It all sounds like the plot of a major Hollywood blockbuster.
Dave Skylark of the TV show “Skylark Tonight” and his producer Aaron Rapoport are recruited by the CIA to assassinate North Korean leader Kim Jong-Un in the movie, “The Interview.”
Haven’t seen it? It’s no wonder.
The film’s distributor, Sony Pictures, was supposed to release the movie last summer, but have put it off for a Christmas opening. Much to the chagrin of the North Korean government that has been critical of the film, its stars, and the distributor.
On the website Uriminzokkiri the North Korean government (under a nom de guerre) denounced the movie, which depicts the farcical assassination plot stating:
“The cheekiness to show this conspiracy movie, which is comprised of utter distortions of the truth and absurd imaginations, is an evil act of provocation against our highly dignified republic and an insult against our righteous people.” The site goes on to note that “the trashy filmmakers, who, won over by a few dollars thrown to them by conspirators, have compromised the dignity and conscience of filmmaking and dared to produce and direct such a film. They must be subject to our stern punishment.”
And over the Thanksgiving weekend, it is possible that SONY was subject to the “stern punishment” of the People’s Republic of North Korea.
Sony Pictures Entertainment revealed that screener copies of several of their upcoming or recently released movies had been hacked, and found their way onto pirate or torrent sites and had been downloaded millions of times. These included the Brad Pitt World War II Tank action movie, “Fury,” a remake of the story of Little Orphan Annie, and a small film about British painter J.M.W. Turner. These screeners typically contain both overt and covert watermarks which can be used to indicate exactly what copy of the film was stolen, and from where.
In addition to stealing and releasing copies of these films, the hackers, who have styled themselves as the “Guardians of Peace” were able to wrest control over Sony’s website and internal corporate network. This forced SONY to essentially shut down their network. They also stole terabytes of confidential internal information, salary information, personally identifiable information, and other sensitive Sony information.
Oh, and the attackers also reportedly implanted an earwig. A worm designed to eat up data. Much worse than ransomware, the worm just eats the data. No ransom. No demand. No opportunity to stop it.
In the words of Anchorman’s Ron Burgundy – it’s kind of a big deal.
This is not the first time Sony has been hacked in a big way.
In April of 2011 at least 77 million Play Station accounts were hacked and personal information and account information was stolen.
So is Sony doing a terrible job of securing their network and data? Are the Guardians of Peace secretly a North Korean cabal? Is the world coming to an end? Stay tuned. Sony and the FBI appear to say “yes” (or at least maybe) and the North Koreans say No. But it’s at least possible.
We actually won’t know if the attacks are propagated by pirates, organized criminals, curious and industrious hackers, or the North Korean government (or some combination of these) until a thorough forensic investigation is completed. And these investigations are notoriously slow and difficult – especially when they lead to countries like China and North Korea that have been reluctant to share information with US law enforcement agencies. So we may never know who was responsible for the attacks – or we could find out next week. That’s why you investigate.
But the attack points out something more significant for US and other companies. They can no longer be satisfied defending themselves against “ordinary” threats.
Think of a storefront in midtown Manhattan. They have a locked door, a gate, and maybe a security guard. They are protecting themselves against thieves and burglars. If there’s rioting or civil disobedience, they may add wood or metal barriers to their doors or windows. Just to be careful. But the store is not defending itself against foreign terrorists, counter-insurgency, state-sponsored attack, or counter espionage.
But on the Internet, all of these threats (and more) are real and prevalent. It simply isn’t realistic or cost effective for companies to be able to defend against every threat. Certainly not while being user friendly, mobile, nimble and adaptable.
We don’t expect companies to have Harrier jump-jets on their roofs just in case there is a terrorist attack.
What Makes it Big
What makes the Sony hack significant is not the actual dollar value of the things taken. There were no reported credit cards stolen, or commodities that were sold for millions of dollars. There’s no indication that people who would otherwise buy Sony products will now go elsewhere for their entertainment needs. Sony’s reputation took a ding, but not one that will reflect serious damage.
What makes this breach significant is the sophisticated and unrelenting nature of the attack itself. It was deliberate, sophisticated, targeted and malicious. It was aimed at Sony, its officers, directors and management. It was intent on causing harm or damage.
And it may have been state-sponsored.
That’s a game changer. This means that any company of any size now has to consider itself the possible target of state-sponsored attacks. Warfare. Espionage. Terrorism. Every entity must prepare its defenses for such a potential attack. Locks and guards won’t cut it. This means WAR!
We simply aren’t prepared for this kind of war. And likely never will be. We’ve gone from the COLD war to the CODE war. And we just aren’t ready.
So Sony may be the Pearl Harbor of this new attack. Or not. It could still just be a series of motivated and sophisticated hackers who have it in for Sony . Time will tell. Either way, this is kind of a big deal.
As the North Korean government noted, “How pitiful the U.S. is, desperately scrambling to tear down the authority of our republic that grows mightier by the day, with a shabby movie, now that no pressure or threat has worked.”
Well, you have MY attention.