Maybe I should be outraged by Sony’s decision not to distribute the movie The Interview, but I am merely saddened by it. I am saddened that a hacking incident with all the hallmarks of a simple case of extortion has been distorted so it looks like a terrorist threat.
Taking a step back: Sony was hacked by one or more people who, according to all the information available, were located in Thailand. They apparently made an extortion attempt against Sony, and Sony ignored it. In response, the hackers acted like script kiddies and started vindictively posting the stolen information. Somewhere along the way, the hackers started to focus more on The Interview, a comedy, slated for Christmas release by Sony, in which two journalists wrangle an interview with North Korean dictator Kim Jong Un, and then are recruited by the CIA to assassinate him. Not so coincidentally, this new focus coincided with rising media speculation that North Korea may have been involved in the attack. What was supposed to be the smoking gun that “proved” North Korea’s involvement was the revelation that some of the malware used in the attack was apparently sourced from malware used in an attack that was legitimately attributed to North Korea.
As their demands went unmet, the attackers made a somewhat offhand threat, saying that theaters that showed The Interview would be targeted for attack. As fears grew that a specific threat of a 9/11-style attack had been made, some movie theater chains said they would not show the movie. Eventually, when a critical mass of theater owners had said this, Sony announced that it was pulling the movie and would not even make it available through video on demand.
Meanwhile, unnamed U.S. government officials this week told some reporters and politicians this week that North Korea was behind the attacks. This has not been followed up by an official accusation by the U.S., but there are reports that the U.S. government might issue a statement that says the Sony hack was “sanctioned” by the North Korean government. Given that this affair started as an extortion attempt and only gained political overtones when that was convenient, I’m highly skeptical of any claims that North Korea had any significant involvement in the attacks. And I suspect that what “sanctioned” actually means will remain vague. I smell opportunism in those anonymous accusations by U.S. officials; here was a chance to take a somewhat skilled hack attack against a questionably secured company and turn it to advantage by gaining crucial support for improving the U.S.’s cyberwarfare capability.
And if the U.S. does end up accusing North Korea of sanctioning the Sony attack and the subsequent terrorist threats against U.S. citizens, then shouldn’t we expect the U.S. to take meaningful action against North Korea?
In the end, though, I just find it to be a sad state of affairs when an anonymous hacker, whose language patterns appear to be those of an immature and arrogant teenager with a shaky command of the English language and who is apparently located 10,000 miles away from any of the threatened targets, can have such an impact on what the U.S. public can see at its local cineplex.
If I’m wrong in that assessment and North Korea was actually behind the attack, then we’re talking about something much bigger than Hollywood; we’re talking about a situation that raises the possibility of a military attack by the U.S. against a foreign government.
But whether this was a script kiddie or Kim Jong Un, we are dealing with a not very credible terrorist threat. Not that you can tell that through the glare of the media hype.
Like nearly everyone on the planet, of course, I haven’t seen The Interview. I did, however, see the trailer back when the movie was still expected to be released this month. The thing about comedies is that, if they are at all funny, the trailers tend to be very funny indeed. My assessment was that the movie had an intriguing comedic concept, but it didn’t look all that funny. Still, the movie probably would have had some minor success. Now that it’s had more publicity than Gone with the Wind, though, Sony is in possession of a hot property that it dare not release.
At least, it dare not now. I expect that Sony will shelve the movie for a while, but before this whole thing is completely forgotten, it will release it, touting it as the movie that North Korea wanted banned. I rest this prediction on the fact that all the publicity has motivated law enforcement to definitively identify the attackers and minimize any threat they may pose. Once that happens, Sony and the theater owners who are wary of showing the movie now will have less reason to fear attacks.
As for those theater owners and their role in caving in to the attackers’ demand, it’s important to understand the movie business model. Theaters only keep around 20% of movie ticket proceeds. The margins are slim, which is why selling popcorn remains the key to a movie house’s profitability. Given those small margins, theater owners are naturally going to be reluctant to pay for extra security measures, and they’re also not exactly eager to let one of their theaters become another Aurora, Colo., especially when the public is likely to paint them as callous and greedy, with indifference to their safety.
The theater owners feel another pressure. Many cineplexes, of course, are situated in shopping malls. The malls don’t want the kind of trouble threatened by the hackers, especially during retailers’ make-or-break holiday season.
So, even though I don’t see the threat as credible, I find the theater owners’ reaction understandable. The theater chains are victims of Sony’s inadequate security and the business model imposed on them by the studios.
Considering this situation, The Interview is going to have to be one very funny movie to make me laugh.
Ira Winkler is president of Secure Mentem and author of the book Spies Among Us. He can be contacted through his Web site, securementem.com.