A Hollywood screenwriter friend of mine sent me a note a few months back about a new film he thought I’d like. Called “The Interview,” it is a Seth Rogen and James Franco romp about an unlikely pair trying to assassinate North Korean leader Kim Jong Un during a television interview.
Soon after, I read that Pyongyang was upset about the movie calling it an act of war and vowing some form of revenge. A letter was sent in protest to the UN Secretary General about the film. Typical thin-skinned North Koreans, I thought, they’ll surely be off soon to another incident to gin up.
Well, it turns out Kim Jong Un may have a longer attention span than I gave him credit for. And he may be the ultimate film critic, literally trying to destroy the film and the company which produced it, Sony Enterprises. Instead of a thumbs up or down, North Korea may have not only hacked the Sony web site, destroyed Sony computers, but has “advance” released a number of Sony films yet to be premiered. Sony is scrambling to minimize the damage. U.S. law enforcement is being called in to assess the situation. And the self identified (yet unknown) hackers who perpetrated the event – “The Guardians of Peace” – are posting their pleasure with the results around the net.
As silly as it sounds, this case cuts to the quick on a number of cyber issues we increasingly face as the world continues to wrap the Internet in our daily lives. First of all, while North Korea may have complained bitterly about the movie and is the leading suspect, the attribution of the attack is still unclear. It is easy to hide in the Internet through a maze of servers worldwide. And finding out the actual “who dun’ it” is not an easy job for anyone. Maybe it was disgruntled employees recently fired from Sony. Maybe the North Koreans hired one of the ex-employees? The scenarios can go on ad nauseam.
Second, if it is the North Koreans and their well-known large-scale cyber unit, what is our response going to be? What happens when a nation state attacks a private U.S. firm? Is this simply a matter of law enforcement or it is a threat to our border and national security? If they can do this to Sony, whom else might they choose to attack? And, of course, what is Washington’s response? Diplomatic? Arrest warrants? Counter cyber attacks?
Ultimately, the film will be released shortly to greater fanfare than it might have had otherwise. (Kim forgot the first rule of Hollywood – all publicity is good publicity.) Sony will recover its computer systems and take a tax loss on the released films. And maybe Kim Jong Un will learn to use the Rotten Tomatoes film critic web site to make his protests.
All jokes aside, a full decade into the explosion of the Internet for everyday use, we have trouble with attribution of attack and are still debating government responses to external cyber threats. As we dive into the so-called Internet of Things where everyone day to day lives from their home alarms to their cars will be dependent on the Internet, Washington needs to do a lot better.