actBlog

Sony hack and cyber warfare

This article is based on a talk given at a PSL public forum. 

Good evening sisters and brothers, I will be talking about the “Sony hack.”

I like this name because it can have multiple interpretations. You can think of the hack that happened to Sony, or you can think of this whole situation being a “hack” to yet another intervention abroad. I will also talk a little bit about cyber warfare, which has increased over the years, and why we should pay attention to it.

But let’s talk about another hack first. On April 10, 2011, Sony shut down its PlayStation Network temporarily after hackers stole 77 million users’ personal information and data on 24.6 million Sony Online Entertainment users.

The group who did this attack, named Lizard Squad (from eastern Europe), also came out and said they were the ones who gave a number of Sony employee log-ins to “Guardians of Peace,” the group that allegedly broke into Sony’s network to protest the movie “The Interview.”

Moving on to 2014, back in January, Sony was hacked again! This time it was one of their German websites, completely compromising user information. No one said anything there. As a matter of fact, there was never, not before and not now, an action from the government to hold Sony accountable for the lack of security of its customers and its own employees’ and clients’ personal information.

One thing found in the leaked e-mails was a network security audit from Sept. 25 revealing that a firewall and 100 network devices were not properly monitored.

Other things were exposed through those e-mails, like racist comments about Obama and other comments from Sony executives that angered many people including celebrities.

In November, 24 Sony computer systems were hacked, again. Guardians of Peace claimed responsibility. Later, they sent messages threatening Sony if they were to show “The Interview.” So Sony removed it and decided to “roll it out” to the public via online stores (Amazon and iTunes). Then some alternative theaters started to play it and now no one really cares.

Except for the U.S. government. The FBI jumped in and said it has proof that the North Korean government was behind the hack. Another point to make is that accompanying the FBI’s statement in the press were quotes from the security company CrowdStrike. This company was also one of the cyber security companies that were doing private intelligence work for the United States government and was also exposed by yet another hack, done by the group Anonymous throughout the operation AntiSec back in 2011, which was published by WikiLeaks.

You will see as well—especially in the Washington Post—comments from CNA Corp., a federally funded think tank that does analyses for the government to help it in decisions and policy making. So you see again, private contractors with ex-personnel from the U.S. government, military or police (in this case the FBI) reinforcing in the media the story the government tells.

Mark Rogers is a security hacker, and he is the director of security and operations of DEF CON—the biggest hacker conference in the world, which happens every year in Las Vegas. Let’s just say you would not want to walk into that conference with your cell phone on. Mark’s job is pretty pretty hard.

He published a great article explaining how hard it is for him to believe the FBI claims in the Dec. 19 statement, where they blame North Korea for the Sony hack.

One of the FBI reasons was, and I quote: “Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”

Rogers says it might be the case that the software used was known software developed in North Korea but points out that the code had been released and therefore anyone could be running it. A very common practice in the tech world is to run someone else’s code. Not only Rogers but many professionals in the industry strongly disagree that this could be considered plausible evidence.

The FBI said, and I quote: “The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hard coded into the data deletion malware used in this attack.”

In response, Mark Rogers said (and I will quote from his article): “To cyber security experts, the naivety of this statement beggars belief. Note to the FBI: Just because a system with a particular IP address was used for cybercrime doesn’t mean that from now on every time you see that IP address you can link it to cybercrime. Plus, while sometimes IPs can be “permanent,” at other times IPs last just a few seconds. It isn’t the IP address that the FBI should be paying attention to. Rather it’s the server or service that’s behind it.”

He continued describing in his article how the FBI declarations are very weak. And he is not alone; many experts have spoken about it.

These are just facts of the latest developments. I am not declaring that the FBI is lying, though we all know that is not something absurd given the history of the institution.

But anyway, to make a fair debate let’s pretend that indeed this was some type of attack coordinated by the North Korean government. Does it justify the reaction of the U.S. government? Does an attack on Hollywood that did not provoke any act of violence or inflict any damage to the country justify the reaction of the government?

No, it doesn’t. I am saying this because it’s very important to understand the legal interpretation for a cyber attack to be declared an act of war and to justify the use of force to counter attack. There is a manual created in 2013 by international law scholars called the “Tallinn Manual on the International Law Applicable to Cyber Warfare,” which says that a cyber operation by one state—and it’s important that it needs to be by a state not just a group—that causes meaningful damage or injuries to another, means that an “international armed conflict” is underway. In other words, it’s considered an act of war.

That is not the case here. The attack released a large amount of confidential information, e-mails, celebrities’ personal information, and yet-to-be released movie. Of course, Sony had some financial cost due to all this.

But was the gossip of executives from the movie industry that was leaked really that damaging? The whole back and forth about showing or not showing the movie actually got them more publicity and probably increased Sony’s profits on it.

I guess Hollywood is meaningful enough for the government to move on and apply sanctions against North Korea. It’s ridiculous that a president would come out and give a speech to the nation about it. How many other U.S. companies has been hacked before? Is this how the U.S. will react every time there is a hack against a private company?

One might argue (correctly) that if you look at the law (like I have suggested before) sanctions are not considered an act of war. But we all know that they are.

Sanctions cause damage to a country, sometimes long term damage, and causing damage like this is an act of violence. One million dead because of the sanctions against Iraq in the 1990s is violence and it should be considered an act of war.

This debate about what type of cyber attacks can lead to counter attacks as an act of war is very new. And things are moving so fast that a hack of a movie company, a statement (that does not convince experts from the industry) declares another country guilty and then the president imposes sanctions to punish that country. I think this took what? one month and a couple weeks to happen?

I think we have set a new record on the “U.S. international intervention convincing process” here.

How many people here heard about Israel bombing a building in Syria in 2007? I know it is a random question, and I would be surprised if anyone remembers it. This attack initiated something completely new in cyber warfare. Israel hacked Syria’s network to keep them from noticing anything unusual on the radars, allowing Israel to carry out a surprise attack, removing any possibility for Syria to defend itself. This is one type of use of cyber war—the conventional way, disable the enemy defense mechanisms and attack.

Before invading Iraq, the U.S. hacked into their military network and sent e-mails to thousand of Iraqi military personnel telling them “they owned it,” and that they were coming and would replace Saddam and urged them to walk away and not resist. This is another type of attack, propaganda to demoralize the enemy.

By the way, the U.S. could have raided the bank accounts and taken away all the money from the banks of Iraq. But the government decided not to do it because of how it might be seen by other countries.

No one talks about these attacks, right?

You see how imperialism is taking advantage of advanced technologies?

It is very important that we all pay attention to this, and all the other debates on how they are using technology,  like mass surveillance.

This is not new, they have been doing this for a long time. They are using hacks and technology as tools to manipulate people into wars.

We stand with North Korea and we won’t let the U.S. government use its propaganda machine and its maneuvers to fast track interventions abroad.

Related Articles

Back to top button