US officials have concluded that N. Korea is behind the cyber-attack on Sony Pictures, a move that led to the cancelation of the movie "The Interview." In a DW interview, James Lewis explains the reasons behind the hack.
US federal investigators insist there is a link between the Sony Pictures hack and the East Asian communist country. The cyber-attack which has exposed a trove of sensitive documents, and led to escalated threats of terrorism, forced Sony to cancel the release of the political action comedy, which became controversial due to its alleged negative portrayal of the North Korean leader, Kim Jong Un. The hackers, who call themselves Guardians of Peace, had reportedly made threats of violence if the movie theatres showed the film.
The cyber attack is probably the most damaging ever for an American business both financially and logistically. Moreover, the studio's reputation has suffered from tens of thousands of leaked emails and other company materials. Pyongyang was critical of the film, but earlier this month denied any involvement in the heist, claiming it might have been carried out by the regime's sympathizers.
James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS) and US President Barack Obama's former cyber security advisor, talks to DW about the possible reasons behind the attack.
Lewis: 'North Korea has launched four or five cyber attacks against South Korean targets in the last three years'
DW: How was the attack on Sony Pictures conducted?
James Lewis: We don't know. Sony has been very tight-lipped on the subject. It could have started with something as simple as a spoofed email with an attachment that had a title like "This year's Bonus." People find this kind of trick hard to resist. Click on the attachment, unleash the malware, and the attacker is in. Between tricks and the omnipresent vulnerabilities found in many software products, even a big company like Sony can be hacked.
There are lessons for companies. The first is that they should encrypt as much of their data as possible. That includes emails and intellectual property. Encryption doesn't always work and can disrupt the work flow, but in general companies need to make greater use of it. The second is that they need to do a better job at requiring strong passwords and safeguarding passwords. The third is that senior executive need to think about what they put in emails.
An email is like a postcard, not very private and the simple test in the US is to ask yourself how you would feel if your email was published on the front page of The New York Times. If it’s embarrassing, don’t write it. The final lesson is just for film companies. They liked to use North Korea as the "bad guy" because it wouldn’t damage sales the way that using China or Russia as the bad might. Hollywood will need to find a new bad guy for its movies.
Does North Korea actually have the technological capability to launch such an attack?
North Korea has launched four or five cyber attacks against South Korean targets in the last three years, so they certainly have the capability. The attack on Sony was very similar to earlier attacks launched in 2013 against South Korean media outlets and banks that had somehow offended North Korea's leader. The North has been developing cyber weapons for years and every year they get a little better.
What was unusual about this attack was the complete absence of a commercial motive. Most hackers are after financial gain, stealing intellectual property, financial data or personal information to turn it into money. This was done purely to harm Sony, for political reasons. These hackers were very unusual in that they were not motivated by profit.
Some people say this could be insiders looking for revenge, but a persistent attack that lasts this long would be unusual – the longer the attack, the more likely the hacker is to be caught, if they live in a country that enforces the law. Other people blame activists or "hacktivist" groups, but no one can point to an activist group that supports North Korea. The attacks against Sony were more sophisticated than what most hackers can do, had a clear political motive and are consistent with the pattern of past North Korean cyber activity. Hacking Sony shows that North Korea is making progress in developing cyber capabilities and has new willingness to use hacking against targets outside of the Korean peninsula.
Is very sophisticated technology required to launch such an attack?
The FBI said the attack was sophisticated in its ability to defeat defenses, but this attack wasn't as sophisticated as Stuxnet in its ability to do damage. It was more like the Iranian attack on Aramco – good but not the top of the league. What is impressive is that rate of improvement.
North Korea does not have the capability to carry out a "cyber 9/11." The term itself is ridiculous as no country, even the US or Russia, could use cyber weapon to cause thousand of deaths. It was just another bombastic threat – the North is always threatening to nuke America, sink aircraft carriers, and destroy Washington and Seoul –it is part of the Stalinist legacy and threats accompany every North Korean action.
While there is no risk of a cyber 9/11, North Korea, like Iran, could use cyber attacks to disrupt US critical infrastructures, like electric power plants or gas pipelines. The frightening part is that despite years of talking about cyber-security, the US still doesn't have anywhere near an adequate defense (nor does nay other country, for that matter, including Germany).
Cyber counterattacks on North Korea are both risky and less productive. The US won't risk another Korean War over Sony and it’s not worth the effort to turn out the lights in the North – they go off on their own every day. So even through there is a technological mismatch between the US and North Korea, they have a political advantage.
What can you tell us about the country's technological and cyber-warfare capabilities and who is helping the North Koreans improve their cyber-warfare capability?
North Korea's previous leader, Kim Jong-Il, made developing cyber capabilities and IT industries a high priority for North Korea, and was willing to spend to get it. Sophisticated hacking tools can be bought from cyber crime black markets and then modified for specific targets. Iran did this for its attack on Aramco, and it is likely what North Korea did to use against Sony.
North Korea may also get help in building its cyber capabilities, perhaps from Iran, and it has spent millions of dollars for more than twenty years to build a cyber capability. States have an advantage over private hackers, in that they have immense resources and they can ignore the law. Even North Korea can spend millions and assign thousands of people to work for years to make cyber weapons.
If North Korea is indeed behind the attack why would such a comedy trigger such a reaction from Pyongyang?
The Kim family expects to be treated like gods. If North Koreans fail to worship them, they are dead. A film mocking the gods is sacrilege. When "Team America" - a 2004 parody where the "Dear Leader" was assassinated came out- the North Koreans complained but couldn't do more. Now they have the ability to strike back. There is a scene in Team America where the UN Negotiations Hans Blix tells the Dear Leader that if he doesn't behave, the UN will be very angry and send him a letter telling him how angry they are. The North Koreans probably expect that is all that will happen this time – another angry letter and no actual punishment.
Lewis: 'Pyongyang itself sent a letter last summer to the UN Secretary General complaining about the film'
Pyongyang itself sent a letter last summer to the UN Secretary General complaining about the film (a term also used by the hackers). The letter said "To allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war." When they didn't get a response, they took matter into their own hands.
South Korea claims that the North has a premiere hacking unit, known as Unit 121, that is, after the US and Russia, the "world's third largest cyber unit." What is your take on this?
South Korea sometimes overestimates North Korean capabilities – it is understandable since the North is an erratic and aggressive neighbor. Pyongyang has second tier cyber capabilities, nowhere near the top five (the US, UK, China, Russia, and Israel) and not as good as Iran, but better than most other countries in the world, including most European countries. North Korea is willing to spend money on hacking, has assigned a few thousand people from its intelligence bureau to work on hacking, and will continue to improve.
One way to show the importance of information technology to the regime is that it has created a few "private" companies to work with the west in software development – unheard of for such a rigid communist regime. German consumers probably don't know that some of the software used in apps on their mobile phones came from North Korean companies.
James Lewis is director of the Strategic Technologies Program at the Washington-based Center for Strategic and International Studies (CSIS) and US President Barack Obama's former cyber-security advisor.