Sony is battling a devastating cyberattack that some cybersecurity experts believe was launched by the North Korean government.
Hackers locked down Sony’s computers, and then stole and released sensitive data on employees, Hollywood stars and even unreleased films. Malware used in the hack may also be destroying Sony’s internal computer systems.
{mosads}The hack could cost the company millions. It’s also made U.S. officials wary of additional attacks by North Korea that could hurt U.S. companies or public-sector networks.
Experts inside and outside the government say the episode goes beyond pirating films.
Here are four reasons why consumers, computer users and others should be worried.
1. It proves destructive attacks in the U.S. can succeed.
The Sony hack is one of the first large-scale destructive attacks recorded in the U.S., and it could inspire more.
“Destructive attacks are a whole new ball game,” said House Intelligence Committee Ranking Member Dutch Ruppersberger (D-Md.). “These attacks are going to keep coming and getting worse and worse.”
Hackers have been hesitant because of the lack of precedent, security experts explained.
That could change.
“Success will ultimately give people the confidence they can achieve more success down the road with these type of attacks,” said J.D. Sherry, a vice president at security research firm Trend Micro.
2. It may signal a new North Korean cyber strategy.
North Korea has been ranting for months about an upcoming Sony comedy, “The Interview.” In the film, James Franco and Seth Rogen play a TV host and producer asked by the CIA to assassinate Kim Jong Un after scoring an interview with the North Korean leader.
In a letter to the United Nations this summer, Pyongyang called the picture “an act of war.”
The code behind the Sony attack has Korean language origins and resembles malware used in a North Korean cyber campaign last year against South Korean banks.
“Whether or not this cyber intrusion is ultimately attributed to the North Koreans, they have certainly demonstrated a surprising level of sophistication,” said House Intelligence Committee Chairman Mike Rogers (R-Mich.).
“It’s kind of scary because it is so simple and it works so effectively,” said Stuart McClure, CEO of security firm Cylance.
3. It’s not just Sony that could be vulnerable.
If North Korea is responsible, lawmakers and security observers worry the country’s erratic leadership could mean broader, more destructive attacks are on the way.
“We know they can do better than that, for sure,” McClure said.
More than any other cyber power, experts believe North Korea is likely to use scattershot cyber warfare.
“Shoot out a bunch of crap and hope something sticks,” said Joseph Kiniry, lead investigator for security firm Galois.
And North Korea has been heavily investing in cyber capabilities.
“If you put at the head of that apparatus someone who’s not exactly logical and predictable,” Kiniry said, “that weapon is more likely to catch innocents in the crossfire.”
In the coding world, it’s a short step from targeting one company to blanketing millions of computers. North Korea could deploy similar malware targeting all U.S.-based IP addresses — every device connected to the Internet.
Instead of Sony’s internal documents, millions of personal computers could have their contents erased forever.
“Most people don’t have backups of their family digital photos. Most people don’t have backups of all their research papers,” Kiniry said. “That’s millions and millions of hours of productivity lost and hearts broken.”
4. The hack might show North Korea is working with Iran.
Worse yet is the possibility that North Korea and Iran are working together to hack the United States.
There were Iranian as well as North Korean fingerprints on the malware used on Sony.
“If you look at the code, there are some definite links to code that was written by the Iranians in prior operations,” McClure said.
Pyongyang and Tehran signed a technology pact in 2012, although minimal information is available on the partnership.
Publicly, it’s about hardware, not software. Privately, security experts suspect there are malware exchanges.
“Why not involve cyber weapons?” Kiniry asked.
Iran has been rapidly building up its cyber capabilities over the last two years. A recent report from McClure’s firm, Cylance, found evidence Tehran has been heavily hacking South Korean firms, perhaps on Pyongyang’s behalf.
McClure is also seeing Iranian cyber weapons show up in other North Korean attacks.