Search All Site Content

Total Index: 5813 publications.

Subscribe to our Mailing List!

Sign up for our mailing list to keep up to date on all the latest developments.

The Peninsula

What Might a Proportional Response to North Korea's Sony Hack Look Like?

Published December 19, 2014
Category: North Korea

By Troy Stangarone

North Korea’s cyber attack on Sony Pictures Entertainment and the subsequent threats to target theaters that screened “The Interview” have had a chilling effect beyond Sony’s decision not to release it on Christmas day. The decision to withdraw “The Interview” from release has raised important questions regarding freedom of speech and how best to approach future cyber attacks by North Korea or other actors.

What We Know About the Hack

In October, hackers, unidentified at the time but suspected to be North Korean, attacked Sony’s computer network and stole a large trove of documents and released five movies on-line causing the studio financial harm and embarrassment as internal documents and e-mails were slowly leaked. At the time, other suspects included disgruntled former employees who had indicated that Sony was vulnerable to cyber attacks or that the Guardians of Peace, who claimed responsibility, could be an unknown group of hackers. However, an investigation into the evidence has now indicated otherwise. In his press conference on December 19, President Barack Obama confirmed that it was North Korea that engaged in the attack while the FBI announced that it had reached this conclusion based largely on the following information:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

The Fallout from the Hack

The fallout from the hack has been significant. On the financial side, Sony has likely lost hundreds of millions of dollars in lost revenue from pulling “The Interview” and other films that have been released on-line. Shortly after Sony announced its decision, two other movie studies took similar actions. Paramount Pictures has pulled screenings of 2004’s Team America from theaters, while Fox has pulled the plug on the Steve Carrell movie “Pyongyang” which was set to start filming next year. The capitulation to North Korea’s threats have raised questions about freedom of speech and how best to respond to cyber attacks.

Green lighting a film that portrays the assassination of a sitting world leader was likely unwise from the beginning, even one from a regime with the human rights record of North Korea. North Korea has previously demonstrated a willingness to use cyber attacks against private entities that believes portray it unfairly. In 2013, it attacked South Korean TV networks who it had accused of covering it unfairly.

However, Sony’s subsequent decision to give into North Korean pressure after theaters began to pull out raises larger issues regarding free speech and cyber intimidation. As the President noted, what precedent does this now set for other leaders who do not like how they are portrayed in a documentary or in the news. Will studios and news agencies start self-censoring their films or reporting on controversial world leaders to avoid being the targets of attacks? Additionally, has Sony now signaled to other groups that cyber attacks on entertainment and news agencies could be an effective tool for achieving their goals? How this ultimately affects artists’ ability to express themselves and reporters’ ability to report stories accurately may be the biggest fallout from North Korea’s attacks.

What Would Be a Proportional Response?

President Obama in his press conference indicated that the United States will respond to this attack in a proportional manner at a time of the United States’ choosing. As the United States considers its options, there are likely a range of things that will come into consideration.

While we now know that North Korea conducted the attack, its attack was on a private institution rather than an attack on the government. Does that mean that any response should be proportionally less than if a government institution was attacked, which could be considered a direct act of war? In the age of cyber warfare, this is a gray area. The United States has not previously come to the defense of U.S. businesses that have been hacked through means other than law enforcement. Then there is the question of the nature of a cyber attack on a business. Is a cyber attack on a business the same as a kinetic attack on a business? As the administration draws up it plans, it will likely seek to demonstrate to North Korea and other potential attackers that there are costs for attacking private institutions as well as a direct attack on government institutions.

There is also the question of escalation. How does the United States design a response that extracts a cost from Pyongyang for its actions, but that does so in a manner that will not lead to an escalation of attacks? This means that a kinetic attack is likely off the table as it would come with a high probability of a response against the United States or one of its allies. More likely would be some combination of cyber attacks against North Korea, likely in ways that will not be publically noticeable, and increased pressure on banks to cut off North Korea’s finance. The United States will also likely privately pressure China to shut down North Korean cyber facilities operating inside Chinese territory.

Unlike many of the previous cyber attacks on U.S. businesses or websites of government or private institutions around the world that were designed to acquire financial resources or intellectual property, North Korea’s attacks on Sony are the most politically motivated since Russia’s suspected attacks on Estonia in 2007. They are in essence an attempt to change the policy of a company to one more liking to the regime in Pyongyang and we have already seen the chilling effect they could have on free speech. While Paramount may simply be trying to avoid controversy by cancelling showings of the previously released “Team America,” Fox’s decision to cancel the as yet filmed “Pyongyang” shows the potentially farther reaching implications. For this reason, it is appropriate that the United States take more direct action to discourage similar attempts by North Korea or other actors in the future.

Troy Stangarone is the Senior Director for Congressional Affairs and Trade for the Korea Economic Institute of America. The views expressed here are the author’s alone.

Photo from Cristal’s photostream on flickr Creative Commons. 

Return to the Peninsula

Stay Informed
Register to receive updates from KEI