December 22, 2014:
North Korea was blamed, especially by many media pundits, for recent hacks of Sony Pictures. This was believed to be payback for Sony ignoring North Korean complaints about a Sony film (The Interview) that makes fun of North Korea and its leader. That was only the beginning for a tale of Information War that got stranger and stranger as more became known.
First, there was the issue of who did it. While there is some evidence in hacker code left behind that North Korea might have been involved, it was initially considered more likely that the Sony hack was carried out by pro-North Korean hackers, not North Korea itself. Many leftist activists in East Asia are pro North Korea and some of them have hacking skills. American government experts have concluded that the hack was ordered by North Korea but were rather more vague about whether it was all done by North Korean government hackers. The FBI also refused to reveal details of how it reached this conclusion. The evasiveness was understandable because details would reveal information on methods and sources and make it more difficult to use either the next time around. This evasiveness also make it look like North Korea did what China and Russia do frequently for espionage and Information War attacks; use third party mercenaries (organized crime) or patriotic citizens who have hacking skills.
Whoever did they actual hack, there were certain things that had to be done. First, getting inside the Sony networks requires more than a few hours of intense hacking. Mapping such a large network and finding out where all the goodies were stored and what security measures had to be evaded to get all that data out uninterrupted requires months of effort. This means that North Korea has been planning this attack for a long time. Unless, and this has also been suggested, that North Korea had some inside help. This is not unknown and is usually obtained via “social engineering” (conning insiders into helping) or by finding an insider who could be bribed (or otherwise persuaded) to provide key data on Sony networks. Then there is the sloppiness angle. Internet security experts point out that Sony has, for a long time, ignored warning that its Internet security was weak and that it was vulnerable. Despite several earlier (and very embarrassing) breaches Sony apparently did not act aggressively enough to protect itself. It was later revealed that senior executives decided that it was cheaper to accept the risk (and cost to respond) of a hack than to undertake the expensive measures required to improve defenses. Naturally, even improved defenses would have been no use if there was inside help for the hackers. In the aftermath of the hack Sony has adopted the defense that they were targeted by Big, Bad North Korean Master Hackers who could have blown through defenses built (at great expense) to make Sony less vulnerable to second-rate hackers.
While the lost data was damaging to Sony the big damage was the fact that they capitulated to the hackers. That is a big mistake under any circumstances because it gives hackers an incentive to do it again. That’s why most nations who have dealt with Islamic terrorists for a while find, the hard way, that the best policy is to not negotiate and definitely never give into their demands. By giving in to the hackers (and North Korea) Sony had gained little, lost much anyway and many others have suddenly become targets for similar attacks. That’s not an opinion, that’s a fact based on lots of past experience.
It wasn’t just Sony that panicked and capitulated but it was the theater chain owners as well. The hackers said they would stage terror attacks on any theater that showed The Interview. U.S. government terrorism experts quickly concluded that this was an empty threat. But fearful of a public panic and empty theaters during one of the peak theater attendance periods of the year, the theater owners pressured Sony to just pull the film from circulation and spare the theater owners a lot of embarrassment. That’s didn’t work. Theater goers, government officials and terrorism experts were all openly furious at Sony for capitulating. All-in-all a clear victory for North Korea had Internet based terrorism. Because of that, we’re going to see a lot more of it.