X

Sony and the rise of state-sponsored hacking

North Korea has been blamed for one of the most destructive cyberattacks on a company in US history. It's just the latest in a string of hacks sanctioned and funded by governments.

Ian Sherr Contributor and Former Editor at Large / News
Ian Sherr (he/him/his) grew up in the San Francisco Bay Area, so he's always had a connection to the tech world. As an editor at large at CNET, he wrote about Apple, Microsoft, VR, video games and internet troubles. Aside from writing, he tinkers with tech at home, is a longtime fencer -- the kind with swords -- and began woodworking during the pandemic.
Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Ian Sherr
Seth Rosenblatt
3 min read

CBS/Randy Schmidt

James Bond may need a license to kill, but North Korea only needed an Internet connection and computers to cripple an entire company.

That's the lesson from one of the most damaging hacks ever on a US company. North Korea targeted Sony Pictures Entertainment because the studio planned to release "The Interview," a satirical film depicting a plot to assassinate North Korea's Supreme Leader Kim Jong-Un.

Hackers calling themselves "Guardians of Peace" demanded that Sony stop the movie's release, set for Christmas, or they would attack moviegoers in a 9/11-style assault. Sony at first bowed to pressure and on Wednesday withdrew the film from theater distribution. But on Friday, criticized for giving the hackers what they wanted, the company said it hoped to distribute the comedy starring Seth Rogen and James Franco on "different platforms."

"This is absolutely a wake-up call," said Bruce Bennett, an expert on North Korea and military defense for the RAND Corporation think tank. "We have North Koreans who built nuclear weapons. Why should we suspect they can't do cyberattacks?"

While the latest cyberattack puts North Korea in the public eye, the country is not unique. China, Israel, France, Syria and the US are among the world's most powerful countries that have amassed armies of hackers engaged in cyberwarfare. These countries have reportedly used sophisticated computer skills to disable Iran's uranium enrichment plants, cripple oil and gas production in Saudi Arabia and sabotage satellite and infrastructure systems around the world.

The number of cyberespionage attacks across the Web rose 15 percent between 2011 and 2013, according to a report by Verizon. The annual cost of a successful cyberattacks increased to $20.8 million in the financial sector, $14.5 million in technology and $12.7 in the communications industry, according to a Heritage Foundation report released just before the attack on Sony. The average cost for hacks at retail stores doubled in just a year to $8.6 million per company.

Most attacks targeting the US come from China and France, in addition to those originating on American soil, according to Internet research firm Norse. State-sponsored hacking is "undeniably on the rise," said Kurt Stammberger, senior vice president of market development at Norse.

In 2010, a malicious computer program called Stuxnet successfully damaged machines Iran was believed to be using to create nuclear weapons. Two years later, The New York Times said Israel and the United States were behind the attack.

Since then, hackers working on behalf of various countries have carried out plots against nations and corporations. The Syrian Electronic Army, a group of hackers sympathetic to the dictatorial regime there, has defaced websites and taken control of social-media accounts. The Chinese government is suspected of having breached the computer networks of government and spy agencies around the world, as well as large corporations including Google, Adobe, Yahoo and defense contractor Northrop Grumman.

US President Barack Obama said these types of breaches will grow in regularity. "They're going to be costly, they're going to be serious," he said in a Friday news conference.

President Obama also said he doesn't believe North Korea worked with other countries in the attack against Sony.

In the not-too-distant future, warfare with traditional weaponry may take a backseat to potentially more destructive tactics: computer code attacking the companies and infrastructures, including electric grids and oil and gas pipelines, that society relies on.

That isn't as farfetched as it once was, said Dmitri Alperovitch, co-founder of security services firm CrowdStrike. "From a technical perspective, this attack wasn't unprecedented," he said. "There's no doubt we'll see more of these in the future."

While the attack on Sony may seem expansive in its destructive scope, it only affected shareholders, partner companies and employees. An attack on critical infrastructure of countries would be more devastating, said Evan Sills, a cybersecurity consultant at Good Harbor. Many countries have the ability to do such damage but have so far refrained from such destructive attacks, Sills added. But that doesn't mean terrorist groups will show similar restraint.

"What North Korea did to Sony, a terrorist group could do to them in three years," Sills said. "In terms of how bad could it get? It could get pretty bad."