Hack Away

 

shutterstock_232080763To the Washington Post’s report on the North Korean hack job (no, the other one), Drudge offers the following headline: “Cancellation sets worrying new precedent for cyber terror.”

Well, sure, it’s “new” in the sense that it just happened. And the attack did take a novel form, combining the data diarrhea of WikiLeaks with jihad’s pointedly obscure threats to silence opposition.

But we are already chock full of precedents, thank you. Cyber attacks from Russia and China over a course of decades have shown the world our response policy: “Pretty please?”

“Not so!” says Ellen Nakashima over at the Washington Post:

The administration has made clear for several years that it has a range of diplomatic, economic, legal and military options at its disposal in response to cyberattacks.

Oh? Do y’all remember our last action against foreign hackers? Because I sure don’t.

It is unlikely, however, that officials will announce the responses it is considering or the one it chooses. “There’s a lot of options,” the official said. “They likely won’t be discussed publicly anytime soon.”

I see. But they will be discussed eventually, right? Better yet, don’t tell me! After all, if you have to explain America’s punitive response, then it couldn’t have been very forceful. As my fiction teacher said years ago, “Show. Don’t tell.” And America’s cyber defense is nothing if not good fiction.

How many of you believe that the North Korean government will suffer any serious consequences for publishing an American company’s secrets, disrupting transactions that supported multi-million-dollar projects, and threatening the lives of American civilians across the country? How many of you believe America actually has a cyber defense policy with teeth?

The whole article by Nakashima is worth reading, by the way.

There are 25 comments.

Become a member to join the conversation. Or sign in if you're already a member.
  1. Eeyore Member
    Eeyore
    @Eeyore

    “The suspected North Korea computer attack on Sony Pictures Entertainment is a ‘serious national security matter,’ White House press secretary Josh Earnest said Thursday, as officials said the Obama administration is preparing to announce who it believes is behind the devastating hack.

    Earnest said that the White House is weighing options for a ‘proportional’ response to the attack whose ramifications President Obama is monitoring ‘very closely himself.’

    Public attribution of the attack could come as early as this week, one national security official said. U.S. intelligence officials have concluded that the government of Kim Jong Un is behind the attack.”

    So, they are half way to the Expression Of Grave Concern, the other half will come next week.

    If Obama’s history is any clue, the “proportional” response will be a Sternly Worded Letter, which, nonetheless, will include an apology for America’s past insults towards, and lack of support for, North Korea.

    Any further recalcitrance on the Norks’ part will demand calling out the Big Guns: Secretary of State John Kerry will call out North Korea for being “On The Wrong Side Of History.” Should North Korea respond by, say, taking out the American banking system, Kerry’s charges will likely be repeated by Samantha Power at the UN.

    Oh, and by the way Obama’s “monitoring very closely himsellf” is having Valerie Jarrett prepare him a bullet-point presentation of every Presidential Daily Briefing re: NK, along with the talking points for Josh Earnest.

    • #1
  2. user_337201 Inactive
    user_337201
    @EricWallace

    Also, this from WSJ: “The U.S. government is looking for ways to retaliate for North Korea’s apparent hacking of Sony Pictures but is struggling for an appropriate solution, according to people familiar with the discussions.”

    • #2
  3. user_1938 Member
    user_1938
    @AaronMiller

    I won’t pretend that the response is an easy choice. Tit for tat? Publish NK government secrets for all to see, WikiLeaks-style? Or should we bomb something since they dared to threaten our citizens?

    If someone threatens your life in seriousness and has the power to do real harm, take him at his word and strike preemptively. It should be clear to all of our enemies around the world that they can talk tough if they want but a direct threat to Americans will result in a deadly response. Not every bluff can be accepted as such.

    • #3
  4. Eeyore Member
    Eeyore
    @Eeyore

    Aaron Miller: It should be clear to all of our enemies around the world that they can talk tough if they want but a direct threat to Americans will result in a deadly response.

    Aaron, that attitude is s-o-o-o 2008. We’ve joined the world community since then. Good times!

    • #4
  5. Black Prince Inactive
    Black Prince
    @BlackPrince

    Something isn’t right here. I can’t quite put my finger on it, but I think this whole North Korean thing is some kind of misdirection. While I am no fan of North Korea, I don’t believe that they are responsible for this cyber attack. This feels like some kind of test to judge the reaction of America. I don’t know the ultimate purpose of such a test or why Sony was chosen as a target, but it probably isn’t good.

    • #5
  6. user_337201 Inactive
    user_337201
    @EricWallace

    Black Prince:Something isn’t right here. I can’t quite put my finger on it, but I think this whole North Korean thing is some kind of misdirection. While I am no fan of North Korea, I don’t believe that they are responsible for this cyber attack. This feels like some kind of test to judge the reaction of America. I don’t know the ultimate purpose of such a test or why Sony was chosen as a target, but it probably isn’t good.

    Those two possibilities aren’t mutually exclusive. Intentionally or not, the public viewing of this disaster has definitely been a test run for other players.

    • #6
  7. Bryan G. Stephens Thatcher
    Bryan G. Stephens
    @BryanGStephens

    Don’t be cute.

    Do $120,000 worth of damage to NK leaders. Easy to find them. They have the lights on at night.

    IF we bombed nations for cyber attacks, they would stop.

    • #7
  8. Western Chauvinist Member
    Western Chauvinist
    @WesternChauvinist

    Who takes away what from this episode? China, for example, from whence these “NORK” hackers probably were hired? Our enemies have learned a lot — and none of it bodes well for us.

    • #8
  9. user_309277 Member
    user_309277
    @AdamKoslin

    “Show. Don’t tell.” And America’s cyber defense is nothing if not good fiction.

    Well, there was the Stuxnet bug which took down a hefty chunk of Iran’s nuke program a couple years back and still hasn’t been officially claimed by U.S. officials, AFAIK.  Further, I don’t expect that our intelligence community would ever publicize any successful cyber attacks, since a) the federal government has a huge over-classification and opacity problem, and b) whenever intelligence-gathering or covert operations stories go public the media screams and has to reach for the smelling salts.  Of course I have no proof the feds are doing anything – though I find it hard to believe that a few thousand highly-trained mathematicians and computer scientists over at Fort Meade are just playing Titanfall all day – but I don’t take the absence of evidence in the public square to be evidence of total absence.

    • #9
  10. user_1938 Member
    user_1938
    @AaronMiller

    I’m sure our cyber warfare divisions do have real accomplishments under their belts. But a public attack requires a public counter-attack for the purpose of deterrence.

    If we secretly strike back at North Korea, we can’t assume that Russia and the dozens of other nations that hate America (as the world’s foremost superpower during any era is hated) will learn about it and be intimidated.

    • #10
  11. user_337201 Inactive
    user_337201
    @EricWallace

    Agreed that any response should be public, for the additional reason that Americans need to see someone with power taking an interest in an important problem.

    But what kind of response is appropriate for this case? An American company in a non-essential industry got breached and will cost them millions or billions of dollars – that’s not a new or unique scenario. What’s the rationale for a different response now and not in previous cases?

    • #11
  12. user_309277 Member
    user_309277
    @AdamKoslin

    Aaron Miller:I’m sure our cyber warfare divisions do have real accomplishments under their belts. But a public attack requires a public counter-attack for the purpose of deterrence.

    If we secretly strike back at North Korea, we can’t assume that Russia and the dozens of other nations that hate America (as the world’s foremost superpower during any era is hated) will learn about it and be intimidated.

    Eh…I’m not so sure that having a deterrent be public would really be of help, especially concerning Russia or other authoritarian countries.  We’re not trying to deter the “man in the street” because public opinion either doesn’t exist or is very tightly controlled in those countries.  We’re trying to deter the highly-connected professional operators running those countries, who make all the real decisions anyway.  Just as (I assume) our cyber-war people have world-wide contacts both professional and clandestine that keep them abreast of who’s doing what to whom, so will the ruling cliques of Russia, Iran, and China.

    • #12
  13. Bryan G. Stephens Thatcher
    Bryan G. Stephens
    @BryanGStephens

    Make it public so that the other guy loses face. That is important to thugs

    • #13
  14. Black Prince Inactive
    Black Prince
    @BlackPrince

    Bryan G. Stephens:IF we bombed nations for cyber attacks, they would stop.

    Good luck with bombing China and Russia or even North Korea for that matter. Besides…

    “All warfare is based primarily on the deception of your enemy. To fight on the battlefield is the most primitive and barbaric way of achieving your goals. The highest art of war is not to fight at all, but to subvert anything of value in your enemy’s country.

    • #14
  15. user_1938 Member
    user_1938
    @AaronMiller

    Eric Wallace: What’s the rationale for a different response now and not in previous cases?

    If a kid is being bullied, should he fail to make an example of his current bully on account of failing to stand up for himself in the past? If anything merits an explanation, it is his past failures and not his present defense.

    Adam Koslin: Just as (I assume) our cyber-war people have world-wide contacts both professional and clandestine that keep them abreast of who’s doing what to whom, so will the ruling cliques of Russia, Iran, and China.

    True. But we’re not just facing an “Axis of Evil.” Sophisticated hacking “terrorism” does not require big national budgets or other rare resources. Though I admit that Russia and China have been our primary aggressors in this way.

    In any case, Eric is correct that American citizens need to at least be assured by examples that these threats and attacks are being met with significant counteractions.

    Again, what form these counteractions might take without needlessly risking lives and expending billions of dollars is a point of reasonable debate.

    • #15
  16. user_337201 Inactive
    user_337201
    @EricWallace

    Aaron Miller:

    Eric Wallace: What’s the rationale for a different response now and not in previous cases?

    If a kid is being bullied, should he fail to make an example of his current bully on account of failing to stand up for himself in the past? If anything merits an explanation, it is his past failures and not his present defense.

    Ok, the “Awakened the Giant” story can work. But we’ll have to wait for another President, Obama could never pull that off!

    • #16
  17. Wylee Coyote Member
    Wylee Coyote
    @WyleeCoyote

    Adam Koslin:I have no proof the feds are doing anything – though I find it hard to believe that a few thousand highly-trained mathematicians and computer scientists over at Fort Meade are just playing Titanfall all day

    I wish they were – the server populations drop pretty low at night, and there’s no one to play with.  :(

    While I would love to see a firm, punitive reaction (preferably in kind, to hint at our own cyberwar capabilities), it’s important to remember that we’re talking about a nuclear power run by a bat-guano crazy government.

    (I’m referring to North Korea here.  In the Age of Obama you have to be specific, I guess)

    • #17
  18. user_337201 Inactive
    user_337201
    @EricWallace

    Oh that’s why I can’t be a hacker – I don’t have a balaclava!

    My hacker shopping list

    • Balaclava, black
    • Gloves, black
    • Hoodie, blue works too – something dark and scary

    They’ll never catch me now!

    • #18
  19. user_1938 Member
    user_1938
    @AaronMiller

    I had to look “balaclava” up. I thought it might be a Greek donut.

    • #19
  20. user_337201 Inactive
    user_337201
    @EricWallace

    Oh that’s why I can’t be a hacker – I don’t have a Greek donut!

    My hacker shopping list

    • One dozen Greek donuts

    They’ll never catch me now! ;-)

    • #20
  21. user_309277 Member
    user_309277
    @AdamKoslin

    Aaron Miller:I had to look “balaclava” up. I thought it might be a Greek donut.

    Now I really want Greek donuts :(

    • #21
  22. Quietpi Member
    Quietpi
    @Quietpi

    Eric Wallace:Oh that’s why I can’t be a hacker – I don’t have a balaclava!

    • Balaclava, black
    • Gloves, black
    • Hoodie, blue works too – something dark and scary

    They’ll never catch me now!

    Hey! A Christmas shopping list!

    • #22
  23. Fake John Galt Coolidge
    Fake John Galt
    @FakeJohnJaneGalt

    I am not even sure the North Korean government did this hack. and besides isn’t US cyber command supposed to protect the US government, is their mandate also foreign owned companies like Sony Entertainment?

    This whole thing smells like an inside job to me. There is too much data over to many different systems to be a wired hack. Data security would go nuts if you tried to pull 100+ TB over the network. It almost has to be a premises breach of storage, maybe near line or back up systems by somebody with admin rights And the knowledge to use them. I suspect we are going to find another Snowden type person at the bottom of this.

    • #23
  24. user_1938 Member
    user_1938
    @AaronMiller

    Interesting. I can’t argue about the tech, but I asked a cyber security expert I know for his thoughts a few days ago (might not hear back from him).

    If our government takes responsibility for protecting sea lanes so American companies can do business abroad, it seems comparable to protect American companies from online piracy and hacking by securing “virtual lanes”, so to speak. Even if the parent company is headquartered in Japan, Sony’s Hollywood film branch is essentially an American company and merits protection, I think.

    Originally, the North Korean angle sounded like only Hollywood speculation that had become accepted as fact. But I accepted the FBI’s determination. Now, after your tech argument, I do have to wonder if this is a repeat of the Benghazi video scam.

    • #24
  25. Quietpi Member
    Quietpi
    @Quietpi

    This idea of “proportional response” has been, and will ever more be so, a recipe for disaster.  At least, unless the point of determining what is proportional is used to make sure that the response is completely out of proportion.  If you don’t make the offending party really, really sorry that he/she/they pulled that stunt, then they will do it again and again.  Remember the memorable phrase, “If I dood it, I get a whippin’.  I dood it.” (Bugs Bunny stole it from Red Skelton, BTW)?  The whole concept of “proportional response” has Sun Tsu and Clausewitz spinning in their graves.  “Don’t these idiots read our books?”  No, no they don’t.

    Couldn’t find black balaclavas in time for Christmas.

    • #25

Comments are closed because this post is more than six months old. Please write a new post if you would like to continue this conversation.