This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2014/12/20/world/fbi-accuses-north-korean-government-in-cyberattack-on-sony-pictures.html

The article has changed 8 times. There is an RSS feed of changes available.

Version 4 Version 5
Obama Vows U.S. Response to North Korea Cyberattack on Sony Obama Vows a Response To Cyberattack on Sony
(about 7 hours later)
WASHINGTON — President Obama on Friday said that the United States “will respond proportionally” against North Korea for its cyberattacks on Sony Pictures, and criticized the studio for giving in to intimidation and pulling the satirical movie that provoked the attacks. WASHINGTON — President Obama said on Friday that the United States “will respond proportionally” against North Korea for its destructive cyberattacks on Sony Pictures, but he criticized the Hollywood studio for giving in to intimidation when it withdrew “The Interview,” the satirical movie that provoked the attacks, before it opened.
Mr. Obama said the response would come “at a place and time we choose,” but declined to be more specific about what it would be. He said that “we have been working out the range of options that will be presented to me.” Deliberately avoiding specific discussion of what kind of steps he was planning against the reclusive nuclear-armed state, Mr. Obama said that the response would come “in a place and time and manner that we choose.” Speaking at a White House news conference before leaving for Hawaii for a two-week vacation, he said American officials “have been working up a range of options” that he said have not yet been presented to him.
His threat came just hours after the F.B.I. said it had extensive evidence that the North Korean government organized the cyberattack that debilitated the Sony computers, marking the first time the United States has explicitly accused the leaders of a foreign nation of deliberately damaging American targets. A senior official said Mr. Obama would likely be briefed in Hawaii on those options. Mr. Obama’s threat came just hours after the F.B.I. said it had assembled extensive evidence that the North Korean government organized the cyberattack that debilitated the Sony computers.
Sony this week dropped its plans for the release of “The Interview,” a movie that depicts the assassination of the North Korean leader, Kim Jong-un, after threats were made against the theater companies that intended to show it. If he makes good on it, it would be the first time the United States has been known to retaliate for a destructive cyberattack on American soil or explicitly accused the leaders of a foreign nation of deliberately damaging American targets, rather than just stealing intellectual property. Until now, the most aggressive response was the largely symbolic indictment of members of a Chinese Army unit earlier this year for stealing intellectual property.
In criticizing Sony’s leadership for withdrawing the film, Mr. Obama argued that the precedent it set could be damaging and that the United States could not give in to intimidation. He said that it would encourage other countries to sabotage documentaries, “or news reports they don’t like.” The president’s determination to act was a remarkable turn in what first seemed a story about Hollywood backbiting and gossip as revealed by the release of emails from studio executives and other movie industry figures describing Angelina Jolie as a “spoiled brat” and making racially tinged lists of what they thought would be Mr. Obama’s favorite movies.
But it quickly escalated, and the combination of the destructive nature of the attacks — which wiped out Sony computers — and a new threat this week against theatergoers if the “The Interview,” whose plot revolves an attempt to assassinate the North Korean leader, Kim Jong-un, opened on Christmas Day turned it into a national security issue. “First it was a game-changer,” one official said. “Then it became a question of what happens if we don’t respond? And the president concluded that’s not an option.”
But as striking as his determination to make North Korea pay a price for its action was his critique of Sony Pictures for its decision to cancel “The Interview.” In criticizing Sony’s leadership for withdrawing the film, Mr. Obama argued that the precedent it set could be damaging — and that the United States could not give in to intimidation.
“I wish they had spoken to me first,” Mr. Obama said of Sony’s leadership. “I would have told them, ‘Do not get into a pattern in which you’re intimidated by these kinds of criminal attacks.’ ”
In a clear reference to Mr. Kim, he said, “We cannot have a society in which some dictator someplace can start imposing censorship here in the United States.” That would encourage others to do the same “when they see a documentary that they don’t like or news reports that they don’t like.”
The chief executive of Sony Pictures, Michael Lynton, immediately defended his decision and said Mr. Obama misunderstood the facts. He argued that when roughly 80 percent of the country’s theaters refused to book the film after the latest threat, “we had no alternative but to not proceed with the theatrical release,” Mr. Lynton told CNN. “We have not caved, we have not given in, we have not backed down.”
In a follow-up statement, Sony said that it “immediately began actively surveying alternatives” to theatrical distribution after theater owners balked. But so far no mainstream cable, satellite or online film distributor was willing to adopt the movie.
Mr. Obama did not pass up the opportunity to take a jab at the insecure North Korean government for worrying about a Hollywood comedy, even a crude one.Mr. Obama did not pass up the opportunity to take a jab at the insecure North Korean government for worrying about a Hollywood comedy, even a crude one.
“I think it says something about North Korea that it decided to mount an all-out attack about a satirical movie starring Seth Rogen,” he said, smiling briefly at the ridiculousness of an international confrontation being set off by a Hollywood creation. “I think it says something about North Korea that they decided to have the state mount an all-out assault on a movie studio because of a satirical movie starring Seth Rogen and James Franco,” he said, smiling briefly at the ridiculousness of an international confrontation set off by a Hollywood comedy.
In describing the United States’ evidence against North Korea, the F.B.I. said that there were significant “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks” to previous attacks by the North Koreans. It also said that there were classified elements of the evidence against the North that it could not reveal. The case against North Korea was described by the F.B.I. in somewhat generic terms. It said there were significant “similarities in specific lines of code, encryption algorithms, data deletion methods and compromised networks” to previous attacks conducted by the North Koreans.
“The F.B.I. also observed significant overlap between the infrastructure used in this attack and other malicious cyberactivity the U.S. government has previously linked directly to North Korea,” the bureau said. “For example, the F.B.I. discovered that several Internet protocol addresses associated with known North Korean infrastructure communicated with I.P. addresses that were hard-coded into the data deletion malware used in this attack.” “The F.B.I. also observed significant overlap between the infrastructure used in this attack and other malicious cyberactivity the U.S. government has previously linked directly to North Korea,” the bureau said. “For example, the F.B.I. discovered that several Internet protocol addresses associated with known North Korean infrastructure communicated with I.P. addresses that were hard-coded into the data deletion malware used in this attack.” An Internet protocol address is the closest thing to an identifier of where an attack emanated.
The F.B.I. said that some of the methods employed in the Sony attack were similar to ones that were used by the North Koreans against South Korean banks and news media outlets in 2013. Some of the methods employed in the Sony attack were similar to ones that were used by the North Koreans against South Korean banks and news media outlets in 2013. That was a destructive attack, as was an attack several years ago against Saudi Aramco, later attributed to Iran. While there were common cybertools to the Saudi attack as well, Mr. Obama told reporters on Friday he had seen no evidence that any other nation was involved.
“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there,” the F.B.I. said. The F.B.I.’s announcement was carefully coordinated with the White House and reflected the intensity of the investigation; just a week ago, a senior F.B.I. official said he could not say whether North Korea was responsible. Administration officials noted that the White House has now described the action against Sony as an “attack,” as opposed to mere theft of intellectual property, and that suggests that Mr. Obama is now looking for a government response, rather than a corporate one.
It added: “Though the F.B.I. has seen a wide variety and increasing number of cyberintrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior.” The F.B.I.’s statements “are based on intelligence sources and other conclusive evidence,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “Now the U.S. has to figure out the best way to respond and how much risk they want to take. It’s important that whatever they say publicly signals to anyone considering something similar that they will be handled much more roughly.”
The F.B.I.'s announcement was carefully coordinated with the White House and reflected the intensity of the investigation; just a week ago a senior F.B.I. official said he could not say whether North Korea was responsible. But it also puts new pressure on President Obama on how to respond. Administration officials note that the White House has now described the action against Sony as an “attack,” as opposed to mere theft of intellectual property, and that suggests that Mr. Obama is now looking for a government response, rather than a corporate one. While American officials were circumspect about how they had collected evidence, some has likely been developed from “implants” planted by the National Security Agency. North Korea has proved to be a particularly hard target because it has relatively low Internet connectivity to the rest of the world, and its best computer minds do not move out of the country often, where their machines and USB drives could be accessible targets.
The F.B.I.'s statements “are based on intelligence sources and other conclusive evidence,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “Now the U.S. has to figure out the best way to respond and how much risk they want to take. It’s important that whatever they say publicly signals to anyone considering something similar that they will be handled much more roughly. The North Koreans are crazy, and they have nuclear weapons, and the U.S. response needs to be sensitive. That is not true for others in the world.”
North Korea has been under extraordinary economic sanctions for decades, and it has done nothing to curb either its nuclear program or these cyberattacks. A military response seems unlikely — the White House said on Thursday that it was examining options for a “proportional response,” and that would seem to rule out conventional military options.
Some of the evidence has been developed from “implants” that the National Security Agency has placed in networks around the world. But North Korea has proved to be a particularly hard target, because it has relatively low Internet connectivity to the rest of the world, and its best computer minds do not move out of the country often, where their machines and USB drives could be accessible targets.
“Suffice it to say,” one senior intelligence official said this week, “that we almost never name a suspect country. So when we do, it’s got to be based on something fairly strong.”
Private security researchers who specialize in attributing attacks said that the government’s conclusions matched their own findings. George Kurtz, a founder of CrowdStrike, a California-based security firm, said that his company had been studying public samples of the Sony malware and had linked them to hackers inside North Korea — the firm internally refers to them as Silent Chollima — who have been conducting attacks since 2006.Private security researchers who specialize in attributing attacks said that the government’s conclusions matched their own findings. George Kurtz, a founder of CrowdStrike, a California-based security firm, said that his company had been studying public samples of the Sony malware and had linked them to hackers inside North Korea — the firm internally refers to them as Silent Chollima — who have been conducting attacks since 2006.
As the F.B.I. pointed out, the attacks at Sony share similarities with a similar series of destructive attacks last year on South Korean banks and broadcasters, and they used the same data-wiping tool that Iranian hackers used to destroy data on 30,000 computers at Saudi Aramco in 2012, according to forensics researchers.
In 2009, a similar campaign of coordinated cyberattacks over the Fourth of July holiday hit 27 American and South Korean websites, including those of South Korea’s presidential palace, called the Blue House, and its Defense Ministry, and sites belonging to the United States Treasury Department, the Secret Service and the Federal Trade Commission. North Korea was suspected, but a clear link was never established.In 2009, a similar campaign of coordinated cyberattacks over the Fourth of July holiday hit 27 American and South Korean websites, including those of South Korea’s presidential palace, called the Blue House, and its Defense Ministry, and sites belonging to the United States Treasury Department, the Secret Service and the Federal Trade Commission. North Korea was suspected, but a clear link was never established.
But those were all “distributed denial of service” attacks, in which attackers flood the sites with traffic until they fall offline. The Sony attack was far more sophisticated: It wiped data off Sony’s computer systems, rendering them inoperable.But those were all “distributed denial of service” attacks, in which attackers flood the sites with traffic until they fall offline. The Sony attack was far more sophisticated: It wiped data off Sony’s computer systems, rendering them inoperable.
“The cyberattack against Sony Pictures Entertainment was not just an attack against a company and its employees,” Jeh C. Johnson, the secretary of the Department of Homeland Security, said in a statement. “It was also an attack on our freedom of expression and way of life.”“The cyberattack against Sony Pictures Entertainment was not just an attack against a company and its employees,” Jeh C. Johnson, the secretary of the Department of Homeland Security, said in a statement. “It was also an attack on our freedom of expression and way of life.”
Mr. Johnson said the attacks underscored the importance of taking measures “to rapidly detect cyberintrusions and promote resilience throughout all of our networks.”
“Every C.E.O. should take this opportunity to assess their company’s cybersecurity,” he added.