The North Korean Cyberattack on Sony: Is this Cyberwar?

cyber-crimeOn December 19th, the Federal Bureau of Investigation formally implicated the North Korean regime in the hacking of Sony Pictures Entertainment’s databases and release of personal information about Sony employees and private email communications (some of which has been highly embarrassing to the company).  The hackers were ostensibly incensed at the planned release of the film “The Interview,” which portrays a planned assassination of North Korean dictator Kim Jong-un and makes fun of the North Korean regime.  In the wake of the cyber-attack, Sony announced that it would not be releasing the film on the scheduled release date and major US movie theater chains declined to screen the film.  Criticism of Sony for giving into the hacker’s demands, including criticism from President Obama, led Sony to decide to release the film to some 200 independent cinemas as well as make the film available online via the company’s own website and YouTube, among other outlets.

There is little doubt that this was an attempt to stifle free speech, and was viewed as such by the critics of Sony’s initial decision to scuttle the film.  The interesting question is whether this represents an act of “cyberwar” on the part of North Korea against an American company and the American economy (Sony Pictures Entertainment is a US subsidiary of Japan’s Sony Corporation).  

Attacking an enemy’s economy has often been an integral part of military strategy during wartime, particularly in the modern era.  Wars may be fought for a variety of reasons but the immediate strategic objective in a war is to make it impossible for the enemy to continue fighting, and crippling the enemy’s economy (particularly its ability to produce military hardware and supplies) is one of the most effective ways of winning a war.  For example, the prime example of 20th century warfare, the Second World War, was won by the United States and the Soviet Union, not only because they could field more soldiers than Germany and Japan, but also, and more importantly, because they could out produce those countries in terms of military hardware and thus resupply their forces and produce ever-growing numbers of tanks, ships, and aircraft thus making it impossible for Germany and Japan to keep up with the hectic pace of military production (and the United States was regularly bombing German and Japanese industry from the air to further hinder their military production).

Consequently, an attack on a major American company and thus, by extension, on an industry that generated some $45 billion in revenue in 2013 (film and music) could certainly be viewed as a serious threat (perhaps roughly compatible with a scenario of enemy planes bombing film studios in southern California).[1]

However, cyber-attacks are clearly not equivalent to enemy planes bombing targets.  While they can sometimes cause significant economic damage, they are covert and it is often hard to identify where they are coming from and whether they represent the efforts of a hostile nation-state, an organized gang of cybercriminals, or some loosely affiliated hackers (e.g., the Anonymous collective).  Moreover, unlike traditional war (which has a fairly clear beginning and end), cyber-attacks can ebb and flow over years sometimes causing serious damage and other times being more of a nuisance than a serious threat.  Consequently, unlike traditional war, these types of attacks do not usually involve a clearly identifiable enemy, often (though not always) have nothing to do with foreign governments, and frequently do not have a clearly delineated time-span.

The difficulty in labeling this as an act of “cyber-war” (which I would define as an orchestrated hacking campaign by the representatives of an enemy state acting under the authority of the national leadership) is that there is not enough evidence that the attack on Sony Pictures Entertainment was the orchestrated act of the government in Pyongyang.

Despite the FBI claim that North Korea planned and executed the attack on Sony Pictures Entertainment, many cybersecurity experts claim that there is scant evidence that Pyongyang is behind the attack.  One cybersecurity expert noted that the FBI read too much into the fact that the IP (Internet Protocol) address used for the attack was one previously used by North Korea in other cyber-attacks, even though IP addresses can be used by a variety of actors and the same IP address can be used for criminal and normal activities.  Moreover, the malware in the Sony attack was controlled from a number of servers in Europe and Asia that have been used by criminal hackers in the past in order to propagate malware.  Consequently, in the view of some experts, the information does not point with any certainty to a North Korean attack.[2] At the same time, some of the software used in the attack was used in a previous attack against South Korean banks (attributed, at the time, to North Korea) and the malware appears to have been written on computers using the Korean language.[3]  Hence, unsurprisingly for the cyber world, the picture is muddled.

We will doubtlessly find out more about the Sony attack in the coming weeks and months.  We may not yet be facing the dawn of the strategic cyberwar era (in which hostile countries attack each other’s economic base via computer systems as a way of waging strategic warfare) but we are already learning to live with cyber-espionage, cyber-crime, and cyber-sabotage.

If you want a label for what we are facing in a time of growing dependence on computers and computer networks, I would call it: the age of cyber-uncertainty.

[1] “The Media and Film Industry in the United States,” Select USA, n.d., available at:

[2] Marc Rogers, “No, North Korea Didn’t Hack Sony,” The Daily Beast, December 24, 2014, available at:; CBS News, “Was FBI Wrong on North Korea?” December 23, 2014, available at:

[3] Jose Pagliery, “What Caused Sony Hack: What We Know Now,” CNN Money, December 24, 2014, available at:

Image credit: