The suspected North Korea computer attack on Sony Pictures Entertainment is a “serious national security matter,” White House press secretary Josh Earnest said Thursday, as officials said the Obama administration is preparing to announce who it believes is behind the devastating hack.
Earnest said that the White House is weighing options for a “proportional” response to the attack whose ramifications President Obama is monitoring “very closely himself.”
Public attribution of the attack could come as early as this week, one national security official said. U.S. intelligence officials have concluded that the government of Kim Jong Un is behind the attack. North Korea has publicly denied involvement.
“There is evidence to indicate that we have seen destructive activity with malicious intent that was initiated by a sophisticated actor,” Earnest said, characterizing the hack discovered last month that resulted in the theft of massive troves of executives’ e-mails and sensitive internal documents, and the deletion of data on hard drives. That activity, he said, “merits an appropriate response.”
The attack came in apparent retaliation for Sony's planned Christmas Day release of a comedy built around the assassination of the North Korean leader.
Earnest’s remarks indicate the White House has elevated a case of hacking a Hollywood movie studio to a government-to-government level, signalling to the North Koreans that there probably will be a U.S. response of some sort.
On Wednesday, bowing to threats of violence this week from the hackers against theaters that ran “The Interview,” Sony canceled the movie’s release. It was, analysts said, a stunning capitulation to the hackers’ demands and sets a worrying new precedent for cyberterrorism that could encourage more attacks.
The hack also throws into relief North Korea’s burgeoning cyberwarfare capabilities and its increased willingness to use a tool that can be wielded to disproportionate effect against countries with much larger and more powerful militaries and economies.
The administration has made clear for several years that it has a range of diplomatic, economic, legal and military options at its disposal in response to cyberattacks.
It is unlikely, however, that officials will announce the responses it is considering or the one it chooses. “There’s a lot of options,” the official said. “They likely won’t be discussed publicly anytime soon.”
Intelligence officials “know very specifically who the attackers are,” said one individual familiar with the investigation, who spoke on condition of anonymity because the case is ongoing. They are North Korean government personnel, the individual said. The hackers were able to root around for three weeks in Sony’s network before being detected, the source said.
Some analysts say that although North Korea poses a challenge because it is not tied into the global economy, lacks trade or diplomatic relations with the United States and is under international sanctions for its nuclear program, it is important for the United States to respond. Steps might include indicting the individuals it believes conducted the hack, asking like-minded states to join in condemning the action, and if North Korea persists, undertaking a covert action to dismantle the computer systems used in the operation.
The attack marks the first known intrusion by North Korea into private U.S. computer networks and was improbably effective: Not only were the hackers able to penetrate Sony’s system and expose embarrassing internal emails, but they cowed one of Hollywood’s biggest entertainment firms into pulling a movie — while official Washington struggles to figure out an appropriate response.
“This is a master stroke,” said Ken Gause, director of international affairs at CNA Corp., a federally funded think tank. “North Korea has always been very good at brinksmanship and provocation. We underestimate their guile and their ability to conduct a strategy like this.”
The reclusive government apparently has been able to pull off something no other nation’s military has been able to, said Dmitri Alperovitch, cofounder of CrowdStrike, a cybersecurity firm. “Despite all the cyber actions from Russia, China, Iran and everyone else, this is the first time a country has forced a target — through a cyber attack — to change its behavior against its will.”
North Korea had a fledgling computer attack capability in the late 1980s, but it did not begin to develop until the late 1990s, when Kim Jong Il’s oldest son, Kim Jong Nam, was given the responsibility of developing a computer center in Pyongyang. Cyber was seen as a way to help close the gap in military capability with countries such as the United States and its ally South Korea.
The country’s major strategic cyberwarfare organization is called Unit 121, located within the Reconnaissance General Bureau, analysts said.
North Korea has nearly doubled its number of elite hackers over the past two years and has set up bases in outside countries, mainly China, in an effort to boost its capacity to conduct cyberattacks, South Korea’s Yonhap News Agency reported recently, citing military sources.
“North Korea appears to have some 5,900 personnel for cyberwarfare, up from around 3,000 two years ago,” the agency quoted the source as saying. Unit 121 is home to some 1,200 professional hackers, the source said.
The hackers have different roles. Some work on developing strategic attacks and some focus on hacking into government or national security targets while others target civilian systems, such as companies, analysts said.
Unit 121 may have been behind a series of similarly disruptive attacks on South Korean banks in 2011, sabotaging computer systems by wiping data off hard drives that needed to be replaced.
Hackers also work for the Korean Workers Party and the Korean Peoples Army, analysts said. Another unit, Lab 110, was identified as the group of hackers behind denial-of-service attacks against South Korea and the United States in 2009.
Anna Fifield in Tokyo contributed to this report.