The fog of cyber warfare: Hacked if you do, hacked if you don't

Get used to the new doctrine of state-backed, weapon-grade cyber assaults: You hit us, we hit ... somebody. You've been warned

north korea hack sony security
Credit: Shutterstock

A tacky patina eventually coats anyone who spends time in the bowels of Las Vegas – imagine glitter particles mixed with poker chip dust and cigar smoke, all held together with sweat, tears, and essence of vanilla lotion. I’ve been foraging in Sin City for more than 24 hours now, so I’m covered in the stuff. It’s gross, and every year I spend hours scrubbing it off, time swearing I’ll never return. But every year, CES drags me back. OK, CES and the International Scotch Festival. OK, CES, the International Scotch Festival, or a really good bachelor party. OK … oh, shut up!

But it’s too early to post about my adventures here, especially since I recently completed a harrowing escape from a NORAD subdungeon over the weekend. I, like everyone else, blame North Korea.

That’s right. Because of the media frenzy surrounding the Sony hack, our government convened a secret emergency retreat to discuss solutions to the problem with a known and internationally respected luminary who could converse with equal expertise about cyber security, world politics, and malevolent dictators who look like Bullwinkle with a hump. Naturally, the Cringely name topped that list.

Murderers' row

I begged off Washington’s initial invitation, citing health reasons (a skull-swelling hangover). Then some joker cut off North Korea’s Internet access, and I was doomed. In the predawn hours that morning, a team of operatives broke into my apartment, slipped a bag over my bleary eyes, and whisked me to a secret meeting attended by thieves, criminals, and ne’er-do-wells – and a few nonpoliticians.

When they pulled the bag off my head, I laid eyes on prominent faces from world politics, law enforcement, intelligence, and technology. All the U.S. ruling families were there: the Bushes, the Clintons, the Kennedys, the Kardashians. The meeting was already disintegrating into bedlam. Kim Jong-un had threatened to flense every baby in America unless we immediately reconnected him to lolcats.com, and our leaders were in a panic. George W. Bush suggested we try turning North Korea off, then on again to see if that would do the trick, while security restrained an apoplectic Jeb from strangling his brother.

It went like this for more than two weeks. The food was delicious, the alcohol ubiquitous, but two arguments ran in endless parallel and no amount of obscenity-screaming, finger-wagging, or ice-flinging could derail them: First, attribution (who can we blame), and second, can we use bombs (was it or was it not an act of war). For entertainment, we watched blood feuds break out as more and more of Sony’s slimy business practices were revealed in leaked emails.

After two weeks, I couldn’t take it anymore and apparently neither could Obama. Late last week, he threw up his hands, and said, “Screw it. Sanction the hell out of these guys. I’m going to Hawaii.”

At first, I was outraged, thinking that he was simply ducking the issue. After all, I, among others, had patiently pointed out that there was no technical proof that North Korea was behind the Sony hit. Whenever asked for evidence of North Korea’s guilt, FBI director James Comey stamped his foot, pouted, and yelled, “Because we know things you don’t know and because we say so!”

Okaaaay. Let’s assume North Korea is guilty. The attack still wasn’t in line with the definition of cyber warfare as detailed in Tallinn Manual on the International Law Applicable to Cyber Warfare. It was merely scary, especially for Sony’s legal team, so the question boils down to what constitutes a “proportional response.” After all, if you don’t really know who did it, how can you respond?

The best offense is a good defense

But when I thought about it, I realized I’d been hung up on the same argument as everyone else and Obama was a step ahead of me. A true politician, he’d realized one immutable PR fact: It doesn’t matter who did it.

Whether it was a cadre of slick cyber spies or a bunch of teenage nerdling booger-miners, the result is now the same. The world thinks North Korea did it, and the world includes other nations, like China, Iran, and Russia, all of whom have already engaged us on the cyber battlefield. Don't forget the growing legions of independent hack gangs looking to make a name for themselves with maximum exposure and minimum risk. If those weasels perceive us to be nonresponsive or clueless in the cyber arena, this is going to get worse – fast.

Besides, North Korea has already engaged in all kinds of criminal activities, including dealing weapons, making and selling fake pharmaceuticals, even counterfeiting U.S. currency. It’s not like it doesn’t deserve an extra spanking even if it didn’t – however unlikely – pull this particular stunt. Obama's probably thinking: We can’t take credit for cutting off Kim Jong-un’s Internet access for a week, so sanctions are a publicly viable and somewhat effective face slap we can throw out (almost) immediately while we wait for the media hubbub to die down, then rump-bump whoever did it without escalating headlines. More likely, we'll move on to the next headline and pretend this didn’t happen.

It’s unsatisfying, but for now, it’s all Barack has. Jimmy Carter is right – sanctions usually hurt the affected country’s general populace more than its dictatorial leaders. But these new ones seem fairly well designed to minimize negative consequences to North Korea’s people, delivering most of the punch to intelligence agencies, weapons merchants, and military defense contractors. Besides, if we start lobbing bullets and bombs instead of sanctions, North Korea’s population will certainly suffer more.

With that realization, I decided to get out of there. I promised to send the Secret Service a bootleg copy of the new season of "Downton Abbey," and they snuck me out in the Kardashians' used makeup vats. I almost died in the badlands, but managed to steal a crop duster from a snaggletoothed polygamist and made my way to Vegas.

In retrospect, I wish we’d made more headway in preventing large-scale cyber attacks rather than only responding to them. I suppose the goal is beyond the scope of two weeks in a NORAD cellar. For now, I might as well close my eyes, down my scotch, don a booth babe disguise, and seek the secrets of this year’s gadget tech. Stay tuned.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.