Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

North Korean leader Kim Jong Un AP Photo/Wong Maye-E, File

If North Korea did hack Sony, it's a watershed moment in cyber-warfare

It is reportedly the first to use “a highly destructive class of malicious software that is designed to make computer networks unable to operate” into a company’s computer system in the United States.

THE HACK ON Sony Pictures Entertainment is one of the most debilitating ever targeted at US corporate servers.

The Nov 24th incident didn’t just result in the theft of proprietary data, including unreleased films and employee information.

It is reportedly the first to use “a highly destructive class of malicious software that is designed to make computer networks unable to operate” into a company’s computer system in the United States, according to Reuters.

North Korea has emerged as a leading suspect in the hack. Pyongyang had already vowed “merciless” retaliation over “The Interview,” a Sony release in which James Franco and Seth Rogan play talk show hosts that the CIA enlists for an assassination plot against North Korean leader Kim Jong-Un.

And it has greatly developed its cyber-offensive capabilities over the past decade. An unnamed security source told Reuters that North Korea is currently the “principal suspect.”

If the Hermit Kingdom really is involved, it would make the Sony incident a potential turning point in the history of cyber-warfare.

Sony Hack Sony Pictures Entertainment headquarters in Culver City AP Photo / Nick Ut, File AP Photo / Nick Ut, File / Nick Ut, File

For the past several years, states have started to compromise the computer systems of rival governments and private companies to further political or strategic aims: think China’s infiltration of computers at the New York Times in response to a series of Pulitzer Prize-winning reports in 2012 on the private wealth of the country’s top leadership, or Russia’s “cyber-invasion” of Estonia in 2007.

But according to Dave Aitel, a former NSA research scientist and CEO of the cyber-security firm Immunity, the severity of the Sony attack, along with its nakedly political motives, would put the incident in its own unique category assuming it was North Korea’s handiwork.

“If it was North Korea, these attacks against Sony would indicate that foreign powers are going beyond the traditional information-stealing attacks to enforcing their own law against American companies via what we would consider cyber terrorism,” Aitel told Business Insider by email.

It would be a watershed moment in how the world handles cyber policy and reaction.

Aitel says the hacks are potentially  ”a ‘near red-line moment’” since they represent the kind of incident that would almost require a US policy response assuming a rival state was behind it. As Aitel says, ”This is the first demonstration of what the military would call Destructive Computer Network Attack (CNA) against a US Corporation on US soil … a broad escalation in cyberwarfare tactics” that would demand some kind of American response.

It would also signal an increased willingness for North Korea to deploy its developing cyber-offensive capabilities against American targets.

An August 2014 report from Hewitt Packard Security Research explained Pyongyang’s longstanding policy of attempting ot integrate cyber attacks into its doctrine of “asymmetrical warfare” — namely, North Korea’s attempts at closing the defense gap with its more conventionally capable enemies, like South Korea and the United States, in whatever ways it can.

The report explains:

Cyber warfare allows North Korea to leverage the Internet’s inherent flaws for offensive purposes while maintaining its defenses, primarily via air-gapping its most critical networks from the outside world.

To that end, North Korea established a group of hackers within its military special forces architecture, called Unit 121, that is trained in a hotel in eastern China. Early results were alarming: as early as 2004, North Korea “reportedly gained access to 33 of 80 South Korean military wireless communication networks;” in 2006, “an attack on the US State Department originating in the East Asia-Pacific region coincided with U.S.-North Korea negotiations over the regime’s nuclear missile testing.”

There’s evidence that North Korea was attempting ambitious attacks on private sector entities as well.

According to the HP report, in February of 2013, a private security firm called Solutionary recorded 11,000 “touches,” or electronic attempts to steal deal, on “a single financial institution,” all originating from North Korean IP addresses.

Solutionary noted that North Korean IPs only attempted 200 touches a month at a time, suggesting this rapid uptick was part of a concerted attack on the institution, which goes unnamed in HP’s report.

North Korea has been developing its hacking capabilities from the safety of a web infrastructure that’s largely cut off from the rest of the world. And it might feel like it can afford to gamble a bit, given successful nuclear tests and rocket launches in the last couple of years.

The international community responded with trade sanctions and a policy of diplomatic isolation — but not the point where the regime’s control over the country has ever been all that seriously in question.

It would be unsurprising if North Korea believed it could get away with something of the Sony hack’s magnitude. The question now is how the US might respond if Pyongyang’s responsibility is more conclusively proven.

- Ardmin Rosen, Michael B. Kelley contributed to this report.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Published with permission from
View 27 comments
Close
27 Comments
    Install the app to use these features.
    Mute Róisín Áine Nic Dhonnacha
    Favourite Róisín Áine Nic Dhonnacha
    Report
    Aug 24th 2011, 2:32 PM

    Interestingly the rise in the phenomenon of presenteeism is just as damaging to companies. Presenteeism is when employees turn up for work when they really should stay at home. As a result they are less than productive and if they are ill spread their illness to others in the company.

    84
    Install the app to use these features.
    Mute JimBob Hillbill
    Favourite JimBob Hillbill
    Report
    Aug 24th 2011, 3:13 PM

    I don’t know about any other business, but where I work we pick up the slack whenever anybody is out sick. The work needs to be done one way or another. Its not costing the company anything, its costing the rest of the employees in terms of increased workload. Basically this is just more BS from IBEC.

    58
    Install the app to use these features.
    Mute Kevin Smyth
    Favourite Kevin Smyth
    Report
    Aug 25th 2011, 11:20 AM

    “HEAR HEAR”. Well said Jim. This is utter trash and it infuriates me.
    BTW did anyone see The Apprentice with Mr Alan Sugar (hate the title)? An inventor had an idea for a chair to help workers backs and decrease absenteeism. Sugar told him he didn’t give a sh*te about absenteeism. It doesn’t, nor has it ever affected his business. It’s only petty greedy people who seem to view this as a problem.
    When I see this in the news, it means there’s NO news.

    7
    Install the app to use these features.
    Mute MarkGDub
    Favourite MarkGDub
    Report
    Aug 25th 2011, 8:33 AM

    I wonder how much is written off by people coming in early, working through lunch and staying late 5 days a week. perhaps IBEC would be better served commission research on how to reduce sick days / redress the work life balance.

    43
    Install the app to use these features.
    Mute Dvonne
    Favourite Dvonne
    Report
    Aug 24th 2011, 2:53 PM

    How on earth can that be recorded with any degree of accuracy?

    22
    Install the app to use these features.
    Mute Róisín Áine Nic Dhonnacha
    Favourite Róisín Áine Nic Dhonnacha
    Report
    Aug 25th 2011, 7:40 AM

    You’ll have to look at the methodology the researchers use. Often it is cited in industry magazines when these surveys are conducted. It is nearly always cited in robust research in respected journals. Certainly levels of absenteeism are pretty easy to capture as those responsible for HR, payroll and accounting have to record those as a matter of course. Presenteeism I agree is another story. But I believe it both can and has been done within acceptable levels of validity and reliability.

    10
    Install the app to use these features.
    Mute Martin Fitzgerald
    Favourite Martin Fitzgerald
    Report
    Aug 25th 2011, 8:41 AM

    ONLY 1% of female absence due to drink? Not a hope in hell.

    17
    Install the app to use these features.
    Mute Jurisprudence
    Favourite Jurisprudence
    Report
    Aug 25th 2011, 5:33 PM

    I certainly don’t cost my employer €818 per year in absenteeism. I don’t think that would be possible on my meager earnings. Deciding to use a figure as an average when the gulf of earnings is so unequal in many sectors is insulting and disingenuous (but this is IBEC after all). If I’m not mistaken a greater chance of true illness occurs with low earners, that is genuine absenteeism as they forgo health checkups/gp visits or drugs to pay for other necessities unless drastically concerned. Its not taking the piss, its as a result of groups such as IBEC pushing downwards on their earnings. if IBEC want to minimize that maybe they should propose free employee health schemes/checkups or just pay the slaves a bit more.

    Perhaps IBEC should commission a study on how much it costs when the boss or an executive or one of their little expensive clique decides not to turn up. An overpaid fat executive paid 10 times the amount of a regular grunt would have to ensure an absenteeism rate 1/10th of said grunt so as not to inflict a higher financial loss on their company. Lets not even discuss productivity or their exec buddies. But its not about our betters is it.

    Its hard to take any figure, whether based on raw statistical data or otherwise, from a group of individuals who, if given half a length of lease, would tear the flesh from every employees rights, wages or conditions, just to eek out something more for themselves. When I see IBEC, I see the HSE or Foxconn in China, no better.

    I’ll stop writing and put back on my metal collar.

    6
    Install the app to use these features.
    Mute Rod McAlpine
    Favourite Rod McAlpine
    Report
    Aug 25th 2011, 12:28 PM

    Each person loses 1 year out of their working life through absence

    1
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.
JournalTv
News in 60 seconds