Sony just set a terrible precedent, one that will embolden every hacker on the planet and haunt corporations for years
By Steve Kovach From Business Insider
Sony blew it Wednesday by pulling “The Interview” from theaters without coming up with an alternative way to distribute the movie.
There was a big opportunity to at least announce that the “The Interview” would premiere online instead of in theaters. But by completely caving to demands, Sony has emboldened other hackers to harass companies with the expectation of similar results.
First, let’s backtrack a bit.
The big theater chains made the right decision not to show “The Interview.” The hackers or terrorists or whatever you want to call them made a real threat. They even invoked 9/11.
And while the Department of Homeland Security said it probably wasn’t credible, it’s not worth the risk of the hackers or a sympathizer making good on that threat. It would’ve taken just one incident for everyone to start pointing fingers and howling at the theaters for not doing enough to preempt that kind of violence.
Still, Sony had a big opportunity to stick it to the hackers and come out on top. It could’ve said it would release the movie online through its own streaming service Crackle. It could also distribute it through Netflix, Hulu, Vudu, iTunes, or any one of the other online video services. The movie would reach more people and could potentially make more money than it would have made in theaters. (The buzz around the whole hacking thing would help too.)
But that’s not what Sony is doing.
Instead, Sony has decided to shelve the movie and not distribute it at all, in any form. Some members of the press got to see it early. It also leaked on some file-sharing sites, but it’s illegal to download it. Everyone else is out of luck. You’ll have a better chance finding a copy of the elusive “Star Wars Holiday Special” than seeing “The Interview” this Christmas.
There’s no good reason for Sony to do this other than protect itself from a bunch more embarrassing emails leaking out. That’s not a good enough reason, and it sets a dangerous precedent. Hacker groups now know they can bring a major corporation to its knees just by threatening leaks on the same level as the one Sony experienced over the last few weeks. A Sony spokesperson declined to comment.
Sony’s decision has already had a ripple effect through the industry.
On Wednesday, New Regency scrapped plans for a movie starring Steve Carrel that takes place in North Korea.
On Thursday, Paramount told theaters to stop playing “Team America.” Like “The Interview,” “Team America” also satirizes North Korea and then-dictator Kim Jong Il. It came out over 10 years ago, but Paramount appears to be playing it safe by sending a message to hackers that it doesn’t want to be hacked either.
Who knows what’s next?
It’s clear now that this isn’t just about public safety. The hackers have instilled a legitimate fear in the movie studios. By caving to the hackers, Sony set us up for an assault on our right to free speech by a group of anonymous pranksters. (Remember, it’s still not clear whether or not the hackers have ties to North Korea.)
Sony had one chance to make everything right and potentially beat the hackers at their own game by releasing the film online to a massive audience. Instead, Sony blew it and gave the hackers even more power than they had before.
For more on this story go to: http://www.businessinsider.com/sony-had-a-chance-to-beat-the-hackers-at-their-own-game-but-blew-it-2014-12#ixzz3MToPqAHt
Related story:
Sony hack: Obama vows response as FBI blames North Korea
From BBC
President Barack Obama has vowed a US response after North Korea’s alleged cyber-attack on Sony Pictures.
The US leader also said the studio “made a mistake” in cancelling the Christmas release of The Interview, a satire depicting the assassination of North Korean leader Kim Jong-un.
Sony said it still planned to release the film “on a different platform”.
On Friday US authorities linked North Korea to the hack, which saw sensitive studio information publicly released.
Sony said it cancelled the planned Christmas release of the film after a majority of cinemas refused to show it following anonymous threats.
“We will respond,” Mr Obama told reporters on Friday, declining to offer specifics. “We will respond proportionately and in a space, time and manner that we choose.”
He added: “We cannot have a society in which some dictator someplace can start imposing censorship in the United States.”
Sony HQ in California
The US leader said it was important to protect both public and private cyber-systems from attack which could have significant economic and social impacts.
Mr Obama also noted he believed Sony Pictures was mistaken in failing to go ahead with the release.
“Americans cannot change their patterns of behaviour due to the possibility of a terrorist attack,” he said. “That’s not who we are, that’s not what America is about.”
What is the FBI evidence?
Sony Pictures chief executive and chairman Michael Lynton later told CNN it had not made an error in pulling the film.
He said the president, press and public were mistaken about the withdrawal, saying the decision had only been taken after major chains had refused to screen it.
He said: “We have not caved, we have not given in, we have persevered and we have not backed down.”
A Sony statement on Friday said that the firm was “actively surveying alternatives to enable us to release the movie on a different platform”.
“It is still our hope that anyone who wants to see this movie will get the opportunity to do so,” the statement said.
Earlier on Friday, the US Federal Bureau of Investigation officially tied North Korea to the cyber-attack, linking the country to malware used in the incident.
Hackers had earlier issued a warning referring to the 11 September 2001 terror attacks, saying “the world will be full of fear” if the film was screened.
Poster for The Interview The duo play journalists enlisted to kill Kim Jong-un
The movie features James Franco and Seth Rogen as two journalists who are granted an audience with North Korean leader Kim Jong-un.
The CIA then enlists the pair to assassinate him. The film was due to have been released over Christmas.
The film’s cancelled release drew criticism in Hollywood, with some calling it an attack on the freedom of expression.
Actor George Clooney told the trade website Deadline on Thursday the film should be released online, saying Hollywood shouldn’t be threatened by North Korea.
In November, a cyber-attack crippled computers at Sony and led to upcoming films and workers’ personal data being leaked online.
The hackers also released salary details and social security numbers for thousands of Sony employees – including celebrities.
Kim Jong-Un with North Korean soldiers’ families North Korea says the film hurts the “dignity of its supreme leadership”
North Korea earlier this month denied involvement in the hack – but praised the attack itself as a “righteous deed”.
An article on North Korea’s state-run KCNA news agency, quoting the country’s top military body, said suggestions that Pyongyang was behind the attack were “wild rumour”.
However, it warned the US that “there are a great number of supporters and sympathisers” of North Korea “all over the world” who may have carried out the attack.
In the article, Sony Pictures was accused of “abetting a terrorist act” and “hurting the dignity of the supreme leadership” of North Korea by producing the movie.
Analysis: Dave Lee, BBC technology reporter
The FBI say it spotted distinct similarities between the type of malware used in the Sony Pictures attack and code used to attack South Korea last year.
Suspicious, yes, but well short of being a smoking gun. When any malware is discovered, it is shared around many experts for analysis – any attacker could simply reversion the code for their own use, like a cover version of a song.
But there’s another, better clue: IP addresses – locations, essentially – known to be part of “North Korean infrastructure” formed part of the malware too.
This suggests the attack may have been controlled by people who have acted for North Korea in the past.
For more on this story go to: http://www.bbc.com/news/world-us-canada-30555997
If the Sony hackers are North Korean, good luck prosecuting
By Colin Daileda From Mashable
If the hackers who scared Sony Pictures into scrapping “The Interview” are North Korean, the United States and Japan might as well give up trying to prosecute them.
Online crime has far outpaced the international laws meant to regulate it, and it would be near impossible for the U.S. or Japan (where Sony is based) to extradite online criminals from a country with which they have little relationship, according to cyberlaw experts. If neither government can get the hackers into a courtroom, then their options are limited.
To prosecute an international cyber crime, the prosecutors must first identify the hackers (and though anonymous White House sources have said they’re North Korean, many experts have doubts). Then, either the U.S. or Japanese government would have to find the culprits in friendly territory. After that, local authorities could arrest the hackers and move them to either country.
“The problem is getting the defendants physically into a U.S. courtroom,” William Snyder, a visiting cybersecurity law professor at Syracuse University, told Mashable. “Extradition for state-sponsored crimes is almost never possible until there is a regime change.”
If the hackers are North Korean, they would probably not be found outside their country, and their government would be under no obligation to send them off to trial.
North Korea—along with China and Russia—has not signed on to the Budapest Convention, a 2001 international agreement allowing nations to extradite cyber criminals from countries that have signed the pact.
“It’s tough to force governments to do anything they don’t want to do without resorting to a type of force that we don’t really resort to in these types of cases,” Scott Shackelford, a cybersecurity and international business law professor at Indiana University, told Mashable.
If prosecution isn’t possible, the U.S. could just indict the Sony hackers, assuming it can identify them.
The U.S. government indicted five Chinese military hackers in May for cyber espionage after American nuclear, metals and solar industries were attacked online. Those hackers will probably never appear in an American courtroom, but the inditement restricts where the hackers can hold investments and where they can travel.
“It ruins many vacations in Hawaii,” Peter Swire, a cyberlaw professor at Georgia Institute of Technology, told Mashable.
It’s a slap on the wrist compared with a trial. And, if the Sony hackers turn out to be North Korean, the U.S. might be forced to issue an even weaker response.
“The problem with North Korea is that … we’ve already done about as much you can do on the sanctions front,” James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies, a nonpartisan think tank, told Mashable.
The U.S. has struggled to respond forcefully to cyber attacks that come from beyond its borders. Though Congress has constructed broad laws that are applicable across the globe, there is no binding cyberlaw agreement by which all nations must abide, and that weakens the range of U.S. retaliation options to the point that they are almost useless.
“It’s a global problem, and at the end of the day, it needs a global solution,” Shackelford said.
IMAGE: MASHABLE COMPOSITE Sony-handcuffs
For more on this story go to: http://mashable.com/2014/12/18/north-korea-sony-hack-law/?utm_campaign=Feed%3A+Mashable+%28Mashable%29&utm_cid=Mash-Prod-RSS-Feedburner-All-Partial&utm_medium=feed&utm_source=feedburner&utm_content=Google+Feedfetcher