President Obama’s announcement Friday of sanctions against North Korea set a new precedent in responding to cyberattacks, government officials said, even as many outside analysts doubt the government’s conclusion that the North Korean government was behind the breach at Sony Pictures Entertainment.
The Treasury Department said it would impose financial sanctions on three North Korean government entities and 10 individuals as a response to the attack on Sony that resulted in a Christmas time drama over the release of the Sony comedy “The Interview.”
Although a number of outside cybersecurity experts have questioned the government’s conclusion that North Korea was behind the hacks, U.S. officials defended their analysis of the event while offering few new details about the evidence.
“We’re standing by our assessment, and when I say our assessment, it’s the FBI’s along with the [U.S. government’s] — the intelligence community, DHS and foreign partners. Also private industry,” an administration official said Friday.
Government officials also said that part of the reason to target North Korea for additional economic sanctions was to respond to what the Obama administration sees as a precedent-setting cyberattack.
“We take seriously North Korea’s attack that aimed to create destructive financial effects on a U.S. company and to threaten artists and other individuals with the goal of restricting their right to free expression,” White House spokesman Josh Earnest said Friday. “As the president has said, our response to North Korea’s attack against Sony Pictures Entertainment will be proportional, and will take place at a time and in a manner of our choosing. Today’s actions are the first aspect of our response.”
A senior administration official said that “it’s extremely rare for the U.S. government to take this step,” and that it was taken because of the unique threat posed by North Korea. “We really do see it as crossing a threshold,” he said.
Over the past few weeks, a range of notable cybersecurity experts have questioned the Federal Bureau of Investigation’s initial conclusion that the North Korean government was behind the breach.
Previously the FBI had spelled out its logic in a statement issued Dec. 19, noting that the malware used in the attack was related to malware that North Korean actors had developed, and that Internet protocol addresses associated with North Korea communicated with IP addresses used in the attack. They also noted the similarities between the tools used in the breach and those used in a North Korean attack on South Korean banks and media last year.
But a number of private-sector analysts have dismissed that evidence as inconclusive, saying those elements could have been used by non-state hackers or by hackers aiming to pin blame on the North Korean government.
Scott Borg, a security expert with the U.S. Cyber Consequences Unit, wrote Friday that the “forensic evidence that does point to North Korea is all ambiguous and circumstantial.”
Other experts have claimed that it’s difficult to assign blame for cyber breaches in general, a reality underscored by the attack on JPMorgan Chase and other Wall Street banks in August. Administration officials initially told some media outlets that the Russian government was involved in the attacks, but FBI and Secret Service officials later ruled out that possibility.
Nevertheless, the administration stood by its appraisal of North Korea’s role in the hacking, citing intelligence that would not be available to outside experts.
“Understanding that some of these cybersecurity firms don’t have access to the same channels, classified channels of information and sensitive collection that we do, we stand firmly behind our call that the DPRK was behind the attacks of Sony,” the senior administration official said.
But officials acknowledged that none of the agencies, businesses or people designated for sanctions necessarily had anything to do with the hack that resulted in Sony’s emails, scripts, and files being stolen and used in threats against the company.
“The specific entities that are being designated, the specific people that are being designated are not being sanctioned because of involvement in the cyberattack. They’re being designated to put pressure on the North Korean government,” a senior administration official told reporters Thursday.
The official said that the Treasury had previously sanctioned Syrian and Iranian entities for human rights abuses committed using cyber tools, but that “this is the first time that we are responding to a cyberattack” specifically.
