‘Interview’ attack may signal new cyberwar

December 22, 2014

Hiawatha Bray

It will be a long time, if ever, before the public sees Sony Pictures Entertainment’s movie “The Interview.” Instead, we’ve seen a preview of a new kind of warfare. Hackers allegedly backed by the impoverished, backward nation of North Korea have terrorized one of the world’s richest corporations into halting the release of the film, a comedy about a fictional plot to assassinate North Korean dictator Kim Jong-Un.

In a tweet, former US House speaker Newt Gingrich said, “With the Sony collapse America has lost its first cyberwar.”

If so, it’s a war that US corporations are woefully unprepared to fight.

The kind of data breach that exposed Sony to attack happens on corporate computer networks around the world every day of the year. And while there are tools to reduce the risk or minimize the effects of break-ins, far too few companies make use of them.

“Over 90 percent of the breaches last year could have been prevented if simple policies and procedures were put in place,” said Craig Spiezle, a former data security executive at Microsoft Corp. who now heads the Online Trust Alliance, a security consortium in Seattle.

Most online criminals are simply out for money, either stealing credit cards or holding sensitive corporate data for ransom. Political “hacktivists” like the online group Anonymous might leak sensitive information stolen from corporate or government computers, but they don’t spill blood.

But Sony fell prey to a bizarre hybrid of digital extortion and real-world terrorism, possibly financed by the world’s most insular and paranoid dictatorship. A group calling itself Guardians of Peace began by leaking embarrassing data stolen from Sony’s computers. This included gossip about movie stars like George Clooney, Angelina Jolie, and Denzel Washington, ensuring the leaks would end up on front pages worldwide.

Then came the group’s dramatic follow-up: a threat to carry out attacks on movie theaters that showed “The Interview.”

By itself, the hack might not have led Sony to cancel the “The Interview.” But when the group threatened mass murder, Sony took it more seriously, especially when large theater chains began refusing to show the film.

“The threat of the risk of harm, of physical injury, clearly took it to a whole new level,” Spiezle said.

The US government on Friday blamed North Korea for the threats and cyberattacks, and President Obama vowed the United States would retaliate.

Richard Kelsey, an assistant dean at George Mason University School of Law, called the Sony hack “an act of war,” requiring an aggressive response from the United States, probably in the form of severe economic sanctions.

“This is a new battlefield, and the North Koreans have just fired the first flare,” Kelsey said.

But Andy Sellars, a First Amendment fellow at the Berkman Center for Internet & Society at Harvard University, doubts we’ll see a similar incident anytime soon.