Skip to main content

Workers remove the poster for "The Interview" from a billboard in Hollywood, California, December 18, 2014 a day after Sony announced it had no choice but to cancel the movie's Christmas release and pull it from theaters due to a credible threat.

VERONIQUE DUPONT/AFP/Getty Images

Sony Corp.'s decision to pull a motion picture release in response to retaliatory terror threats represents an alarming development in the seemingly unstoppable cybercrimewave that has engulfed the world, security experts say.

The Sony situation "is a new and very devastating breach type," said Ray Boisvert, former assistant director of intelligence with the Canadian Security Intelligence Service. He said the threat shows the widespread impact cybercriminals can have. "We need to think about this: Have we moved from the age of the breach to the age of obliteration?"

U.S. officials reportedly believe North Korea is behind the attacks on Sony Pictures Entertainment, which started last month when a group calling itself Guardians of Peace released embarrassing e-mails, unreleased scripts, salary details and other corporate information hacked from Sony's computer systems. That escalated to threats of violence and destruction at theatres that screened The Interview, a fictional comedy about the attempted assassination of North Korean leader Kim Jong-un. After several cinema chains said they wouldn't screen the film, Sony pulled the movie a week before its Dec. 25 release date, a costly decision that has drawn criticism from prominent Hollywood and Washington figures. Pyongyang has denied any involvement in what amounts to a cross between cyberterrorism and economic sabotage.

Story continues below advertisement

John Proctor, vice-president of global cybersecurity with Montreal information technology services firm CGI Group Inc., said this is "more of a terror-type event" that runs "completely against the norm of what we see in cyberspace."

Cybercrime typically involves the stealthy infiltration of malicious software into corporate or government computer systems, followed weeks, months or even years later by the electronic extraction of data. These data breaches, including the theft of millions of credit-card numbers from Target and Home Depot, have become pervasive and costly nuisances for companies and government agencies alike, and a source of continual annoyance for individuals who have to constantly change their passwords and sometimes cancel exposed credit cards.

Inadequately prepared data keepers have spent tens of billions of dollars on cyberdefences to counteract increasingly sophisticated cybercriminals. Data raiders have perpetrated more serious breaches, including the theft of health-care and social-security information, state-sponsored cyberespionage and, in some cases, using malware to lock down computers until the owners pay "ransoms" to have them unlocked. But they typically target items of value they can sell illicitly on the black cybermarket, such as batches of credit-card numbers and exploitable bugs in popular computer programs. At the same time, "hactivists," such as those associated with Anonymous, have also been wreaking havoc online.

But the Sony situation and other recent attacks on large corporations are a different breed of attack, allegedly backed by governments in sanctioned states such as Russia, Syria and Iran and seen as a malevolent form of diplomatic payback, said Avivah Litan, a Washington-based cybersecurity analyst with technology research firm Gartner. "This is a whole new form of warfare that wasn't possible a few years ago that makes every private sector company a soldier in this army," she said. "They're not equipped to take on that role."

Some have criticized Sony for being poorly prepared for a cyber attack despite past breaches, and for overreacting after police questioned how credible the violence threat was. But Ms. Litan said the cyberattacks coupled with threats of actual physical violence "takes it to a new level we've never seen before … Every corporation has to be really nervous right now. It's not the last attack we'll see like this."

Steve Weisman, author of Identity Theft Alert and a senior lecturer at Bentley University in Waltham, Mass., said what happened to Sony "is pretty bad but it's not as bad as having the power grid or water systems go down, or the financial system affected. All these things are possible targets of cyberwarfare. This should be a wake-up call for government agencies and private companies."

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter