So, Sony was hacked and the release of its movie The Interview was cancelled. The digital dust — or should I say bits — has settled. Now, what?
"Respond," says President Obama.
Late last week the White House said Obama was considering a "proportional response" against North Korea for hacking into Sony Pictures' computers. While federal officials have firmly implicated North Korea in the hacking, some cyber security hackers still have doubts.
All the same, there were reports Monday of Internet outages across North Korea. It’s unclear whether this has anything to do with a “proportional response.” But what would a US response look like?
There are two things they could do that would get some attention, according to cyber security expert James Lewis. He's a fellow at the Center for Strategic and International Studies.
“The first is to go after money. North Korea has an extensive black market enterprise, most of the profits of which go to the leadership. Doing a bit more to squeeze those front companies would get some attention in Pyongyang,” Lewis says.
The second tactic, says Lewis, is information.
“[The Interview] hit a nerve because it showed the North Korean public, maybe their god has clay feet. I don’t know if you want to broadcast the movie in North Korea, but there’s a lot of things that you could do that would put more political pressure on the regime," Lewis says. "You really need to send that signal to North Korea and the world — don’t do this again because you will be hurt."
So, how did North Korea, a country where a majority of the population has never even seen the Internet, become a cyber threat?
“I used to make the joke that we didn’t have to worry about them because a country that didn’t have electricity wasn’t ever going to be a hacker power,” Lewis admits.
But, as much as 20 years ago, the North Koreans started investing in teaching people computer programing, developing IT skills and building up a cyber capability. The hackers are part of a military unit and they’ve practiced a lot against South Korea. And they may be getting help and advice from Iran.
“These are two countries that have identified cyber as a useful new tool for them to have when it comes to fighting with their opponents, like the US,” Lewis says.
Possible links between North Korea and Iran are among big questions the Sony hack has raised.
“What North Korea did is very close to what Iran did to a company called Aramco,” Lewis says. “Iran and North Korea don’t play by the rules, they don’t like the rules. They want nuclear weapons to give themselves a degree of immunity. The same way they’ll flout the international community on nuclear, they’ll flout them on cyber.”
Meanwhile, on Saturday the US asked China for help in curbing North Korea's cyberattacks. This may seem shocking, considering China has been accused of cyberattacks of its own, but it’s not all that surprising, explains Lewis.
“The Chinese have been eager to find a way to cooperate with the US in cyber security, with the exception of espionage,” Lewis says. “This is their big chance, but it’s awkward for them because to help the US, they would have to be mean to their pet. They’re frustrated with the North Koreans, but it’s a political calculation for them. How much do they really want to help the US here? We don’t know what their response will be.”
Our coverage reaches millions each week, but only a small fraction of listeners contribute to sustain our program. We still need 224 more people to donate $100 or $10/monthly to unlock our $67,000 match. Will you help us get there today?