The first days back at work after a long holiday break are often difficult — the days are short, the commutes are long, while temperatures (and motivations) are low. Hopefully you had a relaxing Christmas break, and were able to spend quality time with friends and family. I certainly did; for me, this year’s holiday break was one of the best I’ve had in years. In fact it was perfect, with one exception — on Christmas Day, perhaps after a bit too much Scotch, my family and I made an ill-advised decision to watch ‘The Interview’.
Unless you actually do live in North Korea you have by now probably heard about this film, in which the CIA co-opts two numbskulls into an assassination plot against Kim Jong-un. My family and I were able to watch from the comfort of our living room thanks to YouTube Movies (nope, I’d never heard of this service before, either) as Sony Pictures chose not to release the film in theaters.
I can safely say that this was one of the worst films that I have seen in a long time, with a ridiculous and implausible plot, excessive amounts of lowbrow humor and cartoonish violence, and one of the most annoying character performances (kudos, James Franco) that I have seen since Jar Jar Binks single-handedly mutilated the Star Wars franchise. In short, the film is garbage and if you haven’t seen it — don’t bother. You’ve been warned.
I chose to write about this turkey of a film, not because of my aspirations to become a film critic, but rather because of the geopolitical slugfest that has commenced since its ‘release’ and, more importantly, its implications.
Let’s review a quick chronology of events that lead up to the present day:
Early November 2014: Sony’s internal systems are hacked in November by an individual or group calling themselves the ‘Guardians of Peace’. The GoP said that if its demands were not met then secret data would be ‘shown to the world’. (Interestingly, the group never actually stated its demands).
Late November 2014: Several unreleased Sony films are uploaded to popular file-sharing sites. ‘The Interview’ was not one of them. Sensitive internal data – to include employee salaries and celebrities’ personal details – were also shared publicly.
Early December 2014: The hackers threaten ‘9/11-style attacks’ against any cinema that dares to screen ‘The Interview’, which is scheduled to be released on Christmas Day.
Mid December 2014: Sony’s senior management – some of whom are embarrassed when internal (and racially insensitive) emails are released to the public, hit the panic button. The studio decides to cancel a pending theatrical release on Christmas Day, claiming that major US cinema chains have refused to show it due to the perceived risk). Sony (a film studio with Japanese owners) is promptly ridiculed by the public, and even by President Obama, for ‘acting un-American‘.
Late December 2014: Though they fail to produce any hard evidence, the FBI accuses North Korea’s Kim regime of masterminding the Sony hack. Here is a link to their full, unabridged statement. For purposes of brevity, I will only include the following excerpt:
“…the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on…
…Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed…
…The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. Government has previously linked directly to North Korea…
…Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea…”
Note the highlighted statement in the first paragraph (effectively, “You’ll just have to trust us on this one”). You may recall recent uses of this tactic, such as in 2003 when the FBI’s intelligence counterparts cited ‘clear and convincing’ evidence of Iraqi WMD, or again in May 2013 when an FBI agent shot and killed a key witness to the Boston Marathon bombing during an ‘interview’ at the subject’s residence.
I would happily provide a factual rebuttal to the FBI’s statement in this case – however in this instance I will defer to the much more capable hands of America’s foremost cyber-security experts:
From Kurt Stammberger of Norse, a computer security firm:
“We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history,” said Stammberger. He says Norse data is pointing towards a woman who calls herself “Lena” and claims to be connected with the so-called “Guardians of Peace” hacking group. Norse believes it’s identified this woman as someone who worked at Sony in Los Angeles for ten years until leaving the company this past May. “This woman was in precisely the right position and had the deep technical background she would need to locate the specific servers that were compromised,” Stammberger said.
From Bruce Schneier, as published in The Atlantic:
“I am deeply skeptical of the FBI’s announcement [on Friday] that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it…it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads…?Sony, after all, is a company that hackers have loved to hate for a decade. The most compelling evidence for this scenario is that the explicit North Korean connection—threats about the movie The Interview—were only made by the hackers after the media picked up on the possible links between the film release and the cyberattack…”
But the coup de grace comes from Marc Rogers, Director of Security Operations for DEFCON (the world’s largest hacker conference). His full takedown of the FBI’s claims is too lengthy to show in its entirety (read the full version here), but it’s devastating:
“The first piece of evidence described in the FBI bulletin refers to the malware found…[they are] likely referring to two pieces of malware in particular, Shamoon and DarkSeoul. Even if these prior attacks were co-ordinated by North Korea—and plenty of security experts including me doubt that—the fact that the same piece of malware appeared in the Sony hack is far from being convincing evidence…Just because two pieces of malware share a common ancestry, it obviously does not mean they share a common operator…Increasingly, criminals actually lease their malware from a group that guarantees their malware against detection…”
“The second bit of evidence given by the FBI is even more flimsy. The FBI claims that the Internet addresses found after the Sony Picture attack are “known” addresses that had previously been used by North Korea in other cyberattacks. To cyber security experts, the naivety of this statement beggars belief. Note to the FBI: Just because a system with a particular IP address was used for cybercrime doesn’t mean that from now on every time you see that IP address you can link it to cybercrime.”
“Essentially, we are being left in a position where we are expected to just take agency promises at face value. In the current climate, that is a big ask.”
“The hackers dumped the data. Would a state with a keen understanding of the power of propaganda be so willing to just throw away such a trove of information? The mass dump suggests that whoever did this, their primary motivation was to embarrass Sony Pictures.”
“Blaming North Korea offers an easy way out for the many, many people who allowed this debacle to happen. You don’t need to be a conspiracy theorist to see that blaming North Korea is quite convenient for the FBI and the current U.S. administration. It’s the perfect excuse to push through whatever new, strong, cyber-laws they feel are appropriate, safe in the knowledge that an outraged public is fairly likely to support them…”
But wait, you say, Americans aren’t that gullible. A rational review of the evidence, coupled with the government’s failure to surpass the burden of proof that is necessary when making accusations against another sovereign state…surely we have learned our lessons from Iraq, Syria et al.
And in response…I give you the good people of New York City, who queued up for hours at cinemas around the city on Christmas Day to (in their own words) “take a stand for freedom”:
The point of all this is not to make light of the increasingly dubious claims made by America’s security apparatus, or the (increasingly uncomfortable amounts of) blind faith that its citizens are willing to place in their unelected officials. Instead, it is to illustrate a growing contrast between the official Western narrative on North Korea, and what can best be described as the truth.
The familiar caricature of North Korea is one of gulags, penury, and despair. Have you actually spoken to someone who has traveled to the DPRK? And I’m not talking about a government staffer who attended a three-day trade mission, or even a tourist. How many people do you know who have done business in the country? Over the past couple of years, and no small amount of effort, I have met and learned from many such people. These are not ‘useful idiots’, but seasoned businessmen with no political agenda who describe a very different country than the Hollywood parody.
Conversations with such people help me to discover the following stories, which are publicly available:
From Andrei Lankov, a well-known expert on the DPRK whose writings were featured in the WSJ’s blog:
“Recent news leaves little room for doubt: the Kim Jong Un government is far more serious about reforms than I, or indeed most observers expected. According to recent reports, from next year, the North Korean government will implement a set of policies known as the ‘May 30 Measures.’If current reports are to be believed, from next year North Korean farmers will be allowed to keep 60% of their harvest for themselves. In addition, they will be allocated large kitchen plots…which is unprecedented by North Korean standards.[These measures] were largely responsible for the record-breaking harvest of 2013, as well as North Korean farmers’ resilience in the face of drought this year…
“[Factory managers] are also to be given the right to manage their workforce as they like, hiring and firing at will. Indeed, the “May 30th Measures” also include policies designed to transform industry. The “director responsibility system,” which has been tested in a few select factories and mines this year, is going to be made universal. Under the new system, North Korean factory managers will be given the right to buy spare parts and raw materials freely, from any suppliers that they deem fit, and sell finished products as they like. They are also to be given the right to manage their workforce as they like, hiring and firing at will. Members of two foreign delegations that recently visited the North have told the present author that their hosts emphasized that, under the new system, factory directors will be no different from a CEO in a market economy, and this seems to be the case.”
“The Kwangbok shopping complex, located in downtown Pyongyang, is the first of its kind in the highly planned economy, [and] has been a witness of the growing purchasing power of the DPRK people since Kim Jong Un took power in late 2011…displayed on the shelves are not only domestic commodities, but goods shipped from other countries like China, Vietnam and Singapore….the shopping center, with a floor area of more than 27,000 square meters and a business area of 13,000 square meters, is indisputably the biggest one so far. It is also one of the very few supermarkets that accepts only domestic currency — the DPRK won — other than U.S. dollars, euros or Chinese yuan. Wang Ping, a Chinese representative of the shopping center, said he is considering opening new outlets in Pyongyang as the only complex is seemingly inadequate for the ballooning demands of consumers.
Perhaps most importantly – and this might best explain the US government’s sudden eagerness to implement new sanctions – the DPRK is now on the receiving end of a Russian charm offensive. As I have previously written, the Kremlin is working hard to influence the Hermit Kingdom by forgiving nearly US$10bn in Soviet-era debt, and giving the DPRK an opportunity to become an energy transit country for Russian oil and gas pipelines into South Korea, with all of the financial benefits that would entail. Both the Russians and Chinese are eager to have access to North Korea’s Rajin port, given its position as the northernmost year-round port on the Asian Pacific rim.
Understand that I am not promoting a theme of blind optimism here, and neither am I denying that the Kim regime is oppressive and odious. The DPRK’s ruling class has an atrocious human rights record and this fact must be remembered. However I am increasingly of the opinion that North Korea is slowly but surely implementing market reforms. This is a country that watches China intensely, and relies upon it wholeheartedly. Over the past twenty years they have watched China’s evolution into a global power, and those in power are fully aware of the South Korean economic miracle that is currently on display just across the DMZ. (Remember that, until the 1980s, North Korea was a more advanced economy than the South).
More importantly, I do believe that North Korea’s location – squarely in the midst of North Asia, which promises to be one of the world’s most significant sources of geopolitical tension for the next generation – means that those who want to better understand our world need to adopt a more objective approach toward the Hermit Kingdom. And by that, I don’t mean tuning in every time one of CNN’s talking heads tells a funny story about Kim Jong Un’s alleged gout.
As the cyber-security world has already pointed out, today’s governments and media have every incentive to inundate their people with lies and falsehoods. The question that everyone must ask themselves is, when it comes to learning about North Korea, do you want to find out the truth for yourself – or do you want to be the one standing in line to watch an over-rated film because your government told you to?
When it comes to the DPRK, I don’t claim to be one of the experts – but I know where to find them, and you won’t see them on a Fox News split-screen interview anytime soon. Contact me if you would like to learn more about how to better understand the ‘ground truth’ inside the Hermit Kingdom.