Blaming James Franco: North Korean Cyber Warfare

Wait and see”, that was the response of the North Korean government when asked if they were responsible for a massive cyber infiltration of Sony networks likely reaching 100TBs of data and paralyzing Sony’s networks.  While we are witnessing new connections in international affairs between industry and diplomacy, we are also witnessing more of the same in the field of cyber security.  Limited operations – mostly against third parties, operations more akin to espionage rather than war, and ineptitude on the side of the target.   James-Franco-in-The-Interview_article_story_large

Many ills society can likely be blamed on James Franco the libertine. Spring Breakers was just a weird movie.  I never liked the Spiderman movies, and now this, the Interview (Seth Rogan gets a pass).  It is likely that the making of the Interview prompted North Korea to launch a targeted operation against Sony and their affiliates.  Either the operation was directly connected to North Korean operatives working in China or through paying a third party group to do the deed.  Either way, the main question now is what does this mean for cyber security?

The takeaways from this operation vary according to the observer.  Some might consider this a dangerous new phase of warfare.  I on the other hand liken this to more of the same from North Korea.  In the past, Kim Jong Il’s strange fascination with Western movie themes lead to him kidnapping movie stars and directors to make his own films.  Attacking Sony because of displeasure with the movie the Interview only seems like more of the same.  Bizarre behavior by a peculiar regime.  In North Korea’s view, the movie confirms their worst fears, the West is out to get them and wants to personally kill their leader.  Dennis Rodman should be careful next time he visits.

The reality of the situation is much different.  As much as the West and the United States might be displeased with the Kim’s family’s posturing through the years, North Korea have mostly refrained from doing the damage that other states like Iraq and Rwanda have caused.  The old saying, the devil you know, comes to mind here.  The United States can manage this perverse relationship.  China likewise fears the massive chaos at its borders if the regime ever does fall.  The real problem is internal, can the North Korean people really continue with the horrible status quo, especially considering the increasing cultural penetration into the state through mobile phones and other sources of information.  KIMJONGUN

The more searching question is what does this mean for the next generation of cyber interactions (I have explored 2001-2011 empirically)? If this is directly attributable to North Korea and the United States does not respond like they have threatened to in the past, will this be seen as a green light by some countries to launch aggressive cyber operations as long as they do not do massive damage to US government interests?

To me the story is much of typical pattern observed in cyberspace, states doing the least they can and hoping to get away with it.  Cyber interactions have the often stated attribution problem, it is impossible to determine who launches these operations.  While I believe this framing is absurd since we know exactly who did this.  The problem is that North Korea has plausible deniability in the operation.  It is like finding a car at the side of the road smashed into a tree with lots of stolen merchandise in the boot (trunk for the Americans).  We can know who the owner is, we can check for fingerprints, but in the absence of a confession or a video, can we convict?  They still have plausible deniability as long as no one is caught red handed and that frame will always remain in cyberspace.

The other point about the story is that fault is often in the target.  Buzzfeed and Gizmodo reported (within 30 minutes of each other so I am not sure who to credit) that Sony had all their passwords in one directory named password.  While this might be ok for your Grandmother, this level of ineptitude is not acceptable for a major international firm.

Leaving important files on a central network is really the problem, not North Korea.  While this hurts them, just as the past PlayStation attack did, they will recover and remain.  They just might have sore wrists because they have reverted back to paper and pens at this point.  The lesson here is clear, cyber conflict is a possible response to international and cultural threats, albeit the response is limited and mostly ineffective in nature.  These events will happen, but does that really mean that the possibility of harm is increased with cyber activities?  I would think not, unless you consider all the trees killed with the demise of the Sony email system.  Despite all the harm to Sony networks, they also probably could not have asked for more publicity for the movie …