U.S. Authorities Investigate, Sony Reels From Computer Hack
RENEE MONTAGNE, HOST:
Widespread Internet usage is sure to bring Cuba benefits but also headaches - just ask Sony Pictures. It has suffered massively from a hack attack that U.S. intelligence blames on North Korea. That attack appears to be in retaliation for Sony's new and now unreleased comedy about the assassination of North Korea's leader. Steve Henn covers technology for NPR's Planet Money team and brings us more on this still-unfolding drama. Good morning.
STEVE HENN, BYLINE: Good morning.
MONTAGNE: How does the administration know that North Korea was behind this attack?
HENN: Well, that's a really good question. And sometimes these attacks are hard to track down, so I've spoken to cybersecurity experts whose job it is actually to track attacks like this. And they say there are number of clues. A proxy server used in this attack has been used by North Korea in the past. There are some unusual techniques that they've seen North Korean hackers use as well. There were Korean language artifacts in the code. And the attack itself was compiled using a computer set for Korean.
Now, there are still some skeptics out there who say these clues could be false flags, but the totality of the evidence seems pretty strong. And most people I've talked to say that it probably is the North Koreans.
MONTAGNE: Well, the White House clearly believes this - at least a spokesman said the president considers this attack a, quote, "serious national security matter," adding that the response needed to be, quote, "proportional." What, though, does that mean when we're talking about an attack on a private company - a movie studio?
HENN: Right. You know, that's a really difficult question to answer, and it's clear policy makers are struggling with this. I mean, obviously, the U.S. military has said a cyberattack could be an act of war. I mean, clearly an attack on, say, military command and control systems would be - but, you know, hacking into a movie studio isn't that. And attacks like this are becoming more common.
In 2012, there was an attack on a Saudi Arabia oil company. Earlier this year, Iranian hackers allegedly attacked the Sands Casino, apparently, in response to remarks made by that company's majority owner Sheldon Adelson who was talking about dropping bombs on the Iranian desert. And now you have the North Korean government allegedly striking out because of a movie, you know, a comedy that it didn't find funny. And what I think is so fascinating about those last two examples is that here you have nation states allegedly using hackers to reach across international borders and punish private speech they don't like.
MONTAGNE: Well, Steve, in Sony's case, it says it seemed to have actually worked because they canceled the release of their movie, "The Interview."
HENN: Well, that's true. And clearly, companies need to do better, and if a CEO isn't thinking about this stuff after the year we've had, they probably should be fired. You know, one of the fascinating things about the data that leaked out of Sony is that a lot of it makes it clear that Sony really wasn't taking its security very seriously. They didn't have any effective way to prevent all of these movies and films and emails from being removed from their network or even noticing that it was going on.
MONTAGNE: So what are Sony's options now?
HENN: Well, you know, if the entire goal of computer security isn't increase the cost of a successful hack or reduce the benefits - Sony actually does have one thing it could do. It could release this film, "The Interview" online. I mean, if this hack was designed to prevent people from seeing the film, you know, releasing it online defeats that. And the hack itself has given Sony hundreds of millions of dollars in free publicity.
MONTAGNE: Steve Henn covers technology for NPR's Planet Money. Thank you very much.
HENN: My pleasure.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.