Tag Archives: North Korea

This Comedy Writes its Own Sequel as Tragedy

By Jon Lindsay

Sony has just announced that it will not go ahead with its planned release of “The Interview” following a spate of major breaches and threats over the past three weeks: http://money.cnn.com/2014/12/17/media/the-interview-sony-theater-owners/index.html. Circumstantial signs point to DPRK but there is no smoking gun yet. While there have been numerous instances of cyber coercion on a small scale (such as “ransom ware” against individual users, or blackmail against marginal players), and cyber used to support a broader coercive effort (e.g., Stuxnet), this seems notable to me as the first major and successful use of cyber to alter the behavior of an actor in a very public way.

This has been a bizarre and surreal story, and I guess it will continue to get stranger. The initial breach prompted Sony to alter the movie, resulting in this weird series of emails: http://defamer.gawker.com/leaked-watch-the-kim-jong-un-death-scene-sony-is-terri-1671454669.  Then Sony backed off from releasing the film in Asia and theaters in North America backed off from showing it in the US.

Two points pop out to me: (1) that this is—probably—a nation state attacker against a nonstate victim, which both inverts the conventional wisdom of how cyber attacks should play out (i.e., nonstate hackers vs. nation states) and exploits some considerable deterrent ambiguity regarding how and whether a state should protect its firms; and (2) this threat is made credible by promising actions beyond the cyber domain, notably attacks on movie theatres or other unspecified but rhetorically embellished acts of terrorism.

North Korean Cyber-Attacks and Public Backlash

June 25, 2014 marks the 64th anniversary of the outbreak of the Korean War. Started out as a war by proxy, the Korean War became an epitomical conflict in the Cold War era, showcasing not only the civil war between North Korea and South Korea but also friction and conflict between the great powers, U.S. and U.S.S.R. While the U.S., North Korea, and China have signed an armistice in 1953, North Korea and South Korea are technically at war with each other, which recently has taken an interesting turn in the cyber domain.

On June 25 of last year, the websites of South Korea’s presidential office, ruling party and major media outlets were attacked by hackers. Continued until July 1, 2013, the attacks on the websites of 11 news outlets, 5 government offices, and local chapters of the ruling Saenuri Party, included distributed denial-of-service (DDoS) attacks and resulted in shutdown of 131 internet servers and 69 websites. The South Korean government blamed North Korea for the attacks.

This was not the first time for North Korea to be accused of cyber-attacks on South Korea. In March of the same year, the South Korean government attributed the attacks on six major banks and three TV broadcasters to the North. In fact, North Korea has been accused of conducting over 6,000 cyber-attacks against South Korea in 2010-2013.

The case of North Korean cyber-attacks on South Korea provides us with interesting implications in cross-domain deterrence. First, cyber capability served as a tool for North Korea which complements, rather than substitutes, its capability in the conventional and nuclear domains. In 2010-3, the period in which they were busy with cyber-attacks, they carried on with their nuclear and conventional activities, testing nuclear weapons and long-range missiles. Their aggression in the cyber domain was accompanied – not replaced – by aggression with nuclear and conventional weapons. To North Korea, cyber-attacks were useful for initiating low-intensity conflicts and provoking South Korea.

Second, South Korea’s reliance on the internet and the government’s mismanagement of internet-related activities may lead to a backlash from the public on cyber deterrence. South Korea is one of the countries with the highest internet connectivity in the world. With the population heavily reliant on the internet, North Korean cyber-attacks had not only security and economic ramifications but also an effect on public opinion and political culpability. Having experienced North Korean cyber-attacks and the South Korean government’s alleged internet censorship and inability to prevent repeated theft of personal information, South Koreans are now very suspicious of the South Korean government’s efforts to promote cyber security and to deter North Korean cyber-attacks. Many detect political motives behind the South Korean government’s cyber deterrence and some doubt the government’s ability to deter North Korean cyber-attacks. Moreover, some even refused to believe that North Korea was behind the attacks at all, given cyber war’s anonymity and attribution problem.

Similarly, the U.S. government may face public backlash and suffer public relations costs in cyber deterrence. This is demonstrated by the recent controversy over National Security Agency’s warrantless surveillance program. To the public, there may be a fine line between the U.S. government’s efforts to deter cyber-attacks and signals intelligence operations. It is possible that the public may associate the government’s active cyber deterrence with eavesdropping on the domestic population. While such backlash may not be a security threat, the calculus of cyber deterrence should take account of the possible political ramifications and costs.