Sony’s surrender will strengthen hackers, experts say

Sony’s shock decision to scrap the Dec. 25 release of its controversial movie “The Interview” will strengthen hackers, experts warn, fueling debilitating cyberattacks on other high-profile firms.

Still reeling from a crippling Nov. 24 hack, Sony Pictures Entertainment announced Wednesday that it had canceled “The Interview’s” Christmas Day release after a number of movie chains said that they would not show the film. “The Interview,” which pokes fun at North Korean leader Kim Jong-un, is believed to have prompted last month’s devastating attack on the studio and subsequent threats to movie theaters.

The FBI has connected Pyongyang to the cyberattack, a federal law enforcement source told Fox News Wednesday.

Experts warn that Sony’s decision could spur politically motivated hackers to launch even more ambitious assaults against corporations and governments.

“Capitulation to cyber extortion will incentivize other actors to achieve political gains via cyber intrusions and threats,” Sean Doherty, president of security firm TSC Advantage, told FoxNews.com, in an email. “This situation is not dissimilar to what we’ve seen with kidnapping situations, where paying ransoms to terrorists and criminal actors has increased the threat to potential victims.”

More On This...

    Nir Polak, CEO of big data security company Exabeam, agrees. “Sony's capitulation to these government-sponsored attackers means, in this case, they've allowed another government to censor freedom of expression,” he explained, in an email to FoxNews.com. “This sets a bad precedent.”

    “It looks like the North Koreans have been able to intimidate [Sony] into buckling under, and that’s a big thing,” added Roger Kay, president of research firm Endpoint Technologies. “It’s a big loss of face for Sony, quite frankly.”

    Even after scrapping the movie’s release date, Sony’s cyber woes could continue, according to Polak.

    "Appeasing the Sony attackers [reportedly government sponsored] isn't a good idea,” he said in an email. “There is no guarantee that more of the same damaging material, such as employee private data or more internal communication emails, won't be disclosed even with the film having been pulled from release.”

    The hacking group calling itself Guardians of Peace released yet another round of data leaks earlier this week, the latest in a flurry of cyber blows aimed at the studio, which have included leaks of confidential data and unreleased movies, as well as threats against Sony employees.

    Although specific details of the hack have not been released, its effects have been compared to the powerful Stuxnet virus that crippled Iranian nuclear systems in 2010.

    Fox News is told that the Sony malware has two destructive threads: it overwrites data and it interrupts execution processes, such as a computer’s start-up functions.  The FBI warns that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve.

    It is not clear how long the malware needs to be in the system before it brings on an almost complete paralysis. In the case of Sony, support functions -- including emails -- were knocked off-line, seen as a distraction while the more destructive attack was launching.

    The digital attack on Sony’s servers bears all the hallmarks of North Korea’s infamous “Bureau 121,” an elite group of highly trained cyber spies, experts said.

    Andrei Lankov, a Russian expert on North Korea who studied at Pyongyang's Kim Il-sung University in the 1980s, told Fox News the paralyzing attack on Sony is similar to other hacks carried out by the communist dictatorship.

    “It is in their style,” the Seoul-based scholar said.

    Lankov cited a recent hacking attack on banks and media organizations in South Korea, prompted by criticism of North Korea. They were hacked reportedly with a similar “code” as that used in the Sony cyberattack, and accompanying threats warned of “obliteration” of the South Korea firms. South Korean investigators confirmed it was Pyongyang.

    Despite North Korea’s well-chronicled poverty and isolation from the rest of the world, the reclusive regime has poured millions of dollars into a cell called Bureau 121, which is part of a military-run spy agency and includes 1,800 cyber soldiers, according to the cyber security site Tech Worm.

    A defector who worked with Bureau 121, Jang Se-yul, told Reuters the elite squad of cyber warriors were the most talented and rewarded personnel within the North Korean military.

    Experts said that even though it seems clear North Korea was behind the hack, in which private and damning emails between executives were released and health and financial records were disclosed, it is highly doubtful that the accompanying threat of “September 11”-style attacks on cinemas that showed the Seth Rogen-James Franco flick were a real possibility.

    And Sony’s decision to pull the movie sends the worst possible message, according to Lankov.

    “Sony was stupid to make a movie about killing Kim Jung-un, but it was even more stupid to cave in to pressure,” he said.

    Capitulation by the major studio gives North Korea every reason to believe America -- or at least its corporations -- are vulnerable to blackmail, Lankov said. That all but guarantees more attacks in the future, he said.

    “The Interview” had been set to debut on thousands of screens.

    Fox News' Greg Palkot and Catherine Herridge contributed to this report. 

    Follow James Rogers on Twitter @jamesjrogers

    Load more..