- Although some forensics details point to North Korean government involvement in the Sony hack, it’s impossible to tell whether it was the government or another group mimicking the North Korean government.
- The fallout from the hack suggests the start of a new era of cyber skirmishes between governments and groups, and private enterprises could become collateral damage in the escalating battles.
Following the ongoing story of the Sony hack has all the twists and turns of a good who-done-it novel. First, the FBI concluded that the North Korean government was responsible for it. More recently, bulletin board rumors, along with cybersecurity company Norse conducting its own research, concluded that it was not the work of North Korean hackers who infiltrated the Sony network, but rather a former Sony security employee who gave security credentials for Sony’s systems to the Guardians of Peace group that claimed responsibility for the hack.
While the FBI and others said that the malware appeared to be similar to that used by North Korea to hack South Korean banks and media companies last year, such code was leaked into the underground cyber economy a long time ago and was available for use by any number of cyber criminals. It’s all but impossible to tell, given the rhetoric going back and forth between North Korea and the U.S. government, whether it actually was North Korea or someone mimicking North Korea. And, given President Barack Obama’s promise of a “proportional” response to the ongoing Sony hack and continuing disclosures of sensitive and embarrassing information, it’s impossible to know whether the U.S. government is responsible for the nine-hour Internet and 3G mobile network outage in North Korea that happened earlier this month.
On the other side of the coin, whether the North Korean government engineered the hack or attempted to exploit it to try to prevent the distribution of the new comedic film, The Interview, its response couldn’t have done more to promote it. Although big theatre chains opted out of showing the comedy about reporters recruited to try to assassinate North Korean leader Kim Jong-un, hundreds of independent theatres showed it, helping it to generate $1 million on the first day and another $15 million from streaming the film.
This act of “cyber vandalism” as President Obama called it, ushers in a new era of cyber threats that go beyond the three most common kinds of attacks: financially motivated attacks, state-sponsored cyber espionage, or hacktivist attacks intended to right a perceived moral wrong. These attackers, whoever they are, have an ax to grind and are bent on destroying Sony Pictures Entertainment using some of the most sophisticated hacking methods ever seen by forensics investigators, according to researchers at FireEye.
The way that the attackers have released the 100 terabytes of data they stole, the sensitive nature of the data revealed, and the destruction of Sony servers suggest that this attack is just plain vindictive. And it’s quite possible that it may have kicked off a tit-for-tat kind of cyber skirmish between the U.S. and North Korean governments. At least one pundit watching the events unfold posited that this is the start of a new period of endless cyber war. I hope that’s not the case. But for now, it’s best to review and tighten up your security practices, expand your security budgets, and fasten your seat belts, because we’re in for a very bumpy ride in 2015.