.e. Titan Rain or Sykipot) which raise the possibility of violence in the long term, or the current generation of Industrial Control Systems attacks (Stuxnet, Aurora, and the recent steel mill incident in Germany) which have not yet led to massive destruction, the worst case scenario presented to movie theaters – terrorism in the cinema on Christmas – was immediate and catastrophic.

Clearly, this threat of violence was successful in spreading fear, effecting the stop of the film’s release is nothing short of a terror attack without violence – and the preceding cyber-attack and cyber-delivered warning lent credibility to the perpetrators. This is a novelty in cyber-warfare – so far. Was the American response swift and strong enough to discourage this type of activity in the future?  We expect the answer should become apparent as the year progresses.

Read more from Paulo on SciTech Connect:

• The Syrian Electronic Army and the Attack of Civilian Systems
• The Dragon and the Computer: Chinese Cyber-Warfare

Save Up to 40% on Syngress & Cybersecurity Resources on Amazon through August 15^th

About the Author

Paulo Shakarian, Ph.D. is an Assistant Professor at Arizona State University’s School of Computing, Informatics, and Decision Support Engineering where he directs the Cyber-Socio Intelligent System (CySIS) Laboratory – specializing in cyber-security, social network analysis, and artificial intelligence.  He has written numerous articles in scientific journals and has authored several books, including Elsevier’s Introduction to Cyber-Warfare: A Multidisciplinary Approach. 

His work has been featured in the major news media such as The Economist, Popular Science, WIRED, and MIT Technology Review.  He is a recipient of a 2015 U.S. Air Force Young Investigator award, and was a DARPA Service Chief’s Fellow in 2007.  Previously, Paulo was an Assistant Professor at West Point and served as an Army officer, where he served two combat tours in Iraq and earned a Bronze Star.  Paulo holds a Ph.D. and M.S. in computer science from the University of Maryland, College Park, a B.S. in computer science from West Point, and a Depth of Study in Information Assurance also from West Point.  Learn more about Paulo, at his website.