US investigators reportedly believe hackers working for North Korea are responsible for a debilitating cyberattack against Sony Pictures which has damaged the studio’s computer systems and resulted in it pulling one of its Christmas-day releases.
If North Korea really is involved, it may leave the US in the position of having to formulate some kind of a response to the breach.
America’s leverage is minimal, as
Dave Aitel, a former NSA research scientist and CEO of the cybersecurity firm Immunity, explained to Business Insider earlier this week.
Many offensive options are problematic given “the technical complexities involved, legislative challenges, or the international escalation they will generate,” Aitel said.
But the US could also respond by shifting its legal and diplomatic framework for how it approaches cyber-attacks.
One proactive move the US should consider, according to Aitel, is “declaring certain cyberattacks terrorist acts and the groups behind them terrorists,” which would “set in motion a wider range of legal authority, US government/military resources, and international options.”
The new legal framework “would also make it harder for hacker networks to operate in key international areas, as it would require a greater level of cooperation from US allies, EU members, NATO, G20, etc.,” in addition to making it easier “for the US government to target the funding of not only the hacker networks, but any companies or organisations that aid them, even in incidentally or unknowingly.”
Since 9/11, the US has officially considered acts of terrorism to be acts of war. Aitel’s suggestion is to update this understanding so that it includes what would be “cyberterrorists” committing cyber acts of war, like the one that hit Sony.
“Frankly, we need to start talking about what role and responsibility the US government should have in securing US companies from cyberattacks,” Aitel said.
More immediately, the US has some limited diplomatic options in response to the hack once North Korean culpability is established.
It could quietly pressure friendly regional governments to crack down on pro-Pyongyang organisations involved in funelling foreign currency and intelligence to the North Korean government, such as Chongryon, the regime’s unofficial adjunct in Japan.
It could also dial back or completely freeze trade with the country, which was worth $US21.9 million in 2014 — a relatively small amount, but a dramatic increase over the $US6.6 million in trade from the year before. And the US could freeze any ongoing discussion of restoring large-scale food aid to the north, something that was halted in 2008.
An Act Of War?
Even with these rew reports of North Korean responsibility, the attack wasn’t an act of war according to established guidelines of cyberwarfare.
NATO’s Tallinn Manual defines an act of cyberwar that permits a military response as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.”
But the world after the Sony Pictures hack may require a new perspective, especially if North Korea is more conclusively identified as the culprit.
Aitel argues that while the attack “doesn’t meet the threshold for a response by our military,” it should still be viewed as an act of war.
“We need to change the way we think about cyberattacks,” Aitel told Business Insider in an email. “In many cases, these aren’t ‘crimes’ — they’re acts of war. A non-kinetic attack (i.e., destructive malware, destructive computer network attack) that causes just as much damage as a kinetic attack (i.e., a missile or bomb) should be viewed at the same level of urgency and need for US government/military response.”
With the US reportedly close to blaming North Korea, the Sony hack could be a test-case for how the US approaches an entirely new type of cyber-incident — attacks in which state-sponsored hackers deal substantial economic and reputational damage to American companies.
The Sony hack is the second major attack in which hackers targeted American corporate infrastructure on a large scale with the primary goal of destroying it (as opposed to stealing from it or spying on it).
An estimated 11 terabytes of information was taken, revealing information including scripts, unreleased movies, actor compensation, and off-the-cuff conversations among high-level Sony executives.
The attack’s political motives, along with Sony’s public humiliation, raise the specter of an entirely new phenomenon: hacks that combine “national rivalry, hacker ideology, performance art, ritual humiliation and data combustion, culminating in complete corporate chaos,” as John Gapper explained in the Financial Times.
The malware used reportedly bore traces of Korean language packs and resembled software deployed during previous attacks against South Korean targets. This, along with the reports of the US’s reported assignment of blame to Pyongyang, reinforces the idea that North Korea or its supporters hacked Sony as retribution for the release of “The Interview,” the now-canceled film in which James Franco and Seth Rogen play talk-show hosts sent into the country to assassinate Supreme Leader Kim Jong Un.
Business Insider Emails & Alerts
Site highlights each day to your inbox.