N. Korean Cyber-Attack: Real, or Smokescreen?

Seth & James' interview

Image courtesy of Sony Pictures Entertainment

N. Korea Cyber-Attack: Real, or Smokescreen
| published December 5, 2014 |

By Thursday Review staff


As was reported widely in the press this week, Sony Pictures is the latest major company to have become the victim of a major data breach. In Sony’s case, the invasion was far worse—and far more penetrative—than what has become the garden variety heists of the last year: Target, Michael’s, Neiman-Marcus, Home Depot, for whom all experienced intrusions to extract credit and debit card data and other personal information belonging to customers.

When an online group called Guardians of Peace (with the unfortunate acronym GOP) broke into Sony Pictures’ computer network last week, among the things that were stolen were digital packets containing motion pictures not yet released by Sony, personnel files and spreadsheets containing salaries and expenses, employee social security numbers, treasure troves of emails and other internal correspondence, and even the talking points regarding salaries and bonuses for top movie execs. Among the movies stolen, then released online to millions: a screening version of Annie, which was not yet debuted in theaters, and the war movie Fury, with Brad Pitt and Shia LeBouf, already in theaters but still generating revenue. Both were downloaded hundreds of thousands of times by people eager to grab the free movies.

But with the impending theatrical release of the spy-thriller-satire The Interview, starring Seth Rogen and James Franco, those investigating the Sony hack—including the FBI and several independent security contractors—put two and two together, logically, to come up with four. The Interview is a fictional and comedic take on the assassination thriller—two semi-amateur journalists are recruited by the CIA to broker a meeting with North Korean leader Kim Jong-un, at which time they will kill the blubbery, youthful, but brutal, Dear Leader.

When word of the screenplay first leaked out earlier in 2014, the top folks in Pyongyang were not amused. At first, North Korea simply petitioned the United Nations, requesting that the U.N. demand a halt to the film’s production. But that went nowhere. Humorless to a fault, and possessed with the sort of universal adoration for its “leader” only possible in societies where independent thought is banned, those in North Korea’s top circles called the production of The Interview “an act of war,” and issued decrees to any able-bodied citizen north of the demilitarized zone to engage in electronic warfare against the U.S. in retaliation for its provocation. But since less than 1% of the North Korean population has access to the internet (fewer still have computers), the challenge of “attacking” American was left to a cadre of code elitists—members of an Army unit called Unit 121, based in a heavily-guarded and secretive building (how’s that for redundancy, since everything in North Korea is highly-guarded) in Pyongyang.

All the circumstantial evidence—and even some of the more obscure forensic cookie crumbs—led directly back to North Korea and the easily-irritated, often-irate young Kim Jong-un, whose occasional temper tantrums can result in whole conference rooms of top advisors being hauled off and shot in a beet field, or the random cousin being arrested and shipped off to the concrete block factory. North Korea has already been blamed in the past for several high-profile cyber-attacks on banks and financial institutions in South Korea, and investigators in the U.S. have suggested that North Korea was behind a few similar such attacks in America.

But now some people with close access to the investigations at Sony say “not so fast” on the North Korean link. Guardians of Peace, who took control of the Sony Pictures network—even its email and internal chat platform—may have had a lot of help from someone on the inside. A company called Alien Vault, which is assisting with the investigation, has said that samples of the malware used in the Sony hack contain clues—in this case strong indications that the hackers had an intimate knowledge of the Sony network. Too much knowledge, it seems, to be entirely the work of cyber-warriors in Pyongyang. The malware reportedly used tools that allowed it to communicate with IP addresses in places as disparate as Poland, Bolivia, Thailand and Cyprus (as well as in the United States), a classic process meant to throw investigators off the track. But since the original code was written in Korean, this still leads some to suspect that North Korea was behind the attack. Now a few cyber security experts think that the Korean language aspect was tossed in as a way to confuse the investigations, and perhaps lure the FBI and other agencies to point the finger of blame elsewhere—in this case at North Korea.

In the meantime, The Interview is days away from its debut across the United States. In a perverse case of art imitating life, and vice versa, the hacking controversy may spur greater ticket sales for a movie which a few critics have said—based on early screenings—fell a little short on the comedy Richter Scale.

Talk within the entertainment community in Hollywood has recently circled on two theories: the attack did come from a rogue North Korea; the attack was actually an inside job, possibly orchestrated by a disgruntled employee with some knowledge of the Korean language and a deep proficiency with computer code.

Sony Pictures, which is based in Culver City, California, has offered little in the way of public comment on the data breach, which many analysts say is one of the worst yet ever to hit a major media company. Sony has also refused to officially acknowledge that it suspects North Korea is behind the attack.

But the FBI has been more forthcoming in its statements, though it does not name suspects.

“The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment,” it said in a media statement to Fox News this week, adding “the targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.”

Related Thursday Review articles:

Movie Heist: Did North Korea Hack Sony Pictures?; R. Alan Clanton; Thursday Review; December 2, 2014.

The End of the Film; R. Alan Clanton; Thursday Review; January 18, 2014.