Terabyte Terror Bites Sony

The movie “The Interview” was intended to make the audience laugh while watching the two main actors Seth Rogan and James Franco clown around and make fools of themselves. But the last laugh seems to be on Sony and the film after a massive computer hacking on November 24, 2014, knocked out the system and stole some 100 terabytes of data. Many, including members of the U.S. intelligence community, believe North Korea is the culprit. Pyongyang indeed has sophisticated capability in cyber technology to wreak havoc. No one should be surprised, including Sony, that a government with an episodic history of violent terrorism would carry out such an attack. But we don’t yet know for sure if it is directly responsible for these events.

The caution especially applies to the terror threat; the language in the terror message does not sound in sync with the standard propaganda language or aggressive rhetoric that the regime usually employs. One possibility is that the threat, which caused movie theatres and Sony to stop the release of the film on Christmas Day, was the work of freelance terrorists who sympathize with North Korea or possibly are supported by Pyongyang.

The worlds of make-believe and geopolitical sensitivities have collided in recent weeks. Pyongyang had been pleading for months to make the “The Interview” go away. In June 2014, the DPRK ambassador to the United Nations, Ja Song Nam, sent a letter to the UN Secretary General voicing Pyongyang’s objections to the film. Ambassador Ja stated that the production and distribution of the movie should be regarded as “the most undisguised sponsoring of terrorism, as well as an act of war” and urged the United States to “take immediate appropriate actions” to ban its production and distribution. For North Korea, depicting the assassination of its ‘supreme leader’ is sacrilegious. It is, after all, a secular theocracy, with Kim Jong Un and his father (Kim Jong Il) and grandfather (Kim Il Sung) forming the Holy Trinity.

Outsiders view North Korea as “isolated” and “backward” and therefore incapable of having the human and material resources to conduct serious cyber activity. But the reality is different. At least one in 12 North Koreans has a smartphone, and they are not just used for posing. They have access to a 3G network operated by a joint venture between Orascom, an Egyptian company and the North Korean government. Orascom keeps a count of North Korean subscribers, which amounts to about two million. As happens in other developing countries, precious resources are often shared by family and neighbors, so access to communication might reach many more than 2 million. Pyongyang has also the capacity to jam signals for GPS satellites. Most relevant to the Sony case, the government trains thousands of young, smart students in mathematics, engineering, and related fields who go on to form a force of about 5,900 “cyber warriors.” The best of them get additional training in China and Russia.

The Sony case involved a very sophisticated and complex set-up, using computers in Singapore, Thailand, Italy, Poland, Cyprus and elsewhere. CBS “This Morning” (December 19, 2014) included an expert’s assessment that it would have taken “months, maybe even years, to exfiltrate something like 100 terabytes of data without anyone noticing.” He doubted whether North Korea’s cyber infrastructure would have been able to support such a massive job. But in truth, the large majority of cyber attacks are launched from within China, North Koreans work out of shell companies.

The story is unfolding hour by hour. Right now, the talk is on whether and how the U.S. government should respond. Some advocate calling the cyber attack on Sony an act of terrorism against the United States and therefore declaring war on North Korea. Others talk of retaliating with cyber attacks on the DPRK. And others still talk of increasing and/or tightening economic sanctions on the regime, while some say Washington should ask Beijing for help in restraining Pyongyang.

But none of these options makes sense at this point. First, declaring war is serious business even if we had incontrovertible proof. Furthermore, NATO’s Tallinn Manual (the U.S. is part of NATO) defines an act of cyberwar that permits a military response as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.” And if the U.S. has not gone to war over North Korea’s nuclear weapons, we certainly will not over Sony. Second, retaliating in kind can’t undo the harm done to Sony and could invite international escalation or a cyber arms race. Besides, knocking out the DPRK’s systems could have unwanted impacts on individual North Koreans who sacrifice their lives to get access to the outside world via internet and cell communication in defiance of the regime.

Economic sanctions? There already exists a broad array. And targeting sanctions against North Korea’s cyber establishment would be difficult to achieve, since operations often are managed from outside North Korea. Asking China for help is an unreliable prospect. U.S. government sources are investigating the possibility that China, as well as Russia and maybe Iran, might have helped North Korea. All three countries have used similar types of software in cyber attacks.

Last, media reports suggest, based on Sony emails that had been leaked through the November 24 attack, that U.S. government officials may have seen a rough cut of the film in June and were apprised of the violent scene where Kim Jong Un is blown up. Some say the officials gave their tacit blessing.

The most proportionate response that Americans make right now is as consumers—to see the film when it becomes available so that we can support our right to freedom of expression. We can also demand that film studios do a public service by reducing gratuitous violence in movies. When we have more facts about the Sony hack and the threat, we can then consider what an appropriate official response should be. Leaping to action may save the day in the movies, but not necessarily in geopolitics.