In January 2010, then US Secretary of State Hillary Clinton launched the modern era of cyber geo-politics by publically blaming China for the Aurora attacks on Google and other companies in a Washington speech that broke every diplomatic convention ever written down.
Hell’s teeth, Clinton is blaming China for hacking American companies, chorused some – shouldn’t that be a private conversation between the US and China at diplomatic level? It was all plain unsettling, embarrassing even. The Chinese were temporarily caught off guard by her public dressing-down, taking several days to respond.
It turned out to be an absolutely defining 'gloves-off' moment on the road to a different kind of world, the one we now inhabit. From now on, cyberattacks were something Presidents and Prime Ministers would not onlly talk about but, shockingly, sometimes shout about too.
Five years later, and the world is still sliding down a hill whose bottom seems as far away as ever. Sony Pictures is in serious trouble after a force 10 cyberattack by the 'Guardians of Peace' (a phrase used by Richard Nixon), losing friends on all sides and many think its executives will soon be gonners. That remains to be seen but there is no question that the 2014 Sony Pictures hack will go down along with Clinton’s speech as an important moment.
Its significance is this – as I suggested two weeks ago the attack was carried out if not from within North Korea then under its influence, most likely from Chinese proxies that have already been documented. Security experts are usually reluctant to apportion blame, and who could blame them given its shifting mysterious nature, but from its motive to the malware and command and control used the clues have always suggested this hack was odd.
The attack wasn’t carried purely out for profit – if it had been it would have unfolded differently and been less vindictively destructive - which immediately narrows down the field pretty drastically to ideological actors. And yet it had access to considerable resources, including the ability to work on the attack over months using specialised malware.
With reports suggesting that the FBI will imminently lay the blame for the Sony incident at North Korea’s door, it might be time for security experts to emerge from their state of denial and accept that this could indeed be the first targeted attack on a single company, Sony Pictures, by a country, North Korea.
On this possibility, an HP analysis from a few months ago suggested that North Korea now has the capability to launch cyberattacks from beyond its borders. Nobody paid much attention to it because the country was still seen as a local worry after a massive warning attack on South Korean media organisations in 2013.
If Clinton’s 2010 intervention was the defining moment politically the start of modern cyberwarfare probably arrived three years earier with the 2007 with the now somewhat forgotten attacks on Estonia. These were plausibly connected to groups inside Russia with nationalistic goals and alleged connections to the Russian state. At the time, many predicted that the scale of these attacks were sinister harbingers of something altogether new and so it proved.
North Korea might appear to have little to lose and to have pulled off the perfect asymmetric attack against one of the world's biggest entertainment firms, but it's not a stretch to predict that in time there will be a response from the US. For every action, a reaction. That is why cyberwar is so dangerous.
If we ever arrive at the bottom of this long hill we have to hope that what we find there is not as frightening as some believe it could be.