The real story of North Korea’s apparent hacking of Sony Pictures in retaliation for the Kim Jong Un assassination comedy The Interview is not the identity of the culprit. (Sony is set to officially blame Pyongyang as early as Wednesday.) The real story is that Washington, over the last decade, has done little to prevent cyberattacks against American-based businesses.
The danger to the U.S. economy is clear and present. According to a May 2013 report from the Commission on the Theft of American Intellectual Property, “The scale of international theft of American intellectual property is unprecedented—hundreds of billions of dollars per year, on the order of the size of U.S. exports to Asia.” Last year, those exports totaled $475.4 billion. Nations are the primary perpetrators of this continuing heist, which Keith Alexander, when he headed the NSA in 2012, called the “greatest transfer of wealth in history.”
Pyongyang, which routinely denies all allegations of wrongdoing, has refused to do so in this case, in which copies of Sony movies and sensitive information including the salaries of 6,000 employees and 17 executives were made public. A spokesman for North Korea’s U.N. mission, in response to a question about whether his country was responsible for the attack on Sony Pictures, said Monday: “I kindly advise you to just wait and see.”
North Korea does not appear to hack American companies for commercial purposes, but China does. According to the Intellectual Property Commission, that nation is “the world’s largest source of IP theft.” The Kim regime has undoubtedly noticed Washington’s ineffectual response to China, which has been implicated in Pyongyang’s alleged assault on Sony Pictures—the attackers apparently used IP addresses inside Beijing’s “Great Firewall,” a sign of Chinese knowledge of the crime and perhaps complicity.
Chinese hackers, many of whom have been working for the central government or Communist Party, have been systemically stealing American corporate information for decades. During this time, Washington has been inert, at first even unwilling to acknowledge the scope of the problem or name China as a perp.
Beijing, famously, launched a coordinated and sustained attack against Google a half decade ago to injure its business in China. Chinese hackers stole source code and wormed their way into Gmail. They not only disrupted service in China, they apparently crashed the search engine worldwide. Beijing’s vicious plan was a success: It forced the company to partially withdraw from the country.
“Had the Chinese shot intercontinental ballistic missiles into 33 U.S.-based businesses including those in the finance and defense industries as well as the Mountain View-based headquarters of Google, there would be no question in anyone’s mind as to whether war had been declared on the U.S.,” wrote David Berlind of TechWeb in 2010, around the time of the assault on the search engine and 32 other American businesses. “Let’s be honest with ourselves. It was an act of war and it deserves more of a response from the U.S. government than it is getting.”
Since then, the Obama administration has, to its credit, been willing to publicly accuse the Chinese of attacks on American corporate networks, something its predecessors could not bring themselves to do. And in May, U.S. Attorney General Eric Holder announced indictments in the Western District of Pennsylvania against five Chinese military officers for cybertheft of commercial secrets.
The move gets an “A” for symbolism and a “D” for everything else. The indicted are not going to show up at the federal courthouse in Pittsburgh to surrender to federal marshals. And while we are busy issuing wanted posters—you can see pictures of the quintet on Post Office bulletin boards—Chinese hackers back in Shanghai and elsewhere continue stealing our technology, know-how, and information.
Time is on Beijing’s side, which is why Chinese officials refuse to discuss cybercrime with Washington. In October, for example, Secretary of State John Kerry hosted his Chinese counterpart, State Councilor Yang Jiechi, at his home in Boston. During that meeting, Yang told Kerry that it would be hard to resume cyber talks with Washington because of “mistaken U.S. practices.” Washington then dropped the issue as if it did not matter.
The mantra in Washington is to “manage” differences with Beijing and find areas of cooperation. That sounds responsible, but American companies are bleeding technology and information while Washington policymakers refuse to take effective action. Dennis Blair and Jon Huntsman, chairs of the Intellectual Property Commission, have recommended steps to deal with cybercrimes against U.S. corporations. Some of them, like an across-the-board tariff on Chinese goods, might actually work.
Nonetheless, Washington has chosen to allow Chinese predatory behavior to continue. The Kim regime—and certainly others—have surely noticed the open door.
No wonder somebody using North Korean code staged a raid on Sony Pictures.