Isolated cyber-attacks between governments have been taking place for decades. The 2010 Stuxnet attack on Iran to disrupt that country’s nuclear program is one stellar example. The multi-year Red October hack discovered in 2012 is another.
But we seem to be entering a new era of bona fide cyber-war, where two nations engage in frequent attacks that are claimed to be retaliation for previous attacks.
The recent attack on Sony Pictures, which probably involved the North Korean government and may have provoked a counter-attack by the U.S. government, appears to be the start of a sustained cyber-war between the two countries.
In this column, I’ll review the facts of the Sony hack. Then I’ll spell out what it is about this episode that serves as a harbinger of the endless cyber-war to come.
The Sony Pictures Hack and Its Aftermath
The whole Sony Pictures hack is rife with speculation and false claims of certainty. Let’s start with the facts.
On Nov. 24, hackers downloaded copies of huge quantities of data from Sony Pictures computers, which included personnel data on employees (including executive salaries and employee performance reviews), emails and possibly creative content like screenplays and even movies.
The hackers then erased company computers, including boot records (making recovery difficult or impossible) and left behind graphic images claiming that a group called the Guardians of Peace, or GOP, were responsible.
The White House and FBI said that the government of North Korea was “centrally involved” in the attack and promised an “appropriate” response. The North Korean government denied involvement, but said it was a “righteous deed” that may have been carried out by its “supporters and sympathizers” in retaliation for the Sony Pictures comedy, “The Interview,” which is set in North Korea, mocks the country’s regime and depicts the assassination of its leader Kim Jong-un.
The GOP referred to North Korea and “The Interview” only after that nation and that motivation were publicly associated with the attack.
Last week, North Korea lost Internet access nationwide for more than nine hours. Then, another outage struck the country on Saturday. North Korea blamed the United States for the outages; president Obama had no comment.
There’s much more collateral damage from this network breach, including scandalous content revealed in stolen documents posted online, Sony’s initial decision to cancel the theatrical release of “The Interview,” followed by its decision to reverse course and distribute the file online and in theaters. But these aspects are peripheral to the events as a harbinger of the cyber-wars to come.
Here’s what we don’t know. First and foremost, we don’t know for certain whether the North Korean government actually had a role in the Sony Pictures hack. We don’t know who Guardians of Peace are. We don’t know if someone inside Sony Pictures helped with the attack. We don’t know if GOP leaked five movies to torrent sites. We don’t know if the United States was responsible for the North Korean Internet outage.
We may eventually learn some of this information, or we may not. But that hardly matters. The United States and North Korea blame each other, and each said they will retaliate.
It doesn’t matter. This is the start not only of a cyber-war between the United States and North Korea that won’t end as long as the North Korean regime exists—and it’s also the start of an era in which cyber-war is the normal state of affairs on the Internet.
Why the Sony Hack Is the Start of Endless Cyber-War
The Sony Pictures hack marks the start of an endless cycle of cyber-war that will become a permanent fixture of international relations for the following reasons.
1. It’s an equalizer between nations.
The conflict between the United States and North Korea is a perfect example of hacking as an equalizer between nations of immensely different strengths. The United States is a global superpower with powerful allies, control of the international financial system and the world’s most heavily funded military. North Korea is a two-bit dictatorship that uses Orwellian methods to control a population kept on the brink of starvation. Yet the Internet enables the weaker country to attack the stronger one. In fact, the vulnerability is almost entirely on the American side. Because hardly anything in North Korea is computerized and there are no major private companies or other inviting targets aside from government institutions, the country is mostly safe from a crippling attack.
2. You can’t prove who did it.
The fact that governments can deny involvement enables them to have it both ways. They can “send a message,” retaliate or attack a rival government that will know or believe that the adversary government did it while, at the same time, presenting themselves domestically as being above the hacks. The North Korean response was a textbook case. The government claims that not only that they did not hack Sony Pictures but that fans of the North Korean regime did it. Both those claims play well domestically.
3. Cyber-attacks can easily be freelanced and outsourced.
Cyber-war is like espionage. It takes place in the shadows, where deniability exists. Just as in the spy game where locals are recruited to do much of the actual spying, cyber-war attacks can be secretly farmed out to independent individuals or groups. Even perpetrators of attacks don’t need to know who’s paying them. Top people in key positions in government are on a need-to-know basis—and hardly anyone needs to know.
4. Cyber-attacks can harm rivals financially.
Just as the United States uses sanctions and other financial means to punish foreign rivals for international behavior it doesn’t like, any nation can punish their rivals financially through cyber-war. Assuming that North Korea was really behind the Sony Pictures hack, it was a financial punishment for challenging that government’s propaganda machine and the divinity myth of the Korea leader. Future cyber-war attacks will try to cripple financial markets and perhaps trigger inflation, panic and other economic problems.
5. Hack attacks are the easiest way to conduct old-fashioned espionage.
As the Sony Pictures hack suggests, a major cyber-attack involves stealing everything from the target before destroying it. You’ll get more and better intelligence using hackers for spying than spies on the ground in most cases. Much of that intelligence is about understanding which targets to hit and how to hit them.
Now that North Korea believes the United States attacked them, they will want to retaliate even more. That attack will likely engender a politically necessary counter-attack and the cyber-war will continue that way forever.
It’s important to note that sophisticated cyber-attacks take months or years to develop and prepare. So the rivals in cyber-attacks need to build sustained cyber-war campaigns, and they need to prepare their retaliation well in advance of the attacks they’ll be retaliating against.
The Sony Pictures hack is more than just the worst cyber-attack on any corporation ever. It’s the beginning of a new era of endless cyber-war.