Obama Vows U.S. Response to North Korea Hack Attack on Sony

Updated on
Kim Jong Un
North Korean leader Kim Jong Un. Photographer: Ed Jones/AFP via Getty Images

President Barack Obama said the U.S. will respond to North Korea’s cyber-assault on Sony Pictures Entertainment “in a place and time and manner that we choose,” adding that he thought the studio made a mistake by canceling the release of a movie linked to the attack.

In his first extensive public comments on a hacking attack the U.S. Justice Department today said was carried out by the North Korean government, Obama said companies shouldn’t be intimidated.

“We cannot have a society in which some dictator in some place can start imposing censorship here in the United States,” Obama told reporters in Washington today.

The cyber-attack on Sony computers exposed Hollywood secrets, destroyed company data and caused the studio to cancel release of “The Interview,” a comedy about a fictional assassination of North Korean leader Kim Jong Un. The hackers rendered thousands of computers inoperable and forced Sony to take its entire computer network offline.

Sony Corp.’s Culver City, California-based studio canceled the Dec. 25 release of the Seth Rogen comedy “The Interview” after major theater chains said they wouldn’t show the picture. A group claiming credit for the cyber-attack invoked the Sept. 11, 2001, terrorist attacks in threatening movie fans with violence if they went to see the film.

Chinese Servers

Much of the data stolen from Sony’s networks passed through Chinese servers and Internet providers on the way to the hackers, said a person familiar with investigation who wasn’t authorized to speak on the record.

There is no evidence of direct Chinese participation but the country does keep a close eye on data moving through its networks, suggesting it may have been aware of the North Korean attack and did nothing to alert officials in the U.S., the person said.

When asked if China assisted in the Sony attack, Obama said the U.S. has “no indication that North Korea was acting in conjunction with another country.”

Malicious software in the Sony attack revealed links to malware previously used by North Koreans, the FBI said. The tools used also were similar to a cyber-attack in March 2013 against South Korean banks and media organizations.

“We will respond,” Obama said, without specifying any actions. “We will respond proportionally and we will respond in a place and time and manner that we choose.”

‘Cost, Consequences’

The Federal Bureau of Investigation said it will “impose cost and consequences” on those found to carry out cyber-attacks, though it didn’t name any specific retaliatory actions for the Sony hack.

U.S. Secretary of State John Kerry said the U.S. will “work with partners around the world to strengthen cybersecurity, promote norms of acceptable state behavior, uphold freedom of expression, and ensure that the Internet remains open, interoperable, secure and reliable.”

Among the options is a return of North Korea to the list of designated state sponsors of terror. President George W. Bush’s administration removed that designation amid efforts to negotiate restrictions on the regime’s nuclear weapons program. A State Department spokeswoman declined to say if that option is under consideration.

National Security Council spokeswoman Bernadette Meehan said in a statement that “some responses you’ll see and others you may not,” while declining to discuss details.

‘Significant Harm’

“North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said. “Such acts of intimidation fall outside the bounds of acceptable state behavior.”

North Korea’s diplomat at the United Nations, Kim Song, today denied the nation’s involvement in the cyber-attack. The state-run Korea Central News Agency on Dec. 7 cited an unnamed defense spokesman as saying North Korean supporters may have attacked Sony’s computers in “righteous” anger over the upcoming release of a comedy about a plot to kill Supreme Leader Kim.

Sony received a new threat from purported hackers, congratulating the studio for shelving the film and demanding it never be shown.

“It’s very wise that you have made the decision to cancel the release of ‘The Interview,’” said the e-mail, which was sent to executives including Sony Pictures Chairman and Chief Executive Officer Michael Lynton and co-Chairman Amy Pascal, according to a person with knowledge of the situation. “It will be very useful for you.”

No Alternative

In an interview with CNN today, Lynton said he had no choice but to cancel the film and doesn’t consider it a mistake.

“We have not caved. We have not given in,” Lynton told CNN, according to a Twitter post by one of the network’s producers.

By pointing the finger at North Korea and yet not taking immediate action, the U.S. shows that it’s considering different options for an appropriate response, said Chris Inglis, former National Security Agency deputy director.

“It’s a very thoughtful approach,” Inglis said. “The government should not be a bull in a china shop.”

Still, he said, the U.S. can’t wait too long because “we don’t want to send a message that this doesn’t matter.”

Some options would include asking China to step in, as it has in the past, additional sanctions, and coordinating a response with other countries including Japan, where Sony is based.

E-Mails, Salaries

In late November, attackers crippled the movie studio’s computers and began releasing thousands of internal documents, including e-mails, salaries and medical histories of employees.

The Sony attack was carried out by “cyber terrorists, bent on wreaking havoc,” Chris Dodd, chairman and chief executive officer of the Motion Picture Association of America Inc., said in an e-mailed statement today.

“This situation is larger than a movie’s release or the contents of someone’s private e-mails,” Dodd said.

The FBI found “there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” in the malware used to delete Sony’s data with other used by North Koreans.

The bureau also discovered that several Internet protocol addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the malware that deleted data in Sony attack.

“The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees,” Homeland Security Secretary Jeh Johnson said in a statement today. “It was also an attack on our freedom of expression and way of life.”

U.S. Response

The cyber-attack may spur the U.S. government to define what -- if any -- responsibility and authority it has to protect private companies that control major parts of the nation’s financial, energy and communications infrastructure.

One thing the Obama administration is unlikely to do is unleash a tit-for-tat cyber-attack, analysts said. Any eventual U.S. response also will likely be unannounced, in order to avoid feeding the North Koreans’ desire for a public showdown with the world’s sole superpower.

“What the North Koreans can’t stand is when no one pays attention to them,” said Joel Brenner, former head of U.S. counterintelligence. “What we do may not be publicly known, but the North Koreans will know who did it.”

The possible options include launching a covert operation against North Korea’s shadowy Unit 121, believed to be responsible for training new hackers. The unit in 2011 is believed to have launched “distributed denial of service” attacks against 40 South Korean government and military websites, according to an intelligence official.

Even so, the Obama administration may be reluctant to retaliate in kind by releasing U.S. cyber-attacks on North Korean computer networks -- particularly over the cancellation of a Hollywood comedy. Any such attack would involve showing the North Korean government what part of its network vulnerabilities the U.S. had identified, thus allowing defenses there to be strengthened, Brenner said.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE