By Steve Ranger | December 19, 2014 — 21:25 GMT (13:25 PST)
The Sony Pictures hack combines together celebrity, cybercrime and geopolitics in one dramatic package – worthy of a movie in itself. Now the FBI has now pointed the finger at North Korea over the attack, which combined destructive malware with the theft of huge amounts of corporate data, rendered thousands of Sony’s computers inoperable and forced it to take its entire network offline.
It said as a result of its investigation, “the FBI now has enough information to conclude that the North Korean government is responsible for these actions”.
Bluster, bravado and breaches: Today’s ‘terrorist’ players in cybersecurity
The FBI said its technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows “North Korean actors” had previously developed, noting: “For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”
It also said there was a “significant overlap” between the infrastructure used in this attack and other malicious cyber activity the US government has previously linked directly to North Korea.
“Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart,” the FBI said. North Korea has denied it is involved.
By going public with the claim that North Korea is behind the attack the FBI may be hoping to bring an end to the saga and the steady stream of revelations from the hackers, which have been very embarrassing to Sony. Much will depend on how the so-called ‘Guardians of Peace’, thought to be behind the attack, now respond.
What’s been particularly unusual about the Sony breach is how public it has been, and the hard-to-categorise behaviour of the hackers so far. This is in part why there has been so much debate about who is responsible for the attack: even now the FBI has pointed at North Korea not everyone is convinced – especially as attribution is often incredibly difficult in cases like this.
For example: state-sponsored digital espionage is usually an incredibly secretive affair and the hackers usually have no interest in publicising their attack or drawing attention to themselves.
But in this case embarrassing Sony seems to have been – or at least has become – a major motivation. That’s much more like the behaviour of hacktivists.
Even stranger, it’s been reported that the hackers were initially looking for a pay off and only later they demanded that Sony not release The Interview – a comedy about the assassination of North Korean leader Kim Jong-Un.
What is thought to be the first message from the hackers to Sony execs read in part “We’ve got great damage by Sony Pictures. The compensation for it, monetary compensation we want.”
This message came from ‘God’sApstls’ rather than from the ‘Guardians of Peace’ who have posted messages and information since then including: “Stop immediately showing the movie of terrorism which can break the regional peace and cause the War.”
IT Security in the Snowden Era
The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.
It’s this unexpected combination of tactics that has made this hack so unusual, while the leaking of hugely embarrassing emails has ensured it remains high profile.
“North Korea’s actions were intended to inflict significant harm on a US business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behaviour,” the FBI said, warning that is will “identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or US interests.”
And while President Obama has said the US will “respond proportionately” working out the correct response to this kind of attack is hard, especially against an already-isolated state like North Korea.
Still, there’s a broader problem here. Most law enforcement agencies haven’t worked out how to deal with even basic cybercrime (other than by ignoring it) and many businesses are still not making IT security enough of a priority: as many as 80 percent of large companies have suffered a security breach in the last year and hackers are very rarely caught. On top of this you have the ongoing use and abuse of the web for cyber espionage and the emergence of cyberwarfare capabilities even though the rules of engagement haven’t really been set yet.
Hoping that all these different categories – cybercrime, hacktivism, espionage and cyberwarfare – would remain separate, easily identifiable and understandable was alway going to be wishful thinking. Figuring out how to manage what happens as they continue to evolve – and from time-to-time overlap and merge – is going to be a huge challenge.