Close window | View original article
For a lifetime, most Americans have viscerally felt themselves to be untouchable by whatever problems we see on our TV screens elsewhere in the world.
We may feel bad about those starving Africans in whichever country has a famine this year, but we, ourselves, will never want for food.
The violence in any number of benighted Muslim lands is disturbing, with frothing fanatics preaching and performing barbarism. But it can't happen here - well, it does happen here now and then, but you're still more likely to die falling down the stairs than at the hands of an Islamic terrorist.
Ukraine just lost a huge chunk of its country and the Baltic states are afraid they'll be next. So what? Russia isn't going to invade us. Nor is China.
Or are they?
It now appears that an enormously large, famous, powerful, and rich corporation has learned otherwise. Every day comes more breaking news about the hacking of Sony Pictures by the self-proclaimed "Guardians of Peace."
The Guardians had full access to Sony's entire computer system for an unknown but lengthy time, and seem to have been exceptionally thorough in their looting.
Entire digital prints of movies still in theatres were stolen and posted to popular downloading sites, in quality rarely seen prior to DVD releases. There's some thought that this has harmed the films' box-office take, as people checked them out before heading to the theatre and discovered that they stank.
The Sony corporate email archives were purloined too, which has led to some very pleasant schaudenfreude as America discovers that Hollywood execs are exactly as arrogant, witchy, and bigoted as we always suspected they were. We can all appreciate a water-cooler joke about Mr. Obama preferring movies with blacks in leading roles, but it's hypocritical to an unseemly degree when the joke is coming from someone who's donated such vast sums to his campaign.
It's tempting to sit back with some popcorn and enjoy watching some very deserving people getting a long-overdue comeuppance. That would be a mistake.
Sony Pictures is about as big and rich as it's possible for a company to be. They have the very best of everything, and their executives live accordingly. There are billions of dollars available to do anything they want - the newest equipment, the most celebrated experts, the latest and greatest software. They're even big enough for the government to pay close attention - the FBI is investigating the hack, and no doubt it's not just an intern that's on the case.
Yet - their entire IT archive was swiped without their noticing. Sony is not just an isolated case - JPMorganChase has spent all year trying to recover from a similarly massive hack of account information.
If Sony and JPMorganChase cannot protect their networks, then nobody can. They have already thrown vast sums at the problem, and as we see today, they got nothing for the investment.
Odds are, you don't have anything nearly as juicy on your computer as the big boys have on theirs. That doesn't mean it isn't worth stealing, though. Your only real defense is that you are just one single nobody in a world of billions of nobodies. It would cost the hackers a bit less to steal your stuff than to steal from someone jucier, but since they can get into the juicy targets, why would anyone target you?
There's a problem with that approach. It mirrors the way most people approach security of their home and auto. Unless you're an enormously rich art collector or drive a Bentley, it's not necessary to take any special precautions beyond standard locks. There are only so many thieves and a whole lot of cars and houses. As long as a thief can get into someone else's house with less effort than it would take to get into yours, you're most likely OK.
Computer hacking does not work that way. Yes, there are even fewer qualified hackers than there are thieves, but thanks to powerful computers and modern software design, a hacker doesn't have to individually attack each computer. He can write a program that goes out and trawls through the entire Internet, seeking what he may devour.
What's more, we all know that some neighborhoods are safer than others, for a multitude of reasons. If we're careful where we go we will avoid 90% of the risk of crime. In stark contrast, the Internet is flat - there are no "safer" neighborhoods on the Internet. We are all equal, and equally vulnerable.
If you're attacked by a thug, Western law has a long tradition of tolerating violence in the service of self-defense. This is a principle we strongly defend, even for police officers. Why shouldn't you be allowed to blow a hole in a burglar or mugger if they present themselves to your targeting? The more often that happens, the less frequent the crimes.
Unfortunately, there is no such principle in cybersecurity. Suppose that Sony had realized they were being attacked. What could they do about it? It's still illegal for them to try to hack the hacker. Our current rules and practices eliminate the possibility of the best defense - a good offense.
No, the only one allowed to actually take the battle the the criminals is the government. Sony's IT team isn't allowed to backtrace and melt down the systems of the Guardians, but the FBI and Pentagon are.
The world of cybersecurity very much resembles the ideal world of the gun-controlling left: if you're attacked, all you can do is scream for help, hope there's a cop nearby, and that someone more noteworthy isn't taking up all his time. These hacking incidents show exactly what happens: when seconds count, the police are only minutes away. The FBI may be able to track down the Guardians of Peace wherever they may be, but even if they can figure out who and where they are, that won't restore Sony's lost credibility or foregone millions.
Nobody knows for sure exactly who the Guardians of Peace are, but there are clues that point in an interesting direction.
From the vast quantities of data stolen, the hackers clearly had at least a fair bit of money behind them. They had to pay for their own bandwidth usage to copy everything and to upload it to You Tube or wherever. They had to buy enough hard drives to store it all on.
There are definitely criminal syndicates with these kind of resources, but they're in it for the money. What money can be made by publishing embarassing emails, or by posting new movies to free filesharing sites? It might have been possible and profitable to blackmail Sony into making a hush-money payment, but the Guardians didn't even try.
This suggests that the Guardians are a) a well-funded group that's b) not motivated by profit. Other than a James Bond villain, the only plausible candidate is a foreign government.
As it happens, there's reason to point the finger: the Guardians sent messages suggesting that Sony was targeted because of its new movie The Interview, which is a comedy about the assassination of North Korea's dictator Kim Jong Un. North Korea does not take kindly to even the most good-natured ribbing of their Fearless Leader; sure enough, a Korean official called the movie "an act of war" and threatened "a decisive and merciless countermeasure."
Even North Korea isn't nuts enough to nuke Los Angeles over a popcorn flick. Absconding with Sony's entire corporate network certainly qualifies as merciless, though not necessarily decisive as yet because Sony is still in business.
So let's assume that the "Guardians of Peace" are in a military IT facility in Pyongyang, and the FBI tracks them down. Now what? They can't be extradited, and Mr. Obama isn't going to send in the drones against a nuclear power.
The Pentagon might perhaps use their own elite hackers to send North Korea a message, but how would the Pentagon's hackers do more than they're already doing? Our hackers reportedly helped create the Stuxnet PLC virus that fouled up Iran's nuclear program for some years and doubtless we've tried the same tactics on North Korea; the Sony hack isn't likely to make us try any harder.
Which leaves Sony - and indeed all of us - in an impossible position. We can't prevent bad actors the world around from cracking into our systems, it's against US law for us to do anything about it, and our goverment doesn't seem to be willing to drop actual bombs on their heads even when we've nailed down who and where they are.
The problem is that the Western world is far more computerized and networked than the various unpleasant regimes. This is inherent: a free country will naturally have an open communications network, whereas a police state can't and won't. This political choice hampers economic growth but it does provide a pretty solid defense against hackers: if you don't have computers, or don't have an Internet, not even the Pentagon can accomplish much against you without getting up close and personal.
Are we at war with North Korea? Technically, yes we are - the Korean War ended in an armistice, not a treaty, and over the years the Norks have abrogated the armistice. As with Islam's war against the west, though, we don't care to acknowledge the reality of the war and do what logic suggests.
Which raises another interesting point: It wasn't so very long ago that Hollywood was intensely loyal to America and worked overtime churning out films that furthered American political objectives. The best known were the various Donald Duck and Loony Tunes cartoons where the Japs and Nazis get a beating, but live-action movies like Casablanca were playing on the same side.
That hasn't been true since the Vietnam War, when anti-American leftists took control of the commanding heights of culture. These ideologues are so loyal to their false beliefs that they'll promote them even at the expense of wealth.
They haven't been threatened with actual bankruptcy, though. If the Guardians of Peace have this kind of access to Sony's systems, that could indeed be the end result. Will they, finally, decide that there's an enemy worth fighting, and a side of Good Guys worth building up in mass media and popular culture?
The Guardians of Peace have done us a great favor. Without actually hurting anything that matters, they've alerted us to the risks we run, to our vulnerabilities, to the fact that we are woefully unprepared to do battle on this particular field.
Most importantly, they are providing a valid measure of the death wish of modern Western culture. If Sony and its media peers aren't willing to propagandize against those who would destroy them, they're past the point of saving - and today's news that Sony has knuckled under by yanking The Interview from distribution is a very bad augury.