Reliable Security Information
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Seth Rogen's digital Pearl Harbor

What happens when hackers from North Korea, according to the US government, threaten the American arm of an entertainment giant, Sony, over a mediocre-to-crappy movie, Seth Rogen's The Interview, set to open Xmas Day?

Americans fold. Despite the lack of any actual credible threat of violence, three big theater chains backed out of showing it and Sony pulled the plug at the same time the US government was attempting to finger North Korea. (Here's the NY Times piece with a standard array of important, one assumes, but unattributed sources.)

For the sake of amusement, this was a comedy, let's take a look at Variety's review of it:

North Korea can rest easy: America comes off looking at least as bad as the DPRK in "The Interview," an alleged satire that's about as funny as a communist food shortage, and just as protracted. For all its pre-release hullabaloo -- including two big thumbs down from Sony hackers the Guardians of Peace -- this half-baked burlesque about a couple of cable-news bottom-feeders tasked with assassinating Korean dictator Kim Jong-un won't bring global diplomacy to its knees, but should feel like a kind of terror attack to any audience with a limited tolerance for anal penetration jokes. Extreme devotees of stars James Franco and Seth Rogen (who also co-directed with Evan Goldberg) may give this Christmas offering a pass, but all others be advised: An evening of cinematic waterboarding awaits.

That's cold.

Variety's Scott Foundas wrote the review on December 12th, a day after a showing in Hollywood and before the corporate movie giant threw in the towel. And the only thing wrong with its lede graf is that, yes, someone was brought to their knees. Sony and Rogen.

This morning, as Senior Fellow for GlobalSecurity.Org, I was interviewed by the Voice of America on the matter. And the best I could say was that Sony had handled everything very badly.

And publicity stemming from American love of celebrity voyeurism served hackers beyond what anyone might have imagined.

Sony is a corporation that is probably too big and sprawling to ever secure on today's Internet. The nature of its employees, its business and they way everything is now exposed on the global network make it impossible. Just as these factors do in lots of other big American corporations recently victimized by hackers in massive break-ins. (Part of the occasional Computer Security for the 1 Percent series.)

Once again, the amount of data lost to the net was stupefying. Said to be the equivalent of ten Libraries of Congress, everybody's e-mail, their credentials, plans, the script of the next Bond movie, billions of files.

Ten terabytes. How do you analyze, even look, at all of it? No one can.

Some computer security experts may lie and say it's doable but that's all rubbish, the only thing noticeable being the scandalous, impolitic and rude bits, ephemera, of great interest to the media for all the numbingly predictable reasons.

Sony's problem is that by canceling the movie it will take at least a 42 million dollar loss on the projected movie opening. (Perhaps some smaller fraction of which can be made back later dependent on future plans.)

Catalyzing it was the laughably poor behavior of the theater chains that pulled the movie from their thousands of screens for Xmas day. More corporate glass jaws on display.

Another problem with long range ramifications is that the corporate response has very obviously crashed morale company-wide. Bring on the fear and loathing and embedded institutional paranoia! It's a great environment for an entertainment giant reliant on the labor of creative people.

I've come to expect absurd, timorous and counter-productive behavior from Americans, particularly the very important people who are in charge of things. I suspect many others have the same impression.

Today the bleak humor of US reality is better than anything Hollywood could have put on the screen. God knows, it has certainly given Seth Rogen enough material for the next couple years.

For example, over the holidays Rogen can contemplate how he, his jokes about stuff being stuffed up the butt written while baked, Sony, a hack of an entertainment company (for cryin' out loud), and silly threats about nationwide attacks on theaters, have given the President yet another headache. [1] One that will force him into eventually making a meaningless statement coupled with the appearance of doing something.

When there's nothing to do. Sony isn't going to fail.

Retaliate, or as the White House promised, respond?

Respond? Against North Korea, the most isolated country in the world, for allegedly sending hackers to derail a movie that includes:

The slow-acting poison [ricin] with which the characters are meant to contaminate Kim, concealed on a small adhesive strip, practically begs to be passed around like a hot potato, or perhaps lost in a Band-Aid factory, but all we get is a rather lame bit about [Rogen] having to conceal the poison (and its large conical container) inside his rectum.

Seriously. Ricin, yet! Always ricin. Ricin where the sun don't shine! Genius!

By now you should be howling with laughter. Not at the movie, of course, but with what's happened due to it. It's the only rational response.

Seth Rogen was paid $8.4 million for the thing. And that brings us back to one of the characteristics of computer security stories for the 1 percent. The people who are paid everything don't lose anything, really. They're too important.

A momentary embarrassment over the holidays, perhaps. Six months from now Seth Rogen will be doing something else for a few million more.

Maybe he'll even get to write a book about it. Something about digital Pearl Harbor. How his battleship was scuttled before leaving the harbor.

[1.] Rolling Stone's story on Seth Rogen and The Interview:

It's not every day you get to sit down with the guys who might be responsible for starting World War III. And it's definitely not every day that they're getting baked when you do.

"Hell-o!" booms Seth Rogen on a June afternoon as the door to his L.A. office swings open, revealing him and comedy partner/hetero lifemate Evan Goldberg preparing to take a mighty hit from a bong.

The technology aspect of the story is much less interesting than what is shown about the psychology of a big company. It's a house of cards.

We know large corporations deal with threats by either ignoring them, dispatching an army of lawyers and fixers or government capture. In this case, Sony had nothing going for it. The lawyers had nobody to go after. The op-ed pieces didn't work. The rather astonishing publicity did not make theater chains confident.

What did it do, though? Dispatched lawyers to threaten journalists.

A quote from Sony, via Variety, emblematic of what's wrong with management: "We are deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees, and the American public."

Was the "American public" damaged? I wasn't. Do you feel damaged?

With the movie canceled nationwide on Xmas day, there is one thing left that Sony, or some of its employees (and perhaps soon to be ex-employees) can do. Even Seth Rogen could do it.

Leak The Interview to the net. If it hasn't already been done. [2]

There's only one way to stop it then.

A real digital Pearl Harbor, one of the parts of it that all the national security experts like to talk about: Switching off the power in the US.

[2.] An idea suggested by others, too. Recently, Mitt Romney.

The Day After

Reactions, the sky-is-falling predictable:

Ex-NSA lawyer Joel Brenner, author of America the Vulnerable: "We can't ignore this ... We can't let this go without some retaliation."

House Homeland Security Committee Chairman, R. Michael McCaul of Texas: "I would argue that we should be able to respond in kind to hit them."

North Korea doesn't have a global movie industry.

Bloomberg News: "The North Korean success likely will spawn additional attacks, either repeat episodes involving the Kim government or others. Next time, the target may not be a Hollywood comedy, but an essential part of the U.S. economy."

Tacit admission Seth Rogen's The Interview isn't worth very much.

Secondary admission that using cyberwar to turn out the lights in North Korea might not mean much. Since the lights there are out a lot already.

We could hurt their finances: "[Sanctions] froze about $25 million in North Korean deposits."

The Interview cost $42 million. North Korea doesn't have much in the way of "finances."

Bloomberg: "The U.S. electric grid and critical infrastructure, such as water plants, are vulnerable to attack."

Yes, see above. I did mention that if Sony leaks The Interview to the net the next option would be for North Korea to turn off the lights in the United States.

Originally published at the author's blog. Twitter: DickDestiny

Subscribe to SitRep: SitRep RSS Feed SitRep ATOM Feed