On Monday, November 24th the employees of Sony came to work to discover that terabytes of data from their corporate database had been hacked. Ten of thousands of files were stolen, including: emails, unpublished movies, employee social security numbers, salaries, and movie pitches. All of this data was copied, removed from Sony’s servers, and posted online for the public to access. This incident could have serious implications, not only in how Sony manages their data and servers, but on US national security as well.
It is widely acknowledged that Sony’s production of the film The Interview is the catalyst responsible for initiating threats from Pyongyang and the cyber-attack against the company. In the movie, a pair of journalists, played by Seth Rogen and James Franco, were able to secure an interview with North Korea’s leader, Kim Jong-un. The CIA seizes this opportunity and recruits Rogen and Franco to assassinate Kim during their visit to the communist state.
North Korea condemned the movie over the summer, stating that there would be “stern” and “merciless” retaliation if the U.S. government did not stop the release. The film would be considered an “act of war.”
A month prior to the intended Christmas Day release of the movie, a group calling themselves Guardians of Peace orchestrated a large assault on Sony by hacking into their systems. The attack immediately put the company on the defensive, as sensitive information from all levels were now available on the internet. Following the attack, Guardians of Peace released a statement threatening those who planned to see The Interview:
We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to…Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time…
North Korea denies any involvement with Guardians of Peace or the attack on Sony. However, as of December 17th the Justice Department stated otherwise; their findings indicate the government in Pyongyang is indeed connected to the large scale cyber-attack.
Sony is a victim of an unprecedented attack that is not only illegal and unethical, but also an act of cyber-terrorism. By threatening the American public, attempting to censor free speech, and pushing political motivations, the very definition of terrorism was met. While the US government is working to uncover more information about the attack, more must be done in response.
This is an instance where a company and the public were held hostage by a non-state actor with the possible collusion of a rogue state.
Threats of force and coercion resulted in a major production company pulling a feature film from release, forfeiting potential revenue and absorbing the cost of production and marketing; costing Sony tens of millions. Additionally, American citizens were told that they should be fearful of retaliation should they watch the movie – a direct use of terrorism.
The US government must demonstrate a strong stance against cyber-terrorism in the face of such a serious attack.
Prosecuting those responsible is only a portion of what needs to be done. An international effort must be made across private sector industries and nations throughout the world in order to counter acts of cyber-terrorism.
Companies cannot fight against determined hackers alone – governments will need to work with them to maintain justice and order. If this is not achieved, it leaves the door open for other terrorist organizations to take advantage of this weakness. More cyber-attacks could occur with companies that have larger financial clout, institutions could be held hostage, and economies could come to a halt. This is a worst case scenario, but not one outside the realm of possibility in a world of interconnectivity.
In the weeks and months to come, companies should take a hard look at the attack on Sony and reflect upon improving their own security systems. Encrypting data, having offsite backup storage for their files, and investing in cyber defenses are no longer options, they are necessities. More importantly, governments should be prepared to work together across borders. International collaboration is needed to fight cyber-terrorists when companies could be brought down from the other side of the planet.
One thing is clear going forward – we live in a world that is connected in more ways than we can see. We must be ready to confront those that would use threats of terror, not only in physical attacks, but in the digital realm as well.