IE 11 is not supported. For an optimal experience visit our site on another browser.

Sony Hack Is Bad, But the Real Cyberwar Is All Around You

There’s a wider world of ongoing major hacks, with government-sponsored groups or "hacktivist" collectives attacking critical infrastructure.
Image: Illustration ot man typing on a computer keyboard
The FBI is warning that unknown hackers have launched cyberattack with 'destructive malware' in the U.S. Kacper Pempel / Reuters

Sony is reeling from the effects of its recent massive breach, in which hackers were able to penetrate the company’s systems at a deep level –- and make Hollywood insiders blush by releasing troves of internal data and private emails.

The scope of the breach, and the extent to which Sony was targeted, appears shocking to the public. But cybersecurity experts say this is happening all around you: There’s a much wider world of ongoing major hacks, with government-sponsored groups or "hacktivist" collectives mounting attacks against financial institutions, private companies, infrastructure and the military.

"From a critical infrastructure and economic perspective, we’ve seen a lot worse than Sony," Jeff Bardin, the chief intelligence officer at cyber-intelligence and training firm Treadstone 71, told NBC News. "Let's put it in the context of the real issues: attacks on our power grid, our banks, are happening."

The FBI said Friday its investigation concluded North Korea is responsible. Some cybersecurity experts have expressed skepticism because of North Korea's small size and perceived lack of technical knowledge.

Even if North Korea is responsible, several cybersecurity experts told NBC News they don't believe the attack constitutes a true act of "cyberwar" because it wasn't aimed at a critical piece of infrastructure or economy.

And those cyber-warfare attacks are typically done quietly. They’re designed to hamper infrastructure, gain intelligence, and cripple energy grids. The attacks come from all over: the United States, China, Israel and Russia, as well as smaller countries like Syria, Iran and North Korea, according to a 2013 report from cybersecurity firm FireEye. The group predicted future attacks may come from countries one might not expect, including Poland, Brazil and Taiwan.

"Nation-state activity has occurred since there was espionage," said Dave Aitel, the CEO of cybersecurity firm Immunity, Inc. "But it’s quite recent that the cyber portion became so strong. When you put everything on the Internet the way we've been doing the past five years, that's when you get really damaging effects."

Some attacks aim to inflict that damage on a massive scale by breaching nuclear plants, energy firms and other infrastructure, or defense contractors and the military. Other cyberattacks target commercial entities like banks and manufacturers, and their employees who carry valuable information on their laptops and smartphones. Here are just a few big attacks:

  • The most infamous of these campaigns is Stuxnet, a complex and sophisticated computer worm first discovered in 2010. For 17 months, the worm sped up the centrifuges at Iran's nuclear enrichment center in Natanz while undetected, damaging but not destroying them. Stuxnet temporarily disabled one-fifth of the Iranian facility's centrifuges, setting back the country's nuclear program by two years, cyber-defense expert Ralph Langner wrote in Foreign Policy. Documents leaked by former National Security Agency contractor Edward Snowden said the U.S. and Israel developed the worm together.
  • Iran reportedly launched its own attacks against the U.S., including a 2013 assault that went after U.S. energy companies. The country was reportedly able to gain access to software that controls oil and gas pipelines. Separately, Iran also reportedly launched a 2012 cyberattack against Saudi Arabian oil firm Saudi Aramco in which 30,000 of the company's computers were knocked offline.
  • In a series of attacks called Operation Aurora, hackers attacked companies including Google, Northrop Grumman, Morgan Stanley, security firm Symantec and more. Experts believe China was responsible for the attack. Google disclosed the campaign in a 2010 blog post, saying evidence pointed to hackers trying to access the Gmail accounts of Chinese human rights activists.
  • In early 2013 the Russian security firm Kaspersky Lab published research on a vast cyber-espionage ring they dubbed "Red October." The malware targeted government agencies, embassies, research institution, energy companies, infrastructure and others around the world -- mainly within the former Soviet Union. Kaspersky said it suspected Russian-speaking operatives working with Chinese hackers to launch the malware, which had been spreading for five years.

  • Also in 2013, pro-government group Syrian Electronic Army (SEA) launched multiple types of cyberattacks against governments and media both at home and abroad perceived to be against Syrian President Bashar al-Assad. Targets included the New York Times and communication tools like Skype, Tango and Viber that Syrian activists used. The group was able to compromise The Associated Press' Twitter account and posted a message saying President Obama had been injured in an attack on the White House. The tweet caused a brief dip in stock markets, erasing $200 billion in value.

Such campaigns have only continued in the years since, and they have become increasingly complex, said Frank Cilluffo, director of the cybersecurity initiative at George Washington University. "From here on out, every form of conflict will have a cyber element in it," he added. "Companies are at the front of this war and they're not necessarily prepared."

During November 2014 alone, researchers uncovered two major new cyberattacks. Symantec released a report on the highly complex Regin malware, in which about half of the attacks identified targeted "private individuals and small businesses." Just about half of the targets were in Russia and Saudi Arabia, and Symantec compared the scope of the malware to Stuxnet. Symantec said the complexity of the malware pointed to a state-sponsored attack but would not specify beyond that; other experts suspect it is an American-British project.

That announcement came just two weeks after Kaspersky Labs unveiled the Darkhotel espionage campaign, which for seven years targeted people using the Internet in luxury Asian hotels, and is thought to be still active. Experts have said the malware appears to be linked to a South Korean coder.

Aitel, the Immunity, Inc. CEO, said these campaigns "are all part of a future in which this is the reality" for companies across sectors and country lines. He believes it may push countries to sign cyberwarfare treaties and form alliances.

"At a certain point, all of this has to force large-scale cooperation between countries, more working together to combat this," Aitel said. "We see where the lines are being drawn. Now the question is: How do we fight against it?"