By Monish Gulati
As South Asia was watching the terrible tragedy at Peshawar unfold another drama was coming to head in Hollywood. At the eye of the storm was ‘The Interview’, a comedy by Sony Pictures Entertainment that depicts a fictional assassination of North Korea’s leader Kim Jong-un.
What began with the hacking of Sony Pictures computer systems at the end of November escalated when the hackers threatened 9/11-like attacks against movie theatres scheduled to show the film that fanned US-wide security fears and resulted in the four top US theatre chains pulling the movie from their screens, ultimately causing Sony to cancel the film’s release.
US President Barack Obama has vowed to respond “proportionally” to what he called “cyber vandalism” after the Federal Bureau of Investigation (FBI) blamed North Korea for it. Addressing his annual end-of-year news conference at the White House, Obama said Sony “made a mistake” in cancelling the release of the movie and that “We cannot have a society in which some dictator someplace can start imposing censorship here”. North Korea responded stating that it is not involved in the cyber-attack and US claims were “groundless slander”.
‘The Interview’ stars Seth Rogen and James Franco as frustrated television journalists recruited by the Central Intelligence Agency (CIA) to assassinate Kim Jong-un. In the film’s climactic scene, the North Korean leader’s head is seen exploding when his helicopter is hit by a missile. Pyongyang strongly denounced the comedy as an act of terrorism and called for Sony to cancel the film. In June this year, North Korea called the plot of the film an “act of war”, and later on praised the hacking as a “righteous deed”.
On Nov 24 as workers at Sony Pictures Entertainment in Culver City, California, logged on to their computers they found a screen message saying they had been hacked by a group calling itself Guardians of Peace (GoP). The massive breach resulted in the leak of tens of thousands of documents, including sensitive emails and personal information.
The GoP also promised a “bitter fate” and warned movie-goers to “keep yourself distant” from theatres showing ‘The Interview’, by invoking memories of the 9/11 attacks on the US. Following threats, Sony which had scheduled a Christmas Day release of the film, currently plans to release the film after several major theatre chains said they would not show the film.
The hackers have reportedly caused tens of millions of dollars in damage to Sony Pictures’ computers, destroyed valuable files, leaked five films, including four of them yet to be released, and exposed employee information including 47,000 Social Security numbers. Sony had spent about $80 million to make and market the ‘The Interview’. The cost to Sony from new software and hardware, employee labour to clean up the malware, investigation, lost productivity, and reputational damage, is estimated to be at least over a $100 million.
A few days ago, the FBI for the first time publicly linked North Korea to the cyber-attack on Sony after it concluded that the hacking was based in part on malware previously deployed by North Korean agents. FBI also saw “significant overlap” between the infrastructure used in the attack on Sony and other malicious cyber activity the US has previously linked to North Korea. It said the tools used in the Sony attack had similarities to a cyber-attack North Korea carried out last year against South Korean banks and media outlets. North Korea has denied any connection to the cyber-attack.
The attack was reportedly routed through servers in Singapore, Thailand and Bolivia. However, it was concluded that there was no sign that North Korea worked together with another country on the cyber-attack. Experts believe that since North Korea lacks the capability to infiltrate Sony’s computers on its own, it would have required the assistance of mercenary computer hackers, and possibly disgruntled Sony insiders.
The US has said it will respond to the hacking in “a manner and time we will choose”. It has reportedly sought Chinese support on the case, while North Korea has said it wants a joint investigation into the incident with the US.
Sony Entertainment CEO, Michael Lynton, in an interview to Fareed Zakaria made some startling comments. He said what Sony experienced was the worst cyber-attack in American history, which persevered for three and a half weeks. Two, according to the FBI which investigated the attack, the nature of the malware used was so sophisticated that it would have breached the cyber defences of 90 percent of businesses in the US. Three, such was the fear of being target of a cyber-attack that there wasn’t one major VOD (video on demand distributor) or major e-commerce site in the US that was willing to distribute ‘The Interview’.
The possible US options, according to experts, could include cyber retaliation, financial sanctions and criminal indictments against individuals. However, in the case of North Korea, the US and its allies have already imposed repeated economic sanctions on the country for its nuclear and missile programmes leading to economic hardship and global isolation.
White House officials are also wary of playing into an effort by nuclear-armed North Korea to provoke the US into a direct confrontation. The US is confronted with an adversary against whom it has little or no leverage. One possibility suggested is to unleash the hackers of the US military’s Cyber Command to disable the computers that launched the attack and stop them from doing more damage, but it may damage systems in countries where North Korea bases or routes some of its cyber capabilities.
Information technology innovation, particularly on the internet, has no effective national, regional or international rules, while the online dependency has created vulnerability to malicious interventions and other digital catastrophes.
Two issues stand out in the Sony case; one is the chasm between the cyber offensive and defensive capabilities. The fact that North Korea, one of the most impoverished nations in the world, can launch the worst cyber-attack in US history bears testimony to the asymmetric warfare potential of cyber-attacks. Two, is the manner in which the value chain of the US movie industry came apart at the thought of being target of a cyber-attack points to our vulnerability to cyber terrorism.