Stanford University

Korea expert answers questions on Sony hacking

reuters theinterview "The Interview," a Sony Pictures film starring actors Seth Rogen and James Franco about a fictional plot to assasinate North Korean leader Kim Jong-un, releases in theaters.

Sony Pictures Entertainment was set to release a satirical comedy, “The Interview,” in late 2014, but a cyberattack hit the organization that leaked corporate information, leading the company to initially pull the film and opening up a string of theories over who was behind the attack and how to respond.

Speculation began to mount as a clearer picture of the unprecedented hacking, both comprehensive and large in size, began to emerge. The breach is thought to be retribution for Sony’s production of the film, which carries a plot to assassinate North Korean leader Kim Jong-un.

Then, a threat was directed at movie theaters and moviegoers planning to screen and see “The Interview.” The message warned those against involvement ahead of the film’s Dec. 25 opening, indicating a “bitter fate” and alluding to the 9/11 attacks in the United States.

An unknown group, The Guardians of Peace “GOP,” claimed responsibility for the cyberattack. Media and those familiar with North Korea began to point blame on the country, which had already publicly condemned the film last June and has a history of cybercrime. Responding to accusations, top North Korean leadership rejected any involvement in the attack.

rsd14 078 0248a

The White House responded as Sony canceled the film’s New York premiere and said it would discontinue distribution. Following his year-end press conference, President Barack Obama condemned the hacking, citing the Federal Bureau of Investigation’s conclusion that North Korea was behind the attack. The President said the United States would respond “proportionally,” and on Jan. 2, signed an Executive Order that put into action a series of sanctions imposed by the Department of the Treasury.

David Straub, a Korea expert at Stanford University, answered questions about the Sony hacking and its policy implications for the United States and North-South Korean relations. Straub is the associate director of the Korea Program at the Walter H. Shorenstein Asia-Pacific Research Center. He formerly served as the State Department’s Korean affairs director.

What do we know about the Sony hacking? Who’s responsible?

Based on many types of evidence, including confidential information, U.S. government officials appear to be quite confident that North Korea did in fact conduct this operation. There’s still some disagreement in the media and among tech experts over who is responsible. They’ve cited a number of reasons but the main one is that the FBI’s official statement attributing the attack to North Korea provided evidence that they believe is far from conclusive. I myself am not a technical expert, but based upon my following North Korea for many years – the attack strikes me as being very likely to have been a North Korean operation. The FBI statement noted that the Sony attack is similar to an attack that the North Koreans conducted against South Korean banks and media outlets in March 2013. In that attack, many South Korean banks had their hard drives completely wiped clean. It was a hugely destructive attack and very similar to what happened to Sony.

Does North Korea’s response to the Sony hack coincide with past behavior?

In addition to the 2013 South Korean bank cyberattack, the North Koreans apparently sank a South Korean naval vessel in 2010, killing 46 sailors. In both instances, the North Koreans denied that they did it, expressed outrage over being accused, demanded that the South Koreans produce proof, said that they could prove that they didn’t do it, and then requested that the South Koreans conduct a joint investigation. These same demands are being made in response to the U.S. blaming Pyongyang for the Sony cyberattack. It couldn’t be more similar. More generally, the North Korean regime is very calculating. They know they can’t win an outright military confrontation with South Korea, much less the United States, so what they do is try to find a weak link and go after it in a way in which they have plausible deniability – a situation where it’s very difficult for the attacked party to prove who did it.

Describe North Korea’s hacking capabilities.

North Korea is a very secretive country, so it’s hard to be completely certain of their cyber capabilities. However, according to many accounts, the North Korean government has established professional hacking schools and units over the years, resulting in hundreds if not thousands of trained hackers. North Korea has engaged in a number of attacks in the past, the most prominent one was the attack on South Korean banks in March 2013. But also, a few years ago, North Korea conducted less sophisticated attacks on major U.S. government websites.

Why would they conduct an attack?

The North Koreans appear to have both the capability and the motivation to attack Sony. The nation’s entire political system rests on a cult of personality – now a cult of family, actually – that began with the founder of the regime, Kim Il-sung, and extends to his grandson today, leader Kim Jong-un, who has been in power since Dec. 2011. It’s the only thing holding the political system together at this point. The cult of personality is so strong that any direct criticism of the top leader is something that North Koreans will compete among each other to reject. From this standpoint, it seems very likely that they would feel they had to prevent the showing of a movie that features an assassination of Kim Jong-un. And, the hackers had plenty of time to prepare for and implement the attack because everyone knew well ahead of when the movie would be released.

The United States placed new financial sanctions on North Korea. What impact will the sanctions have?

President Obama made it clear that the U.S. government would respond at a time, in a place, and in a manner of its own choosing. Not all measures taken would be made public. So far, the first publically announced measure was the President’s Executive Order on Jan. 2 imposing additional sanctions on a number of North Korean agencies and officials. This in itself is unlikely to have major consequences because most of those entities were already sanctioned. But, the Executive Order states that the sanctions are being implemented not only because of the cyberattack against Sony, but more generally because of North Korea’s actions and policies, including its serious human rights abuses. So in a sense, the North Koreans got the United States to expand its reasons for sanctioning them.

 

President Obama addresses the Sony hacking, saying the United States will "respond proportionally," at his year-end press briefing on Dec. 19.

President Obama addresses the Sony hacking at his year-end press briefing on Dec. 19. Photo credit: WhiteHouse.gov

 

What other steps will the United States likely take?

President Obama left open the possibility that North Korea might be returned to the U.S. State Sponsors of Terrorism list, from which the nation was removed in 2008. I think it was a mistake to remove North Korea from that list in the first place. It was done to promote progress on the nuclear talks, which eventually failed, and ignored a number of terroristic actions that North Korea has committed in recent years. Another possibility, which is being pushed by Republicans in Congress, is to increase financial sanctions that mirror the type that were successfully implemented in Iran.

How will the U.S. response influence cybersecurity policy going forward?

The attack on Sony is a huge wakeup call to American businesses, and even to the U.S. government. It’s the first attack of this size on a company located in the United States. It got tremendous profile in the media and the President has been personally engaged in responding. Nearly everyone has heard about it, so U.S. companies are now going to be focused much more on cybersecurity because it has exposed some potential vulnerabilities – a “if North Korea can do it, presumably others can too” mentality. Moreover, if an attack can be executed on a film company, it could also be done to other businesses and even to elements of U.S. critical infrastructure.

How do you view North Korean leader Kim Jong-un’s possible offer to meet with South Korean leadership this year?

Kim Jong-un said that he was open to the possibility of a summit with South Korea in his annual New Year’s address, although he made no specific proposal. He made clear that the summit would be conditional on actions to be taken in advance by South Korea. Among these, Kim demanded ending U.S.-South Korean military exercises and halting the flow of propaganda-filled balloons sent over the border into the North by non-governmental activist groups in the South. Moreover, North Korea has a history of expanding its conditions later, without any warning. So, I think one has to be skeptical. The signal is unfortunately less likely to be a sincere effort toward real, sustained dialogue, and more likely to be a North Korean propaganda effort devised to confuse, divert and divide international public opinion. That said, South Korea has acted entirely appropriately in welcoming the signal and reiterating its own offer of high-level talks. Let’s hope for the best.

David Straub also participated in an interview with Public Radio International on Jan. 1 about the prospect for North-South talks, the audio can be accessed on the PRI website.

All Shorenstein APARC News