December 11, 2014 | Commentary on North Korea, National Security and Defense, Cyber Security

Sony Caper Shows Web of Intrigue

Newsflash: North Korea did not hack into Sony Pictures in retaliation for the studio’s upcoming release of “The Interview” — based on a script about a kooky, clandestine CIA plot to off North Korean leader Kim Jong Un.

How do we know?

Well, naturally, an unidentified diplomat at the North Korean mission to the United Nations in New York City told the Voice of America so. What, you’re skeptical? Yeah, well so am I.

It’s not as if the North Korean mission would know anyway — plus countries don’t just come out and salute their cyber successes. It’s just not done in the spooky smoke and mirror world of state-sponsored cyber mischief.

But there are a number of plausible possibilities of responsibility for the cyber strike that hit Sony before the planned holiday release of the slapstick comedy — which North Korea called terrorism and an act of war.

Of course, it makes sense for Pyongyang to be peeved about the movie, which reportedly portrays its young leader in a bad light, which shouldn’t be too hard to do since the Kim regime is one of — if not the — world’s most repressive.

Plus, experts also believe North Korea has the capability to do some heavy-handed hacking — not to mention that some computer forensics seems to point to Pyongyang.

Another theory is that the attack may have been an inside job by disgruntled Sony employees, since some human resources info was pinched in the cyber caper.

“Hacktivists” are another possibility. North Korea has supporters abroad, including Japan’s Chosen Soren, a group with close ties to Pyongyang.

And for you conspiracy theorists, how about the possibility that Sony did all this as a publicity stunt to “promo” the flick? It’s interesting that while some movies were tampered with, “The Interview” wasn’t.

Nah.

Anyway, what is worrying is that this comes at the same time the National Security Agency chief, Admiral Mike Rogers, told Congress that an attack on American critical infrastructure (e.g., the power grid) was a question not of “if,” but “when.”

While the admiral didn’t name names, he was also reportedly clear it wasn’t just China — the usual computer culprit — that could do this sort of thing.

So what if North Korea — known for its proclivity for provocation, such as sinking a South Korean warship and shelling an island — decided to hit our vulnerable critical infrastructure not with a knockout punch but a cyber smack?

In other words, some but not all of the lights go out.

It’s a troubling possibility that would leave us in a difficult position to respond — even if we could prove it was Pyongyang, potentially a tough task considering its limited Internet connectivity.

But there’s no doubt that cyber gives North Korea new options for reaching out and getting our attention — from a distance. It doesn’t have to rattle an ICBM with a nuke on top to play with, provoke or punish us.

While we don’t know if Pyongyang was behind the Sony hack attack, it’s certainly a World Wide Web wake-up call about a country that Internet insiders seem to think is sharpening its cyber skills.

 - Dr. Peter Brookes is a senior fellow at The Heritage Foundation.

About the Author

Peter Brookes Senior Fellow, National Security Affairs
Douglas and Sarah Allison Center for Foreign and National Security Policy

Originally appeared in The Boston Herald