The Attack on Sony

If most people remember anything about the North Korean government’s cyberattack against Sony Pictures last November, it’s probably that there was a lot of juicy gossip in leaked emails about movie stars, agents, and studio executives. There was also an absurd quality to the whole episode, which was over an ill-advised movie comedy about the assassination of North Korea’s leader, which the North Koreans did not find funny. The weirdness of it all has obscured a much more significant point: that an impoverished foreign country had launched a devastating attack against a major company on U.S. soil and that not much can be done about it. In some ways it’s another milestone in the cyberwars which are just beginning to heat up, not cool down.

The cyberattack on Sony Pictures entertainment exposed a new reality — that you don’t have to be a superpower to inflict damage on U.S. corporations; a fact that has been duly noted within corporate board rooms and the national security apparatus.

Steve Kroft: What’s the significance of the Sony hack in a nutshell?

James Lewis: The significance is that a foreign power has reached out and touched an American target. The fact that the North Korean government felt that it could do something in the United States and get away with it, that’s what’s significant.

James Lewis, a director at the Center for Strategic and International Studies in Washington, has helped shape U.S. cyber policy for decades…dealing with criminals stealing money, Russians stealing intelligence, and the Chinese stealing the latest technology.

James Lewis: This was different, because it qualified as the use of force. It qualified as an attack. There was disruption. There was destruction of data. There was an intent to hurt the company.

And it succeeded, bringing a major U.S. entertainment company to its knees. Like other corporate victims of cyberattacks — Sony has released very little information and declined our requests for interviews. We were allowed to film on Sony’s 44-acre studio lot and inside this building where technicians were still repairing damaged computers.

We do know that when people fired up their computers on the morning of November 24th they were greeted with this skeletal image now referred to as the “Screen of Death.” It announced an undetected cyberattack that actually began weeks earlier when a malicious piece of software began stealing vast amounts of data from the Sony computer network. Now, it had begun the job of wiping Sony’s corporate files.

Read the Original transcript at 60 Minutes