Cyber whodunnit: North Korea prime suspect but there are many potential culprits
cheap hardware to develop malware.
We know that up to 90 percent of successful hacks involve some form of human failure. It might be that, in this case, someone at Sony made a simple error that let in the attackers. Even technically sophisticated attacks can be carried out by people without much knowledge, thanks to the toolkits available online.
But attacks on the Internet have one other feature that conventional physical attacks do not. When you launch your weapon, your victim can — if it has the skill — capture the code and repurpose it to use back against you. Rather like biological weapons, it is dangerous to unleash these weapons because they have a nasty habit of infecting friendly systems, albeit in slightly modified forms.
Remote launch
What about opportunity? Some say that North Korea is so disconnected as a country that it couldn’t launch a cyber-attack on any meaningful scale. This fails to recognize one of the great advantages of launching attacks on the internet — you can do it from anywhere in the world. It’s not like launching a rocket and hoping no one traces it back to its launch point. Many attacks quite deliberately use false flag operations so the person suffering the attack has little chance of using the point of origin to find the attacker.
Worse still, many of us are unwittingly helping attackers by allowing our computers to become part of a botnet which is then used as a platform from which to launch attacks. Nearly all denial-of-service attacks are “distributed” denial-of-service attacks — the flood of data that cripples the victims network comes from many, many machines spread across the globe. That’s what makes then so difficult to combat.
North Korea quite possibly has motive, means, and opportunity to carry out this attack on Sony, but as with any successful prosecution, that isn’t enough. We need evidence. We will have to wait for the detailed forensic work to complete before we stand a realistic chance of knowing for certain.
That may or may not be forthcoming, but in the meantime we should consider what this event tells us about the balance of power in cyberspace. In a world in which major disruption can be caused with scant resources and little skill, all enemies are a threat. North Korea might be the rogue state that everyone loves to hate but there are plenty of others who could have done it.
There is no longer a tiered approach of superpowers fighting proxy wars in smaller, developing nations. Now those developing nations can fight back, and you might not even know it was them.
Alan Woodward is Visiting Professor at University of Surrey. This story is published courtesy of The Conversation (under Creative Commons-Attribution/No derivatives).
