U.S. Said Set to Blame North Korea for Sony Cyber Attack

Updated on
Security is seen outside The Theatre at Ace Hotel before the premiere of the film "The Interview" in Los Angeles, California on Dec. 11, 2014. Sony Corp.’s Culver City, California-based studio today canceled the planned Dec. 25 release, after several major theater chains said they wouldn’t show the picture. Source: AFP/Getty Images

U.S. officials plan to announce this week that North Korea is behind the cyber-attack that crippled Sony Pictures Entertainment computers and forced the studio to pull “The Interview,” a person briefed on the FBI probe said.

U.S. law enforcement and intelligence officials have gathered sufficient evidence to determine with high confidence that the North Korean government is responsible, said another person, who wasn’t authorized to speak publicly. It’s not entirely clear whether operatives from the country carried out the hack or sponsored it, said the person, a U.S. official with knowledge of the investigation.

An announcement could come as soon as Thursday, CNN reported. Sony Corp.’s Culver City, California-based studio on Wednesday canceled the planned Dec. 25 release, after major theater chains said they wouldn’t show the picture.

The cyber-attack may spur the U.S. government to define what -- if any -- responsibility and authority it has to protect private companies that control major parts of the nation’s financial, energy and communications infrastructure.

“This will definitely put pressure on the U.S. government to do something,” said Jason Syversen, the founder and chief executive officer of Siege Technologies, which develops defenses against cyberweapons. “This is a statement that will demand action, and the question is what is that action going to be.”

Retaliation Hurdles

The hacker group invoked Sept. 11 this week in threatening movie fans with violence if they went out to see the film. The Seth Rogen comedy about a plot to assassinate North Korean leader Kim Jong Un drew condemnation from that country. In late November, attackers crippled the movie studio’s computers and began releasing thousands of internal documents, including e-mails, salaries and medical histories.

Officials reached their conclusion days ago, but have hesitated in making it public because the administration hasn’t determined how to respond.

“The U.S. government is working tirelessly to bring the perpetrators of this attack to justice,” Bernadette Meehan, a spokeswoman for the National Security Council, said in an e-mail. “We are considering a range of options in weighing a potential response.”

The most obvious retaliatory tools, imposing economic sanctions or restricting trade and financial dealings, would have no effect on the isolated nation, which the United Nations has sanctioned for its nuclear weapons program.

“We can’t just cut them off economically, because what are we going to cut off,” Syversen said. “This is a very tough problem to solve.”

Escalation Concerns

Further complicating the matter, said the U.S. official with knowledge of the investigation, are the tense relations with the two nations that could pressure North Korea, China and Russia.

Another issue is whether the U.S. Cyber Command, co-located with the National Security Agency at Fort Meade, Maryland, should retaliate against attacks sponsored or carried out by foreign governments, in this case North Korea.

The first obstacle to retaliation, the official said, is identifying the source, which is much more difficult than determining with certainty who launched a missile, dropped a bomb, shot someone or even carried out a terrorist attack.

A second and perhaps greater obstacle, the official said, is the danger of a retaliatory attack escalating into an uncontrollable cyberwar that some have suggested could threaten the U.S. economy and financial system.

U.S. Options

Sony’s internal probe determined in early December that hackers were linked to a group known as DarkSeoul, which U.S. and South Korean officials have linked to North Korea. However, company executives, including Sony’s general counsel, decided in a meeting on Dec. 3 that the attribution would have to come from the FBI.

The U.S. has some options that may make a significant impact on Kim’s authority and the ability to keep the regime together, said David Maxwell, a retired U.S. Army Special Forces colonel and Asia expert who is now associate director of the Center for Security Studies at Georgetown University’s School of Foreign Service.

With China’s tacit support, the U.S. could focus on the financial actions of the regime’s illicit activities and impose sanctions on financial institutions as it has in the past, Maxwell said.

Cyber Operations

Additionally, the U.S. could persuade other countries to enforce national laws, making it harder for North Korean diplomats to use their immunity to generate hard currency for the regime. The U.S. could also step up proliferation enforcement and conduct cyber-operations against North Korean commercial interests, Maxwell said.

Jason Healey, director of the cyber statecraft initiative at the Atlantic Council in Washington, said it’s unlikely the U.S. will retaliate against North Korea in cyberspace because the country’s Internet footprint is so small.

“It’s a little like unleashing the Air Force on the Islamic State,” Healey said. “If the bad guys only have pickup trucks, there is only so much damage you can do.”

The U.S. may opt to use an international panel like the one convened in 2010 after North Korea was suspected of sinking a South Korean naval vessel, killing 46 seamen, Healey said.

In that case, South Korea, the U.S., the U.K., Australia, Canada and Sweden presented findings of a joint investigation, which further isolated North Korea.

“My hat is off to U.S. government to finally stand up and name and shame when it comes to a cyber-attack by another nation state,” Healey said. “But we have to be cautious in expecting too big a response.”

(An earlier version of this story was corrected to remove source attribution to announcement.)

Before it's here, it's on the Bloomberg Terminal. LEARN MORE