The suspected North Korea computer attack on Sony Pictures Entertainment is a “serious national security matter,” White House press secretary Josh Earnest said Thursday, as officials said the Obama administration is preparing to announce who it believes is behind the devastating hack.
Earnest said that the White House is weighing options for a “proportional” response to the attack whose ramifications President Obama is monitoring “very closely himself.”
Public attribution of the attack could come as early as this week, one national security official said. U.S. intelligence officials have concluded that the government of Kim Jong Un is behind the attack. North Korea has publicly denied involvement.
Earnest’s remarks indicate the White House has elevated a case of hacking a Hollywood movie studio to a government-to-government level, signalling to the North Koreans that there likely will be a U.S. response of some sort.
On Wednesday, bowing to threats of violence this week from the hackers against theaters that ran “The Interview,” Sony canceled the movie’s release. It was, analysts said, a stunning capitulation to the hackers’ demands and sets a worrying new precedent for cyberterrorism that could encourage more attacks.
The hack also throws into relief North Korea’s burgeoning cyberwarfare capabilities and its increased willingness to use a tool that can be wielded to disproportionate effect against countries with much larger and more powerful militaries and economies.
The administration has made clear for several years that in response to cyberattacks, it has a range of diplomatic, economic, legal and military options at its disposal.
It is unlikely, however, that officials will announce the responses it is considering or the one it chooses. “There’s a lot of options,” the official said. “They likely won’t be discussed publicly anytime soon.”
Some analysts say that although North Korea poses a challenge because it is not tied into the global economy, lacks trade or diplomatic relations with the United States and is already under international sanctions for its nuclear program, it is important for the United States to respond. Steps might include indicting the individuals it believes conducted the hack, asking like-minded states to join in condemning the action, and if North Korea persists, undertaking a covert action to dismantle the computer systems used in the operation.
The attack marks the first known intrusion by North Korea into U.S. computer networks and was improbably effective: Not only were the hackers able to penetrate Sony’s system and root around for three weeks before being detected, but they cowed one of Hollywood’s biggest entertainment firms into pulling a movie — while official Washington struggles to figure out an appropriate response.
“This is a master stroke,” said Ken Gause, director of international affairs at CNA Corp., a federally funded think tank. “North Korea has always been very good at brinksmanship and provocation. We underestimate their guile and their ability to conduct a strategy like this.”
If it is the North Koreans, said Joseph Bermudez, chief analytics officer for AllSource Analysis, “they’ve just achieved something that they haven’t been able to achieve yet to date: the ability to affect U.S. society at such a grand level.”
North Korea had a fledgling computer attack capability in the late 1980s, but it did not begin to develop until the late 1990s, when Kim Jong Il’s oldest son, Kim Jong Nam was given the responsibility of developing a computer center in Pyongyang. Cyber was seen as a way to help close the gap in military capability with countries such as the United States and its ally, South Korea.
The country’s major strategic cyberwarfare organization is called Unit 121, located within the Reconnaissance General Bureau bureau, analysts said.
North Korea has nearly doubled its number of elite hackers over the past two years and has set up bases in outside countries, mainly China, in an effort to boost its capacity to conduct cyberattacks, South Korea’s Yonhap News Agency reported recently, citing military sources.
“North Korea appears to have some 5,900 personnel for cyberwarfare, up from around 3,000 two years ago,” the agency quoted the source as saying. Unit 121 is home to some 1,200 professional hackers, the source said.
The hackers have different roles. Some work on developing strategic attacks and some focus on hacking into government or national security targets while others target civilian systems, such as companies, analysts said.
Unit 121 may have been behind a series of similarly disruptive attacks on South Korean banks in 2011, sabotaging computer systems by wiping data off hard drives that needed to be replaced.
Hackers also work for the Korean Workers Party and the Korean Peoples Army, analysts said. Another unit, Lab 110, was identified as the group of hackers behind denial-of-service attacks against South Korea and the United States in 2009.