IDSA COMMENT

You are here

The US-North Korea Cyber Dispute

Gp Capt Ajey Lele (Retd.) is Deputy Director General at the Manohar Parrikar Institute for Defence Studies and Analyses, New Delhi. Click here for detailed profile.
  • Share
  • Tweet
  • Email
  • Whatsapp
  • Linkedin
  • Print
  • December 26, 2014

    The U.S. Federal Bureau of Investigation (FBI) claimed on 19 December 2014 that the Democratic People's Republic of Korea (DPRK) was "responsible for" the cyber-attack on Sony Pictures Entertainment (SPE).

    “I don’t think it was an act of war. I think it was an act of cyber vandalism that was very costly, very expensive. We take it very seriously. We will respond proportionally….” – President Barack Obama on CNN’s “State of the Union”

    “This is not vandalism. It is a new form of warfare. And we have to counter that form of warfare with a better form of warfare” – Sen. John McCain (R., Ariz.) on CNN’s “State of the Union”

    North Korea’s National Defense Commission warned of strikes against the White House, Pentagon and "the whole U.S. mainland, that cesspool of terrorism."

    "Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland ... by far surpassing the 'symmetric counteraction' declared by Obama," said the commission's Policy Department in a statement carried by the official Korean Central News Agency.

    On November 22, 2014, the computer systems of Sony Pictures Entertainment were hacked. And on December 16, 2014, the "Guardians of Peace" hacker group issued a threat that attacks comparable to 9/11 should be expected on cinema theatres screening the Sony Pictures produced film The Interview. Sony Pictures cancelled the release of the film for some time but it is now released in some cinemas and online on 25 December 2014.

    The hacking of Sony Pictures was done by compromising the credentials of the ‘system administrator’. This led to the erasing of important data relating to its business plans, various movie scripts, stored data on various forthcoming films, personal details of almost everybody from stars to staff, e-mail details, etc. The hacking has led to complete data deletion. According to some estimates, the loss of revenue owing to various reasons from the box-office sales to distribution transactions to possible lawsuits could exceed US$ 1 billion.

    The Interview is in news for being a somewhat ‘crude’ comedy that portrays the assassination of Kim Jong-un, the supreme leader of North Korea. North Koreans have been unhappy about the film since its plot became public around six months back. Claiming that the production of this movie is an act of craziness on the part of the US, they have termed it ‘an act of war’. US authorities have claimed that North Korea was behind the cyber-attack on Sony Pictures. But North Korea has strongly denied this claim. Now, both countries are threatening to fight this ‘battle’ in cyber space. 

    So, is a Cyber War on the cards? Would the year 2015 begin with the first official Cyber War ever fought, between the US and North Korea? If such a war were to begin, what could be its end result? Would this bloodless war sow the seeds of a bloody war in the future? Although it is premature to answer such questions or reach any definitive conclusion about such a possibility, it is important to take note of what is happening in the cyber world particularly in the context of the US claim of a cyber-attack by North Korea on Sony Pictures. Is it Hollywood's 'Snowden moment' or something more?

    Here, it is important to note that there are reports indicating that the cyber attack on Sony Pictures could have been the handiwork of disgruntled employees or ex-employees or even by a Hollywood rival. There is even speculation that the attack could be a case of an egoistic act by a hacker to gain “artistic” satisfaction!

    Now the question is what evidence the US has to claim that North Korea has done this? Obama is talking about a “proportional response”. Would the US be able to quantify the nature of this response? Internet services in North Korea were paralysed within a few days of the Obama threat. No one has any knowledge about the source of this attack. It is not clear whether the US Administration launched this attack.

    The attack on Sony Pictures should not be viewed only as an attempt to impose extra-territorial censorship by North Korea. Such acts should be viewed as possible warnings for the future. They not only challenge democratic rights but also pose a serious security threat. Indeed, they could be regarded as acts of economic terrorism or acts undertaken to destroy critical infrastructure or to interfere with matters of other states. Till date, globally, there have been no major incidences of a large-scale cyber attack that could disable the functioning of an entire state apparatus, with the exception of the 2007 cyber-attack against Estonia which crippled public utility services.

    As per the International Business Times (December 23, 2014), North Korea employs 1,800 hackers in its Unit 121, a cyber warfare unit. This unit and a few other related agencies function under its General Bureau of Reconnaissance. These hackers operate from various parts of the world. It is apparent that their main focus is to train and prepare to launch a cyber attack on South Korea in the event of war. However, they are capable of engaging other targets too. Probably, there are also Chinese and Russian footprints on the North Korean cyber war architecture.

    Interestingly, the US is keen to engage with China to address the current issue. US-China relations in the arena of cyber security are not very harmonious. In May 2014, the US Justice Department accused five Chinese military officers of hacking into the accounts of US companies and stealing trade secrets. This had led to China suspending its participation in a bilateral working group on cyber security. It is possible that the US is using the Sony incident to reengage China in the cyber field.

    Universally, any cyber aggressor has the basic advantage of ‘deniability’. Today, it is not clear whether North Korea or the US have actually carried out these attacks. The underlying issue is actually politico-strategic in nature. The US is keen to place North Korea back on the list of state sponsors of terrorism (in 2008, North Korea was struck off from this list during the course of nuclear negotiations). In November 2014, North Korea threatened to conduct a nuclear test in response to a United Nations move to begin a probe into its human rights violations. North Korea understands that the nuclear threat continues to be the most effective bargaining tool it has. Given the example of the Stuxnet attack on Iran’s nuclear facilities, it is aware what a cyber-attack could do to its own nuclear weapons complex. It is possible that it could have used the Sony incident to demonstrate its cyber capabilities.

    The question is this: ‘is this just the beginning a possible conflict in cyber space’? Probably, the US has more to lose in the event of an all-out cyber war. Yesterday, it was Sony Pictures but tomorrow it could be major industrial units, strategic assets, rail and air networks and banking infrastructure. It is important to note that North Korea was able to restore its internet connectivity within a few hours after the attack. This indicates that they have access to servers outside their territory. If the North Korean cyber army has succeeded in establishing bases outside the country, then the US would find it very difficult to address this threat effectively.

    References

    1. http://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation
    2. http://blogs.wsj.com/washwire/2014/12/21/quotes-from-sunday-talk-shows-police-officers-killed-cuba-sony-hack/
    3. http://time.com/topic/sony-hack-2/

    Views expressed are of the author and do not necessarily reflect the views of the IDSA or of the Government of India

    Top