The Kims Get Even Ronerier

While security experts have been skeptical of the US government’s claim that North Korea was behind the Sony hack, Washington is sticking to its guns and leveling new sanctions against the already isolated regime of Kim Jong Un:

The United States on Friday sanctioned 10 North Korean government officials and three organizations, including Pyongyang’s primary intelligence agency and state-run arms dealer, in what the White House described as an opening move in the response toward the Sony cyber attack. The sanctions might have only a limited effect, as North Korea already is under tough U.S. and international sanctions over its nuclear and missile programs. President Barack Obama also warned Pyongyang that the United States was considering whether to put North Korea back on its list of state sponsors of terrorism, which could jeopardize aid to the country on a global scale.

North Korea has already been under severe US sanctions for some time, Foster Klug observes, but that hasn’t done much to deter it from making mischief:

Some analysts say Washington and others have the ability, should they choose, to apply more severe financial measures to hurt the North’s leadership. But many others point out that a raft of multilateral penalties from the United Nations, as well as national sanctions from Washington, Tokyo and others meant to punish the government and sidetrack its nuclear ambitions, have done nothing to derail Pyongyang’s pursuit of a nuclear tipped missile that could reach America’s mainland.

The most recent sanctions, which target 10 North Korean government officials and three organizations, including Pyongyang’s primary intelligence agency and state-run arms dealer, will have a limited impact because North Korea will likely assign other people or organizations to take over the work of those targeted, analysts say.

And even if the new measures had sharper teeth, Matt Schiavenza points out that there’s not much chance of them damaging the Kim regime as long as Beijing remains willing to prop it up:

The country does have one important ally on the global stage: China, which provides Pyongyang with nearly 90 percent of its energy needs and occasionally thwarts U.S.-led attempts to impose sanctions. In recent years, Beijing has grown increasingly impatient with North Korea’s intransigence on the nuclear issue, and, in a pointed rebuke, President Xi Jinping has not yet met with North Korean leader Kim Jong-un since the former assumed China’s highest office in 2012. But even if China’s relationship with the North has chilled, it is unlikely to sympathize with the U.S. over the Sony hacks. When the New York Times uncovered evidence in early 2013 that a unit of China’s People’s Liberation Army conducted cyber-espionage against American interests from an unmarked building outside Shanghai, Beijing argued that the U.S. is no less guilty.

Max Boot, who is pretty sure that “the spooks have some highly classified clue pointing the finger of blame at Pyongyang”, approves of tightening sanctions but also wants the US to commit to a grander objective of regime change:

In the final analysis, beyond sanctions, the real solution to the North Korean threat lies in peaceful reunification of the Korean peninsula. That won’t happen overnight but it is a goal that the U.S. should dedicate itself to–as urged by the noted North Korea watcher, my friend Sue Mi Terry, and more recently by my boss, Richard Haass. If President Obama truly wants the right answer not just to the cyber-attack but to other North Korean outrages, this is it: Come up with a strategy to hasten the eventual implosion of Communist North Korea, the worst human-rights violator on the planet, and the creation of a single, democratic, unified Korean state.

But Bershidsky joins the chorus of those who find it hard to swallow the claim that Pyongyang was behind the hack:

The biggest problem with blaming North Korea is that Kim Jong Un’s dictatorship gained nothing from the hack. Because of the phenomenon known as the Streisand effect, “The Interview,” the Sony comedy spoofing Kim, became a major hit on download and streaming services, pulling in $18 million in just a couple of days. All the free publicity the movie received is likely to make other film makers consider attacking Kim — of course, after taking measures to take their sensitive information offline. Are North Korean spies so stupid that they couldn’t predict the explosion of interest in “The Interview” after the hack? I doubt it: no one should be so dumb.

The Known Unknowns Of Cyberwar

Noting that we still can’t say for sure whether the Sony hack was the work of North Korea, Schneier discusses the implications of a form of warfare in which the perpetrator can’t be immediately identified:

When it’s possible to identify the origins of cyberattacks—like forensic experts were able to do with many of the Chinese attacks against U.S. networks—it’s as a result of months of detailed analysis and investigation. That kind of time frame doesn’t help at the moment of attack, when you have to decide within milliseconds how your network is going to react and within days how your country is going to react. This, in part, explains the relative disarray within the Obama administration over what to do about North Korea. Officials in the U.S. government and international institutions simply don’t have the legal or even the conceptual framework to deal with these types of scenarios. …

It’s a strange future we live in when we can’t tell the difference between random hackers and major governments, or when those same random hackers can credibly threaten international military organizations. This is why people around the world should care about the Sony hack. In this future, we’re going to see an even greater blurring of traditional lines between police, military, and private actions as technology broadly distributes attack capabilities across a variety of actors. This attribution difficulty is here to stay, at least for the foreseeable future.

Neal Pollard compares the reality of cyberwar to what our military and intelligence brass had assumed it would look like:

Secretaries of Defense have been talking since the 1990s about a “cyber Pearl Harbor,” typically characterized as a massive attack on infrastructure such as the electric grid or transportation, usually envisioning massive economic damage and even great loss of life, as a strategic element accompanying a broader conflict among powers. This has been the dark future of various government and think-tank scenarios, predicting how nation-states would use cyberspace as a battlefield for national political or military advantage.

What we have seen over the past few years in the United States has been different: nation-states like (possibly) Iran and North Korea, using damaging but fairly limited attacks against specific companies such as banks, oil producers and media companies, to pursue rather tactical foreign policy goals, with no significant military context. … While it is true some states such as Georgia, Ukraine and Estonia have suffered wider-scale cyber-attacks, these have been within a broader context of threatened or actual military conflict. If the Sony and similar episodes are harbingers of future cyber conflict, then private-sector corporations might be dragged into state-driven geopolitical conflict as instruments of foreign policy and economic pressure, long before they become trenches under fire on a digital battlefield.

Meanwhile, Greenwald rails on on the media for swallowing the government’s line that North Korea did it, despite a lack of evidence to that effect:

It’s tempting to say that the U.S. media should have learned by now not to uncritically disseminate government claims, particularly when those claims can serve as a pretext for U.S. aggression. But to say that, at this point, almost gives them too little credit. It assumes that they want to improve, but just haven’t yet come to understand what they’re doing wrong. But that’s deeply implausible. …

U.S. journalists don’t engage in this behavior because they haven’t yet realized this. To the contrary, they engage in this behavior precisely because they do realize this: because that is what they aspire to be. If you know how journalistically corrupt it is for large media outlets to uncritically disseminate evidence-free official claims, they know it, too. Calling on them to stop doing that wrongly assumes that they seek to comport with their ostensible mission of serving as watchdogs over power. That’s their brand, not their aspiration or function.

Did North Koreans Even Hack Sony In The First Place?

Maybe not. At the very least, they probably didn’t do it alone:

According to an anonymous government source, Reuters report​s, the FBI is now considering the possibility that North Korea contracted the job out to foreign hackers. The source told Reuters that North Korea “lacks the ability” to pull off such an extensive cyber attack. Norse, Inc., a cybersecurity firm based in California, claims to have un​covered evidence that links the hack not to North Korea, but to an ex-employee laid off this year among thous​ands of other Sony workers.

Sam Biddle talks to Kurt Stammberger, the Norse exec whose team identified the “Guardians of Peace” hackers as including several ex-Sony employees:

Stammberger and his team shared their raw data with the FBI yesterday, and agreed to not show his evidence elsewhere, so the theory as he described it to me is still sketchy. But it hinges on an ex-Sony employee that Stammberger calls “Lena.”

 

“Lena” was an employee of ten years at Sony in Los Angeles, working in a “key technical” position at the company, and axed during the company’s brutal layoffs this past May. Even if she’d departed the company months before the attack, she would have remained “very well placed to know which servers to target,” and “where all the sensitive information in Sony was stored.” … What drew this group together, Stammberger says, is a mutual hatred of Sony: “These were individuals that were connected with torrenting Sony movies and content online, were targeted by legal and law enforcement arms, and were irritated that basically they were caught.”

The experts at Norse aren’t the first to question the FBI’s assertion that Pyongyang did the hacking:

Brian Martin of Risk Based Security, for example, told Motherboard that the malware used in the attack communicating with North Korean IP addresses likely indicates nothing more than the hackers cleverly routing their attack through North Korean proxies. Marc W. Rogers, principal security researcher for CloudFlare, told us that the malware used in the attack—which the FBI claims is similar to previous attacks that have been linked to North Korea—was likely shared among many hackers and built using code from previous malware.

And security expert Bruce Schneier has called the evidence “circumstantial at best”. But the FBI is sticking to its story for the time being. Meanwhile, the hackers are now threatening an unnamed American news organization:

Referring to Sony only as “USPER1”and the news organization as “USPER2,” the Joint Intelligence Bulletin, dated Dec. 24 and marked For Official Use Only, states that its purpose is “to provide information on the late-November 2014 cyber intrusion targeting USPER1 and related threats concerning the planned release of the movie, ‘The Interview.’ Additionally, these threats have extended to USPER2 —a news media organization—and may extend to other such organizations in the near future.”

The bulletin doesn’t identify “USPER2”, but Matthew Keys ventures a guess:

The Desk is identifying the news organization as CNN based on copies of messages posted to Pastebin on December 20. The messages have since been removed from Pastebin. In one message, the group mockingly praised CNN for its “investigation” into the attack on Sony’s computer network and offered a “gift” in the form of a YouTube video titled “You are an idiot.” The message closed with a demand that CNN “give us the Wolf,” a likely reference to CNN news anchor Wolf Blitzer.

Sony Bucks Pyongyang, Bags A Few Bucks

If the North Korean regime had hoped to stop anyone from seeing The Interview with its cyberattack on Sony and unsubstantiated terrorist threats, they didn’t quite pull it off. After initially deciding to pull the film, Sony backtracked and released it online on Christmas Eve. The Interview pulled in nearly $18 million over the holiday weekend, including $15 million online:

According to Sony, more than half the online revenue came from the Google Play Store and YouTube (both owned by Google), and after being limited to U.S. residents in its first few days, the online release was later expanded to Canada. Sony reports that the film has been downloaded or streamed more than 2 million times so far. The 331 theaters that screened the film generated significantly less revenue, with a reported $2.8 million in ticket sales. Many of the larger theater chains declined to screen the film due to Sony’s decision to make it available online on the same day as the theatrical release.

While that’s hardly a good take for a major Hollywood release (its total production costs were somewhere in the $100 million range), it sure beats the zero dollars it would have made had Sony capitulated and pulled the film entirely. Still, Ian Morris observes, the studio could have made more money had it not limited the digital release to the US and Canada:

According to various sites, BitTorrent downloads on public trackers were at nearly 1 million viewers after 24 hours. Those numbers exclude private trackers and places like newsgroups, IRC and “locker” based copies (those hosted on Dropbox or similar sites). Factor all those in, and it’s plausible that more people pirated the movie than paid. … Of course, you’ll never stop piracy, but blocking the film from being watched in other English-speaking countries is just foolish. Sony could, perhaps have doubled its money if it had allowed non-US residents to watch the film. And even if this had penalties with distributors, it feels like this might be the ideal time to try the model out anyway.

Todd VanDerWerff sees The Interview as “an important test of whether movies can now sustain themselves with day-and-date releases in theaters and at home”:

And though that $15 million weekend was undoubtedly boosted by curiosity seekers drawn by the controversy around the film, it’s still an incredibly impressive number. A Marvel superhero movie, which requires a much larger opening weekend than that, probably won’t be using day-and-date releases soon, but it stands as an increasingly viable alternative for smaller budget projects. … Of course, the big question in online releasing is how studios will balance the potential for money made there against the needs of movie theaters, which are still necessary to open big studio tentpole films, at least for the time being. And by so utterly outperforming theatrical sales with online sales, The Interview has also shown why theater owners are so worried.

So what, then, was Pyongyang’s game? Shortly before the holiday, Suki Kim advanced a compelling theory:

This scandal seems to be following the usual course designed by North Korean propagandists, where the more serious and consequential story gets buried behind the sensational headlines that benefit no one more than the North Korea regime. What is being overshadowed this time is the one thing Pyongyang desperately wants the world to ignore. The United Nations’ General Assembly recently voted, by an overwhelming majority of 116 to 20 (with 53 abstentions), to refer North Korea to the International Criminal Court, and the U.N. Security Council met on Monday and voted in favor of adding North Korea’s human rights issues to its agenda over the objection of China and Russia. … I am not sure how much Kim Jong-un really cares about being facetiously killed by actors in a Hollywood comedy, but it appears that he doesn’t want to have an arrest warrant issued against him by an international court the crimes against humanity.

Sony’s last-minute decision to release the film after all should give some comfort to Flemming Rose, who had linked the initial decision to pull the movie to the worldwide trend of “grievance fundamentalism” (a subject the Dish knows all too well):

In today’s grievance culture, with its identity politics and cultivation of the victim, the grievance lobby has succeeded in shifting the fulcrum of the human rights debate from freedom of speech to the necessity of countering hate speech; from the individual pursuing individual liberties to the individual being aggrieved by the liberties taken by others. That shift becomes counterintuitive, the logic increasingly absurd. Those aggrieved by free speech are defended, while others whose speech is perceived as offensive to such a degree that they are exposed to death threats, physical assault, and sometimes even murder are deemed to have been asking for it: “What did they expect offending people like that?”

Thus, perpetrators are transformed into victims, victims into perpetrators, and it’s impossible to know the difference. The distinction between critical words and violent actions, between a picture and a violent reaction, between tolerance and intolerance, between civilization and barbarism is being dissolved.

What’s Kim Jong Un’s Game?

Josh Rogin tries to understand North Korea’s reasons for hacking Sony:

For Kim, it’s all about himself and his ongoing effort to consolidate power. Therefore, his image is the one thing he cannot afford to take chances on.

“This is a signal of the fragility of Kim Jong Un’s rule,” said James A. Lewis, a senior fellow and long time North Korea watcher at the Center for Strategic and International Studies. “We can take a joke, Kim can’t because he doesn’t want his people to get any ideas. The last thing he wants is his subjects to see him as an object of ridicule, much less able to be assassinated.”

Max Fisher, on the other hand, contends that North Korea “wants us to see them as crazy, irrational, volatile — and dangerous”:

Kim Jong Un isn’t stupid: he knows that his weak, impoverished state is much weaker than the US and South Korea and Japan, all of whom would just love to see his government collapse. North Korea can only deter those enemies by being more threatening and dangerous; it will never be stronger, so it has to be crazier instead, always more willing to escalate. This convinces the US and other countries, even if they see through Kim’s game, that it’s just easier to stay away from North Korea than to risk provoking the country into another flamboyant attack. …

This strategy of portraying itself as crazy is remarkably effective at securing North Korea’s strategic goals. But it is also quite dangerous. By design, the risk of escalation is high, so as to make the situation just dangerous enough that foreign leaders will want to deescalate. And it puts pressure on American, South Korean, and Japanese leaders to decide how to respond — knowing that any punishment will only serve to bolster North Korean propaganda and encourage further belligerence. In this sense, the attacks are calibrated to be just severe enough to demand our attention, but not so bad as to lead to all-out war.

The Sony hack certainly demanded out attention. Though he fully admits that the hack was “a far smaller thing” that 9/11, Drum sees some similarities in terms of “bang for the buck”:

Despite what press reports say, it wasn’t really all that sophisticated. It was, to be sure, a step up from box cutters, but it’s not like North Korea tried to hack into a nuclear power plant or the Pentagon. They picked a soft target. In fact, based on press reports, it sounds like even in the vast sea of crappy IT security that we call America, Sony Pictures was unusually lax. Hacking into their network was something that probably dozens of groups around the world could have done if they had thought about it. And like al-Qaeda before them, North Korea thought about it. And they realized that a Sony Pictures hack, done right, could have an outsized emotional impact. Like 9/11, it was a brilliant example of using a relatively crude tool to produce a gigantic payoff.

North Korea Is Not Amused, Ctd

Gordon G. Chang thinks US companies are unprepared for the type of hacker threat plaguing Sony right now:

The real story is that Washington, over the last decade, has done little to prevent cyberattacks against American-based businesses. … North Korea does not appear to hack American companies for commercial purposes, but China does. According to the Intellectual Property Commission, that nation is “the world’s largest source of IP theft.” The Kim regime has undoubtedly noticed Washington’s ineffectual response to China, which has been implicated in Pyongyang’s alleged assault on Sony Pictures—the attackers apparently used IP addresses inside Beijing’s “Great Firewall,” a sign of Chinese knowledge of the crime and perhaps complicity.

David Holmes suggests that businesses aren’t the only ones in danger – you could be too:

While a lot of talk has centered on whether or not North Korea was involved as retaliation for an upcoming Seth Rogen movie, one cybersecurity expert has a different takeaway: That this could create a field day for hackers who didn’t even have anything to do with the attack.

Robert Cattanach is a partner at the international law firm Dorsey & Whitney who specializes in cybersecurity regulatory litigation. After studying the moves of hackers for years, he argues that the films themselves leaked in the attack are going to become a prime target for cybercriminals. … Of course, pirated content has always been a breeding ground for malware. But part of what makes the content associated with the Sony attack so attractive to hackers, Cattanach argues, is that this is a high-profile, headline-making attack, and therefore the leaked movies could attract lots of average consumers who don’t normally seek out pirated content — and who may lack the expectations and experience to avoid malicious websites and prompts.

So bootlegger beware. Meanwhile, Sean Fitz-Gerald notes Sony’s other big struggle right now:

To make matters worse for the studio, Deadline reported that three class-action lawsuits involving an alleged anti-poaching and wage-fixing conspiracy with two of Sony’s animation divisions and other heavyweights have been lumped into one big complaint. Pixar, Lucasfilm, DreamWorks Animation, the Walt Disney Company, Blue Sky Studios, ImageMovers LLC, and ImageMovers Digital LLC are named as co-conspirators. The fixing allegedly began when a handful of animation-studio heads were displeased to learn about Sony’s competitive compensation and recruitment efforts, according to the documents. After restraining wage practices, the studios involved proceeded to agree upon compensation ranges.

North Korea Is Not Amused

It appears Kim Jong-Un can’t take a joke:

Sony Pictures Entertainment is exploring the possibility that hackers working on behalf of North Korea, perhaps operating out of China, may be behind a devastating attack that brought the studio’s network to a screeching halt earlier this week, sources familiar with the matter tell Re/code. The timing of the attack coincides with the imminent release of “The Interview,” a Sony film that depicts a CIA plot to assassinate North Korean leader Kim Jong-Un. The nation’s ever-belligerent state propaganda outlets have threatened “merciless retaliation” against the U.S. and other nations if the film is released.

Anna Fifield puts the cyber attack in context:

Although no one but the most elite of the elite has access to the Internet in North Korea, the Kim regime has been building quite a cyber army and it has a record when it comes to devastating cyber attacks. Pyongyang was blamed for a massive hack on South Korean sites – including government, media and banking sites – last year that coincided with the anniversary of the start of the Korean War.

Alan Woodward questions whether North Korea is really to blame:

North Korea quite possibly has motive, means and opportunity to carry out this attack on Sony, but as with any successful prosecution, that isn’t enough. We need evidence. We will have to wait for the detailed forensic work to complete before we stand a realistic chance of knowing for certain.

That may or may not be forthcoming, but in the meantime we should consider what this event tells us about the balance of power in cyberspace. In a world in which major disruption can be caused with scant resources and little skill, all enemies are a threat. North Korea might be the rogue state that everyone loves to hate but there are plenty of others who could have done it.

On the other hand, North Korea isn’t denying that is was responsible. And the WSJ reports that the hackers “used tools very similar to those used last year to attack South Korean television stations and ATMs.” Regardless, the hack could have serious economic consequences for Sony:

So far the biggest tangible result of the hack seems to be the leak of five Sony films. DVD-quality versions of FuryAnnie, Still Alice, Mr. Turner and To Write Love on Her Arms are all now available on file-sharing sites. All of the movies except for Fury have yet to be widely released, so piracy could be a huge blow to their box office take. Over the summer, The Expendables 3 bombed at the box office because a high-quality version of the movie leaked online weeks before it premiered. And a 2011 Carnegie Mellon study found that such pre-release leaks can reduce a movie’s box office take by as much as 19%.