As the rhetoric surrounding the attack on Sony ratcheted up from “hack” to “cyber-terrorism” to “an act of war” – with the last description following FBI allegations of North Korean involvement – pressure built on the White House to formulate some sort of response.
Speaking to reporters on Friday, President Obama didn’t offer much by way of specifics.
“We just confirmed that it was North Korea,” he said, stressing the timely nature of the discovery. “We have been working up a range of options. They will be presented to me. I’ll make a decision based on what I feel is proportional to the nature of this crime,” he added.
Although he declined to specify what a “proportional response” is, leaked top-secret documents provide some insight.
According to information provided to journalists by former NSA contractor Edward Snowden, this online conflict with North Korea started long before Seth Rogen and James Franco began filming a movie about killing the Hermit Kingdom’s reclusive dictator.
In 2011, US intelligence agencies launched more than 230 cyber attacks around the world, according to the Washington Post, which obtained a classified intelligence budget from the whistleblower. One specific program, code-named GENIE, involved “computer specialists” breaking into foreign networks to secretly put them under “US control.”
“Budget documents say the $652 million project has placed ‘covert implants,’ sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions,” the Post reported.
Former officials told the newspaper that North Korea was among the nations targeted by US government hackers.
Other government initiatives disclosed by Snowden show that retaliation to a North Korean attack might already be planned, or that the attack itself could be the latest battle in an ongoing war.
In June 2013, the Guardian exposed a 2012 top-secret presidential directive to identify international targets for offensive cyber attacks.
The order tasked the Pentagon, the Director of National Intelligence and the CIA with formulating a plan “that identifies potential systems, processes and infrastructure against which the United States should establish and maintain [offensive cyber attack] capabilities.”
It also set out the circumstances for considerations laying out the parameters for such operations, with some guidelines touting the benefits of first-strike capabilities.
Deployment of the tactics, according to the directive, can “offer unique and unconventional capabilities to advance US national objective around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.”
The 2012 directive also offered insight into counter-attacks. It described how the government might respond to “malicious cyber activity,” when network defenses fail and law enforcement measures are insufficient–particularly relevant to the ongoing Sony saga.
Under those circumstances, the directive doesn’t mention proportionality, but instead opts for mitigation and caution.
“Departments and agencies shall conduct these responses in a manner not reasonably likely to result in significant consequences and use the minimum action required to mitigate the activity,” it says.
The directive also calls for specificity. It orders the US government to “make all reasonable efforts…to identify the adversary and the ownership and geographic location of the targets and related infrastructure where [operations] will be conducted.”
The FBI on Friday issued a press release publicly doing that in the case of the Sony hack by implicating Pyongyang. They claimed that a “technical analysis” of the malware used “links to other malware that the FBI knows North Korean actors previously developed.” The agency also claimed, in a bullet-point, that there was “significant overlap” in infrastructure used in the Sony attack and other attacks “linked to North Korea,” particularly recent attacks against South Korean businesses.
There has been some significant doubt about the claim, however. Before the FBI’s assertions, Wired laid out evidence as to why North Korea is unlikely to be behind the attack.
“Nation-state attacks aren’t generally as noisy, or announce themselves with an image of a blazing skeleton posted to infected computers, as occurred in the Sony hack,” cybercrime reporter Kim Zetter wrote.
She cited other indications it was not North Korea, most notably, that there was no mention of North Korea or The Interview in the hackers initial public statement or message to Sony. Nation-states, according to Zetter, generally don’t use a “catchy nom-de-hack like Guardians of Peace to identify themselves,” nor do they “chastise their victims for having poor security,” as these hackers have done.
A North Korean UN envoy denied the country’s involvement in the attack, too, according to Bloomberg News diplomatic correspondent Sangwon Yoon.
President Obama, however, is confident in the evidence he’s seen to promise a forceful response against North Korea “in a place and time that we choose.”
Whether or not that response departs from the ongoing cyber operations that the United States has been conducting in North Korea and beyond since at least 2011 is up to him.
