A screenshot from the initial cyberattack against Sony. Source: techblogcorner.com
By Jason Rivera
All views and concepts expressed in this article originate solely with the author and do not represent the official positions or opinions of the US Army National Guard, or the US Department of Defense.
On November 24, 2014, Sony Pictures first received indication that their networks were hacked when a picture of skeletal fingers appeared on the screens of employee computers accompanied by the message stating, “This is just the beginning”.[1] This was followed by a threat to release “top secrets” and sensitive internal data if the film The Interview was released.[2] The Interview is a fictional comedy film directed by Seth Rogan about a couple of journalists who have been instructed by US government officials to assassinate North Korean leader, Kim Jung-un, after landing an interview with him. Over the following weeks, scores of sensitive Sony intellectual property and personal data were released to include four Sony films (most notably, The Interview), personal information about Sony employees, and private emails between top Sony executives. Initially, a hacker group known as the “Guardians of Peace” claimed responsibility for the Sony breach and stated that the breach was in response to Sony’s decision to release The Interview in theaters.[3]
The fact that Sony pictures was breached and the fact that a hacker group sympathetic to North Korea’s political regime is, relative to the history of other cyberattacks against US equities, irrelevant. What is relevant, however, are two revelations that recently surfaced:
- On 17 December 2014, Sony Pictures announced its intent to cancel the 25 December release of The Interview, following a decision made by major movie theater companies to drop the movie.[4]
- Later that same day, it was announced that American intelligence officials have discovered evidence that the North Korean government was “centrally involved” in the recent attacks on Sony Picture’s computers.[5]
At face value, this may not shock a lot of people. It has long been suspected that foreign actors have been targeting US government and economic interests through cyberspace. Some historical cyberattacks and/or cyber breaches by foreign actors include Chinese exfiltration of US intellectual property, Iranian hacking attempts against US military and government officials, and links to Russian hackers in light of the Target and Home Depot breaches. The recently revealed North Korean breach, however, crosses a cyberspace threshold that no other nation has crossed before:
By invoking the memory of 9/11 and by issuing direct threats stating that moviegoers would suffer a “bitter fate”, North Korea has not only conducted a devastating cyberattack, but has combined that attack with the threat of terrorism.
This event represents an important decision point for the United States government. Never before has a cyberattack been successfully combined with the threat of terrorism. Moreover, never before has a cyberattack against the United States critically affected the commercial sector’s decision to exercise its right to free speech as the attack against Sony has. This cyberattack represents the beginning of what could be a slippery slope and, if the United States does not respond, it may be followed by similar tactics used by state and non-state actors throughout the globe. If the United States wishes to prevent what could be a catastrophic cascade of cyberattacks combined with threats of terrorism, then the American nation must respond and it must respond now. Many of us, at this point, are probably thinking of additional sanctions. This, however, will not be enough to deter future attacks using similar tactics.
The United States should deliver a retaliatory response through cyberspace to the North Korean nation. This retaliatory attack should be targeted against North Korean leadership and should transmit a clear signal that the United States will not tolerate cyberattack tactics combined with the use of terrorist threats. Accordingly, the United States should consider response options designed to debilitate the North Korean regime in such a manner as to cause internal instability. Some response options that should be considered are as follows:
- Response Option 1: North Korea’s population lives in abject poverty and is a ruled by a corrupt regime characterize by deeply seeded and fundamentally flawed political beliefs. To prevent the North Korean population from discovering its situation, and thereby rebelling, the North Korean regime completely controls Internet access to its entire population. Given the above, the United States should develop and deploy a cyber capability that can open up externally hosted search engines to the North Korean population that are outside of the jurisdiction of North Korean Internet service providers, thereby hampering the government’s censorship capabilities. The effect of such a capability would enable the North Korean population to have unrestricted access to information and contentious historical events. Such an operation would likely cause internal unrest in North Korea and would serve as a powerful deterrent against future activity.[6]
- Response Option 2: North Korea’s political leaders are well known for their corrupt relationships with organized criminal enterprises. Given this information, the United States should deploy a cyber enabled information operations capability designed to publically expose this relationship to the North Korean population. The United States should deliver this information via any and all information communications technology platforms available to include (but not limited to):
- Any inbound Internet connections (as limited as they may be)
- Microwave signals
- The radio frequency (RF) spectrum
- Long-range wireless / WiMax
- Satellite communications (SATCOM) uplink / downlink signals
- Cellular/mobile signals
- Cable broadcast
- Hard wired telephone networks
- Response Option 3: North Korean public IP space is extremely limited, implying that there are very few communications nodes transiting in and out of North Korea. The United States Cyber Command should consider the delivery of Distributed Denial of Service capabilities against the North Korean communications apparatus in order to disrupt and isolate North Korean diplomatic communications. The United States should consider using this capability in order to force concessions from the North Korean government and to demonstrate that the United States is capable of not only responding in kind, but completely and utterly isolating the North Korean nation from the entire world.
Whether one of the above three cyber options are leveraged or whether another, equally stern option is employed, the United States must respond in order to deter future cyberattacks combined with terrorist threats. Today, it is North Korea. If nothing is done, tomorrow it will be the Islamic State. The effect of such cyber capabilities being wielded by terrorist organizations would be devastating – not just to the American economy, but to the American psyche and the nation’s fundamental human rights. To prevent this from happening, the United States must respond hard and fast by delivering a devastating response through cyberspace to the North Korean regime.
Jason Rivera is a Captain in the US Army National Guard and possesses a MA from Georgetown University in Security Studies, a M.A. from the University of Oklahoma in Economics, and two BA degrees in Political Science and Economics from the University of Nevada – Las Vegas.
[1] David Robb, (2014) “Sony Hack: A Timeline,” Deadline, http://deadline.com/2014/12/sony-hack-timeline-any-pascal-the-interview-north-korea-1201325501/ (accessed 17 Dec. 2014).
[2] Ibid.
[3] Sam Frizell, (2014) “3 Reasons People Think North Korea Hacked Sony,” Time, http://time.com/3637540/sony-hack-north-korea/ (accessed 17 Dec. 2014).
[4] Brian Stelter, (2014) “Sony cancels ‘The Interview’ after major theater pull out,” CNN Money, http://money.cnn.com/2014/12/17/media/the-interview-sony-theater-owners/index.html?hpt=hp_t2&hpt=hp_t1 (accessed 17 Dec. 2014).
[5] David Sanger and Nicole Perlroth, (2014) “U.S. Links North Korea to Sony Hacking,” The New York Times, http://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=0 (accessed 17 Dec. 2014).
[6] Jason Rivera, (2014) “Understanding and Countering Nation-State Use of Protracted Unconventional Warfare,” Small Wars Journal, http://smallwarsjournal.com/jrnl/art/understanding-and-countering-nation-state-use-of-protracted-unconventional-warfare (accessed 17 Dec. 2014)/