What if North Korea did not hack Sony? Recent news seems to suggest that there is a lot of debate surrounding this question in knowledgeable circles. Since I am not much of a cyberdetective, I can’t really contribute. But permit me to list a few considerations that should perhaps be taken seriously in the game of assigning blame for Angelina Jolie now knowing what Sony’s top producer really thinks of her:
– Putting the question in such a way that North Korea was behind the hack only if it used its Pyongyang-based hackers regiment is silly. If that is the question, I’m pretty sure North Korea didn’t hack Sony. I do think it is implicated though. This is the hacking game, after all. You’re not supposed to know where it came from. So whatever is found in IT forensical terms, we should really not expect a smoking gun pointing at Kim Jong Un Himself. Which is kinda frustrating, because I’m willing to bet that whatever is found, it’s going to be nigh impossible to say something definitive about it. Which kinda is what hacking is about, right?
– What does it mean, then, to associate North Korea with the hack? A link between North Korea and the group that actually hacked Sony, whether they be Guardians of the Peace, disgruntled Sony ex-employees, 7-year old cybergeniuses or a combination of all three. Such a link may be strong (“here’s a bag of money, now hack!”) or weak (“We’re hacking Sony, thought you might like to know”) or anything in between.
– North Korea did strategically benefit from the hack by showing its hand and then overplaying it (by being, again, horribly racist among other things).
– It was involved in previous hacks that caused much damage and concern in South Korea in 2012 and 2013.
– It has the abilities to wage cyberwar.
– I might also add that Pyongyang’s favourite way of pressuring the international world (missiles & nuclear tests) has gone a bit stale. A full-blown nuclear test would draw attention to be sure, but those things are bloody expensive. And even if missiles are cheaper than nuclear tests, they’re still expensive and liable to trigger the wrong kind of reaction from the countries finding themselves in the missiles’ path. Hacking is the way to go then. Almost impossible to attribute (never mind the question whether Pyongyang was behind the hack. We still don’t know who was. And once we do, I bet we won’t really know who the ‘who’ is, if you get my drift.), much cheaper than hurling missiles at people and much less risky (starting a war over a hack is significantly more unlikely than starting one over launched missiles or perceived nuclear threats). Strategically, then, hacking is the way forward for Pyongyang.
– Oh, and hacking really hurts. Can you imagine 24 hours without Internet? And that would be a very mild hack. Just imagine your bank account emptying itself into a hacker’s account, medical files being switched or not getting your airmiles credited.
– And in terms of PR, hacking is invaluable. It gives Pyongyang that Robin Hood underdoggy aura it has been trying to cultivate for so long. And it seems to be successful, I’m afraid. Here I am talking about hackers in Pyongyang, while I should be talking about devising effective measures to stop human rights abuses in North Korea. Whether I like it or not, strategically, this has been Pyongyang’s game from beginning to end. Why are we so intent on missing this? Pyongyang would take Obama being angry any day of the week over being taken to task for its crimes against humanity by a serious UN taskforce. It is not looking forward to the single trip to the ICC in The Hague.
– In the end, it doesn’t really matter whether Pyongyang was somehow involved in the hack. It did profit from it and will profit from similar hacks in the future. It will sponsor, initiate and undertake hacks in the future. Cyberterrorism is in the stars. You read about it here first (well, to be honest, I’m not sure about that).
– Pyongyang’s reaction to the hack also showed us something very interesting: it showed Pyongyang’s vulnerability when its leader cult is attacked. This really should give us a BIG clue as to how to proceed.
So summarizing, I conclude that I couldn’t care less whether Pyongyang is directly behind this hack or not. The whole affair has diverted attention from crimes against humanity perpetrated in North Korea. And probably as we speak. This is to our detriment (or rather to the detriment of those who have to suffer the wrath of the North Korea state in person). On the plus side, this mess also shows us what is in my mind a viable strategic way forward for North Korea. Not as a way out of the shit in which it finds itself, but at the very least as a way to maintain the status quo just a bit longer. And that has now really been long enough to my taste. So, if you have spent your time counting North Korean missiles, I suggest you start counting North Korean hackers now. Don’t say I didn’t warn you.
P.S. For those who read Dutch, I’m putting up two opeds I wrote last week (the second one is a slightly adapted version of the first).