By now, I assume you have heard about the hacking of Sony’s computers last month. Just to remind you, Sony produced a comedy film about two fellows who were supposed to assassinate Kim Jong-un, called The Interview. There was significant publicity before the movie was released; personally I did not find the commercials compelling and had not planned to view the movie. Then, just before it was to be released suddenly Sony’s computers fell victim to a significant hacking attack. Financial data, including social security numbers and identities, were released. Equally embarrassing were the masses of personal emails which highlighted the dysfunctional nature of the film business. In addition, the hackers “wiped” most of the computers “clean,” meaning the data are lost to Sony. Estimates of the damage are in the millions, far more than the value of the film.
Early reports blamed North Korean hackers for this attack. Then reports suggested that the hackers were really not from North Korea, simply “sympathizers” with North Korea. Then the focus turned to North Korea again. The Federal Government seems fairly sure that fault lies with the North Koreans. However, whoever was behind the hack announced they would do no further damage if Sony never released the film. So, Sony halted release of the movie. It did later get released amid cries of the inappropriateness of the North Koreans censoring our media.
So, what do we know? Clearly Sony was hacked. Evidence suggests that the intrusion had been occurring for more than a year, prior to the release of data. Could it have been the North Koreans given their lack of technology? We have known since 1998 of the formidable capabilities of the DPRK army’s Unit 121; at that date, its force was 17,000 hackers (there are probably more now). Further, North Korean officials had previously expressed concerns about the film to the United Nations, stating that “to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war. [emphasis added]” Could it have been someone else who sympathizes with them? Yes. The Guardians of Peace have made threats against the United States, and they have the capability.
The question though is what is the impact on you? Well, assuming you are not one of the employees or dependents whose private information or communications were released, this is primarily a wake up call is the impact that hacking can have on us as individuals and us as a society. First, to us as individuals. Those people whose financial data were exposed may run into a variety of problems from credit card fraud to identity theft. Someone, whether it is Sony, the individuals themselves, or others, will need to spend much time and money to ensure that the people are made whole again. You run the same risk every time you use a credit card (whether on or off the net), or connect to the Internet.
The more interesting question, though, is what happens to us as a society. Sony will spend a small fortune recreating its data bases, correcting information and repairing relationships with its customers. Of course, they will need to create a better security system to protect the recreated repositories. That means that the costs of Sony movies will increase and we will all be forced to pay for it. Perhaps this experience will frighten all of the studios to invest more money and so that the costs of all movies increase. Well, today it is just a cost of doing business.
Bigger than that, however, is the threat that if another government (or perhaps another company or group of people) doesn’t like what you produce, they can affect it by hacking into your computers or even threatening to hack into your computers. What will that do to the freedom of speech and expression in this country? What will it do to entrepreneurship in this country? For that matter, what will it do to the governing of this country?
In this case, the cost was primarily financial. What happens when the hack is against our power grid, water systems, or hospitals? The implications of that are far worse.
We all need to be careful about computer security, and we need to think about the tradeoffs with ease of use. And, all of us need to put pressure on corporations to improve their security systems from the bottom up.