Page 47 - index
P. 47
Cause fear and/or physical harm through cyber techniques
Be against a critical infrastructure sector such as financial, energy, transportation, and/or
government
Target essential services
Not have financial gain as its primary motive
Applying these simple criteria to the SPE attack shows that it is not act of cyberterrorism. The target
was SPE, not a political entity. As a commercial organization, SPE is not in the business of setting
national policy. While the attackers certainly threatened violence against those theaters that
screened the movie (Lang, 2014), most people would not consider cinemas critical infrastructure
sectors under current policy (US Department of Homeland Security, 2014), nor are movies essential
services. Because the motive is truly indiscernible, the debate surrounding the source of the attack
rages on (Laughland & Rushe, 2014; Rogers, 2014; Spargo, 2014),. In totality, we have the attack
against SPE meeting only one of Ahmed and Yunos’ (2012) benchmarks: fear of physical violence.
Though significant, fear alone does not qualify the attack as cyberterrorism.
Then What Was It?
For the sake of argument, let us assume North Korea is responsible for the strike on SPE. Any
implication of state-sponsorship of such a cybersecurity incident would constitute an act of war
according to some (Shiryaev, 2012). If a country uses its territories or assets in attacks against
other states, it would be a violation of the International Court of Justice (Shiryaev, 2012). Shiryaev
(2012) further notes that the 1970 Friendly Relations Declaration of the United Nations requires
countries not to shape, initiate, support, or contribute to terrorist acts against other nations.
While he does say, “If one country organizes, actively supports, or contributes to the commission of
one or more terrorist offences through cyber-space, it can be said to be a state-sponsor of
cyberterrorism,” (Shiryaev, 2012, p. 151) this was not a terrorist attack per Ahmed and Yunos
(2012). Unfortunately, this is all new territory; to date, no country has admitted to conducting a
large-scale cyber assault against another nation.
On the other side of the assumption, North Korea had no role in the attack on SPE. In that case, the
definition is easier to understand: it is cybercrime. McQuade (2006) defines cybercrime as using a
computer (or related electronic instrument) to conduct unlawful activities. Cybercrime is pervasive in
the US. A recent survey by cybersecurity software firm McAfee and the Center for Strategic and
International Studies (CSIS) asserts cybercrime cost the nation upwards of $100 billion in annual
losses and as many as a half-million jobs in 2013 (United Press International, 2013).
If the Guardians of Peace is just another hacker group looking to gain financially from the SPE
attack or simply make a name for itself, its activities make it an organization that commits crimes
against companies–significant and interesting, but not cyberterrorism.
47 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
