Did North Korea Hack Sony?
Hard to believe, but Sony executives and U.S. spies suspect that the huge hack that has taken Sony Pictures' office offline for more than a week was the handiwork of North Koreans as retaliation for a yet-unreleased comedy produced by the studio. This, too, could be the plot of a comic blockbuster, albeit one with a serious message: Hacking skills are a great equalizer.
It's true that North Korea has gotten pretty worked up about "The Interview," of which only a trailer is now available. It has even complained to the United Nations that the movie -- in which a U.S. television host and his producer get an interview with North Korean leader Kim Jong-Un and are hired by the Central Intelligence Agency to kill him -- "should be regarded as the most undisguised sponsoring of terrorism as well as an act of war."
The North Korea Tech blog, which follows technology developments in the isolated country, points out that it's difficult to tie North Korea to the Sony hack. Its hackers have never posed as hacktivists, attempted blackmail or posted personal insults on hijacked Twitter accounts, all of which occurred in the Sony case. North Korea, the blog notes, "has never launched such a targeted and public attack at an institution that angered it, and many organizations have angered it in the past."
"The Interview" is not the first movie spoofing a North Korean leader. The 2004 cartoon "Team America: World Police" features Kim Jong-Un's father, Kim Jong-Il, who is subjected to a particularly gruesome death at the hands of a U.S. agent (at 2:08 in this video). The animated series "Kid Notorious," which started airing in 2003, contained an episode in which a Hollywood producer was hired to kill Kim Jong-Il. The people who dreamed up both cinematic assassinations are alive and well, and the studios that released their work were not hacked.
Perhaps the current North Korean dictator doesn't have his father's sense of humor? There is a more plausible explanation, however. The world knows so little about North Korea that it will believe the weirdest tales. Last year, reputable media outlets feasted on the story of Kim Jong-Un' ordering the execution of a girlfriend for making pornographic videos. The woman, Hyon Song-Wol -- who may or may not have been close to Kim -- has since reappeared, alive and smiling.
The discovery that the Sony hackers used malicious code similar to that found in a 2013 attack against South Korea doesn't prove anything, either. It merely is evidence that, in the dark world of hacking, anyone can obtain the tools to spy, disrupt, taunt and steal.
Whether North Korea really attacked Sony -- and ended up arranging a lot of free promotion for its Kim Jong-Un comedy, scheduled for release Feb. 5, 2015 -- it had the means to do so. Last August, the HP cybersecurity team published a rundown of the country's hacking capability and past exploits. It found that North Korea had made a lot of progress in the last decade thanks to a school system that puts a strong emphasis on math, as well as a policy of developing cyberwar capabilities as "a cost-effective way to offset North Korea's lack of kinetic military prowess." At the same time, the country has little in the way of Internet infrastructure -- even some of its government sites are hosted in China -- and is therefore all but invulnerable to cyberattacks.
In recent months, there has been a lot of talk about Russian, Chinese and U.S. cyber weapons. Security researchers routinely assume government involvement when hacking tools are sophisticated, deployed during typical working hours and aimed at militarily or politically sensitive targets. In fact, any malicious group, private company, impoverished pariah state or unrecognized republic can carry out an attack. Hacking doesn't cost much; all it takes is some technical skill, readily available hardware and access to venues where hackers trade bits of code and information about vulnerabilities. The entry barriers are low; it's possible to do billions of dollars of damage with an investment of tens of thousands.
That's why it's impossible to know whether it was a rogue government or a bunch of high-school students that brought down Sony's network, distributed its unreleased films online and published its internal documents. We should ask ourselves how much of our vital information should be online at all. For North Korea, the answer is none, which gives it the advantage.
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the author on this story:
Leonid Bershidsky at email@example.com
To contact the editor on this story:
Max Berley at firstname.lastname@example.org