Maybe I should be outraged by Sony's decision not to distribute the movie The Interview, but I am merely saddened by it. I am saddened that a hacking incident with all the hallmarks of a simple case of extortion has been distorted so it looks like a terrorist threat.
Taking a step back: Sony was hacked by one or more people who, according to all the information available, were located in Thailand. They apparently made an extortion attempt against Sony, and Sony ignored it. In response, the hackers acted like script kiddies and started vindictively posting the stolen information. Somewhere along the way, the hackers started to focus more on The Interview, a comedy, slated for Christmas release by Sony, in which two journalists wrangle an interview with North Korean dictator Kim Jong Un, and then are recruited by the CIA to assassinate him. Not so coincidentally, this new focus coincided with rising media speculation that North Korea may have been involved in the attack. What was supposed to be the smoking gun that "proved" North Korea's involvement was the revelation that some of the malware used in the attack was apparently sourced from malware used in an attack that was legitimately attributed to North Korea.
As their demands went unmet, the attackers made a somewhat offhand threat, saying that theaters that showed The Interview would be targeted for attack. As fears grew that a specific threat of a 9/11-style attack had been made, some movie theater chains said they would not show the movie. Eventually, when a critical mass of theater owners had said this, Sony announced that it was pulling the movie and would not even make it available through video on demand.
Meanwhile, unnamed U.S. government officials this week told some reporters and politicians this week that North Korea was behind the attacks. This has not been followed up by an official accusation by the U.S., but there are reports that the U.S. government might issue a statement that says the Sony hack was "sanctioned" by the North Korean government. Given that this affair started as an extortion attempt and only gained political overtones when that was convenient, I'm highly skeptical of any claims that North Korea had any significant involvement in the attacks. And I suspect that what "sanctioned" actually means will remain vague. I smell opportunism in those anonymous accusations by U.S. officials; here was a chance to take a somewhat skilled hack attack against a questionably secured company and turn it to advantage by gaining crucial support for improving the U.S.'s cyberwarfare capability.
And if the U.S. does end up accusing North Korea of sanctioning the Sony attack and the subsequent terrorist threats against U.S. citizens, then shouldn't we expect the U.S. to take meaningful action against North Korea?
Sign up for CIO Asia eNewsletters.