The hack on Sony Pictures Entertainment is one of the most debilitating ever targeted at US corporate servers.
The Nov 24th incident didn’t just result in the theft of proprietary data, including unreleased films and employee information.
It is reportedly the first to use “a highly destructive class of malicious software that is designed to make computer networks unable to operate” into a company’s computer system in the United States, according to Reuters.
North Korea has emerged as a leading suspect in the hack. Pyongyang had already vowed “merciless” retaliation over “The Interview,” a Sony release in which James Franco and Seth Rogan play talk show hosts that the CIA enlists for an assassination plot against North Korean leader Kim Jong-Un. And it has greatly developed its cyber-offensive capabilities over the past decade. An unnamed security source told Reuters that North Korea is currently the “principal suspect.”
If the Hermit Kingdom really is involved, it would make the Sony incident a potential turning point in the history of cyber-warfare.
For the past several years, states have started to compromise the computer systems of rival governments and private companies to further political or strategic aims: think China’s infiltration of computers at the New York Times in response to a series of Pulitzer Prize-winning reports in 2012 on the private wealth of the country’s top leadership, or Russia’s “cyber-invasion” of Estonia in 2007.
But according to Dave Aitel, a former NSA research scientist and CEO of the cyber-security firm Immunity, the severity of the Sony attack, along with its nakedly political motives, would put the incident in its own unique category assuming it was North Korea’s handiwork.
“If it was North Korea, these attacks against Sony would indicate that foreign powers are going beyond the traditional information-stealing attacks to enforcing their own law against American companies via what we would consider cyber terrorism,” Aitel told Business Insider by email. “It would be a watershed moment in how the world handles cyber policy and reaction.”
Aitel says the hacks are potentially “a ‘near red-line moment'” since they represent the kind of incident that would almost require a US policy response assuming a rival state was behind it. As Aitel says, “This is the first demonstration of what the military would call Destructive Computer Network Attack (CNA) against a US Corporation on US soil … a broad escalation in cyberwarfare tactics” that would demand some kind of American response.
It would also signal an increased willingness for North Korea to deploy its developing cyber-offensive capabilities against American targets.
An August 2014 report from Hewitt Packard Security Research explained Pyongyang’s longstanding policy of attempting ot integrate cyber attacks into its doctrine of “asymmetrical warfare” — namely, North Korea’s attempts at closing the defence gap with its more conventionally capable enemies, like South Korea and the United States, in whatever ways it can.
“Cyber warfare allows North Korea to leverage the Internet’s inherent flaws for offensive purposes while maintaining its defenses, primarily via air-gapping its most critical networks from the outside world,” the report explains.
To that end, North Korea established a group of hackers within its military special forces architecture, called Unit 121, that is trained in a hotel in eastern China. Early results were alarming: as early as 2004, North Korea “reportedly gained access to 33 of 80 South Korean military wireless communication networks;” in 2006, “an attack on the US State Department originating in the East Asia-Pacific region coincided with U.S.-North Korea negotiations over the regime’s nuclear missile testing.”
There’s evidence that North Korea was attempting ambitious attacks on private sector entities as well. According to the HP report, in February of 2013, a private security firm called Solutionary recorded 11,000 “touches,” or electronic attempts to steal deal, on “a single financial institution,” all originating from North Korean IP addresses. Solutionary noted that North Korean IPs only attempted 200 touches a month at a time, suggesting this rapid uptick was part of a concerted attack on the institution, which goes unnamed in HP’s report.
North Korea has been developing its hacking capabilities from the safety of a web infrastructure that’s largely cut off from the rest of the world. And it might feel like it can afford to gamble a bit, given successful nuclear tests and rocket launches in the last couple of years. The international community responded with trade sanctions and a policy of diplomatic isolation — but not the point where the regime’s control over the country has ever been all that seriously in question.
It would be unsurprising if North Korea believed it could get away with something of the Sony hack’s magnitude. The question now is how the US might respond if Pyongyang’s responsibility is more conclusively proven.
Michael B. Kelley contributed to this report.
Business Insider Emails & Alerts
Site highlights each day to your inbox.