North Korea Strikes Sony in Act of “Cyberwarfare”
Sony's recurrent hacking issue reveals need for a better cybersecurity system
February 2, 2015
No surprises. Well, actually many surprises. Sony was hacked for the 11th time on Nov. 24, 2014, and then again two days later. Sony has established a national record in times getting hacked, which will probably take other companies decades to catch up with.
As expected, the entire ordeal was attributed to North Korea, without any doubt or hesitation. And the instigator of all this drama? None other than the brand new movie The Interview, which follows two television show hosts as they “land an interview with a surprise fan, North Korean dictator Kim Jong-un” and “are recruited by the CIA to turn their trip to Pyongyang into an assassination mission” (IMDB).
The film’s content offended the defensive leadership of North Korea, and is widely believed to have sparked this instance of retaliation against Sony. But was it really North Korea behind the effort? And who is at fault in this case: Sony or the hackers?
Here are the facts.
On Nov. 24, Sony was hacked by a group which called itself the “Guardians of Peace”. Sony Pictures Entertainment suffered a data breach when hackers posted threatening messages on company computers. The threat began with “a skull appearing on screens, and then a strangely ominous message telling users they’d been hacked by something called #GOP. It gets more bizarre as the message claims this is just the beginning and then threatens to release documents by 11 PM this evening.” (Privacy Rights Clearinghouse).
The information that leaked to the public and the press included movies such as Annie, Mr. Turner, Fury, and Still Alice. Personal emails sent by Sony employees were also leaked, and contained everything from Angelina Jolie being called a “minimally talented, spoiled brat” by hotshot Hollywood producer Scott Rudin, to another email exchange between Scott Rudin and Amy Pascal “joking about President Barack Obama’s race” (US Weekly).
Then, after just two days had passed, on Nov. 26, Sony’s PlayStation and Xbox networks were hacked just in time to mess with new products bought during Black Friday shopping sprees. This attack was perpetrated by a different group which identified itself as the “LizardSquad.”
According to KrebsOnSecurity, “various statements posted by self-described LizardSquad members on their open online chat forum – chat.lizardpatrol.com – suggest that these misguided individuals launched the attack for no other reason than because they thought it would be amusing to annoy and disappoint people who received new Xbox and PlayStation consoles as holiday gifts.” This “hack attack” led to many gamers worldwide complaining about how they could not access their accounts on Dec. 25, a very merry Christmas present.
The hack on Nov. 26 was also blamed on North Korea, though the investigators, including the FBI, had mostly misleading information. The U.S. government explicitly blamed North Korea for the attack on Sony, an action which has been harshly criticized by those who believe “another hacking group disguised as North Korea, or a malcontent insider” may just as well be responsible. According to Engadget News, however, documents have proven that the “U.S. government inserted backdoor software into North Korea’s computer systems years before the hack even happened,” and therefore knows in certain terms that North Korea played a part in the hacks.
The central question in this matter, though, is not only who performed the hack, but also what Sony could have changed in order to prevent such hacks from occurring in the future. Sony has a famous history of at least ten hacks that were documented prior to this controversy, plus the two new ones. So it is fair to say that Sony does have a serious security problem. This problem has been discussed for many years, particularly since 2001.
Some say that the number one group that should be blamed for the hacks is not even the actual hackers, but Sony itself. They argue that Sony robs itself each time by deciding not to take action in response to security breaches, and that such a well-established entertainment company should be able to understand that it needs to respond by strengthening its cybersecurity operations.
“By now, it’s no secret that Sony sucks at cyber security. The company’s movie business, Sony Pictures Entertainment, was recently hit with what may end up being the biggest corporate hack in history. It’s not the first time Sony has laid claim to that title. And if history is any guide, it likely won’t be the last” (Gizmodo).
The answer to these vicious attacks on Sony is still in the “inconclusive” phase. It could have been North Korea, and it could have been another group of people who simply thought it would be fun to play games with Sony. Whatever the verdict, this issue has cemented a logical course of action. Assuming Sony plans to continue with its goal of entertaining people, it is evident that the company must take all measures necessary to protect its systems and information from future “hack attacks.”
Feel free to comment. Who do you think is at fault in this case? What should be done to prevent such problems in the future?
Related articles:
The NSA knew North Korea hacked Sony because it hacked North Korea first