As the New York Times reports, the Obama administration doubled down on its recent allegation that the Democratic Peoples Republic of North Korea (DPRK) was behind the hacking of Sony Pictures, announcing sanctions on 10 senior North Korean officials and several organizations in response to the incident.
Paradoxically, the administration acknowledged that there is no evidence that the 10 officials took part in either ordering or planning the Sony attack. Instead, they described them as “central to a number of provocative actions against the United States,” the Times reported. Those ‘provocative actions’ were not described.
The actions mirror the Administration’s controversial decision, in May, to charge five Chinese military officers in May, 2014, for their connection to computer hacking and cyber espionage campaigns directed at U.S. firms in the nuclear power, metals and solar products industries.
In the case of the Chinese nationals, however, the FBI cited evidence linking the five military officers to a Chinese Military division, Unit 61398, that is alleged to be responsible for a number of campaigns against U.S. government and defense industrial base (DIB) targets.
In the Sony hack, no such connection is alleged. Instead, the charges were explained as a kind of face saving gesture
“It’s a first step,” one of the officials told The Times. “The administration felt that it had to do something to stay on point. This is certainly not the end for them.”
In a statement, the White House Press Secretary said that the President on Friday issued an Executive Order (E.O.) authorizing additional sanctions on the Democratic People’s Republic of Korea.
“This E.O. is a response to the Government of North Korea’s ongoing provocative, destabilizing, and repressive actions and policies, particularly its destructive and coercive cyber attack on Sony Pictures Entertainment,” the statement read.
The Executive Order authorizes the Secretary of the Treasury to impose sanctions on individuals and entities associated with the Government of North Korea.
“We take seriously North Korea’s attack that aimed to create destructive financial effects on a U.S. company and to threaten artists and other individuals with the goal of restricting their right to free expression,” the statement read. It continued to say that the sanctions are the “first aspect” of the “proportional response” that President Obama promised in his December 18 address that named the DPRK as the culprit in the hack of Sony Pictures Entertainment, which first came to light on November 24.
The New York Times reports that eight of the 10 individuals on the list work for the Korea Mining Development Trading Corporation, described as an “arms-dealing organization, with offices in North Korean embassies around the world.” Also named are the Reconnaissance General Bureau, the intelligence organization in North Korea that directs the country’s cyber operations and the Korea Tangun Trading Organization, which has links to the country’s missile development program. All of the organizations named are already subject to one or more U.S. and international sanction in connection with the DPRK’s controversial nuclear program or elicit arms trade.
[Read more Security Ledger coverage of the hack of Sony Pictures Entertainment.]
The statement – released on a Friday after the New Year’s holiday – appeared designed less to generate headlines than to reaffirm the Obama Administration’s commitment to its stated position on the destructive hack of Sony Pictures: that the incident was a nation-backed hack orchestrated by the DPRK.
As the Security Ledger has noted, that position is under fire from many quarters, notably: independent security researchers and information security companies, who have argued that the government’s evidence pointing to the DPRK is thin, at best. In the last week, the firm Norse Security presented research to the FBI that promotes an alternative explanation for the hack in which former Sony Pictures employees laid off in a reorganization earlier this year coordinated with operators with the cyber criminal underground to carry out the attack.
The FBI has dismissed that research, saying its position is based on classified or non-public information gleaned from U.S. intelligence, the Department of Homeland Security and others.
News stories in recent days appeared to muddy that picture. A report by Reuters quoted an unnamed U.S. official “close to the investigation” saying that North Korea may have “had help” with the Sony hack because it “lacked the sophistication” to do it alone.
In a statement, the FBI said that it “has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment” and that “there is no credible information to indicate that any other individual is responsible for this cyber incident.” The FBI is basing its conclusion on “intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector,” the statement read.