The Obama administration imposed sanctions Friday on three entities and 10 individuals tied to the North Korean government in what it called the first step in a proportional response to the devastating cyberattack on Sony Pictures Entertainment.
In a lengthy call with reporters, several senior administration officials said the entities and people sanctioned under Friday’s executive order by President Barack Obama weren’t directly involved with the Sony data breach.
But they confirmed that the sanctions, designed to isolate North Korea from the global financial system, are the first issued in direct response to a cyberattack on a U.S. corporation, and they said North Korea was to blame.
The executive order signed by Obama cites, among other things such as North Korea’s nuclear program and human-rights abuses, that nation’s “destructive, coercive cyber-related actions during November and December 2014.”
The administration alleges that North Korea or people acting on its behalf hacked into Sony’s emails and private data to avenge the planned Christmas Day release of “ The Interview,” a movie comedy about a plot to kill North Korean dictator Kim Jong Un.
Sony initially canceled the film’s release after major theater chains balked at showing it following threats to theatergoers, a step Obama criticized at a news conference before starting his holiday vacation in Hawaii two weeks ago. Sony then allowed a smaller number of theaters to show the film and released it widely on the Internet and through on-demand services.
The Obama administration’s assertion of a North Korean connection to the Sony hack remains controversial in some quarters, with some cybersecurity experts saying there’s compelling evidence that the break-in was the work of a disgruntled former Sony employee. An official of Norse Corp., a San Mateo, Calif., cybersecurity firm, told the Los Angeles Times this week that it believed the hack was an inside job.
Another security expert, Marc Rogers, summed up the sentiment with a widely circulated Dec. 21 blog post in which he concluded that “we don’t have any solid evidence that implicates North Korea, while at the same time we don’t have enough evidence to rule North Korea out.”
On Friday, Jeffrey Carr, the chief executive officer of Seattle-based Taia Global, a cybersecurity consultancy, said in an email that the Obama administration’s evidence was “very flimsy.”
“I’m sure that the White House also believes that it’s flimsy based upon the wording of the executive order. It specified sanctions for human rights abuses and threw in the Sony attack almost as an afterthought,” Carr said. “This sets a terrible precedent and will open the door to much worse attacks than Sony in the future, because the FBI and the White House didn’t wait to discover who was actually responsible.”
Administration officials remained adamant that the North Korean government was responsible, and they called the sanctions the “first step in our proportional response.”
That’s a curious distinction, because the administration was vague when it was asked last week whether it was behind an Internet outage in North Korea that knocked websites offline. The administration’s language Friday implied that the outage was not the first step in a proportional U.S. response.
On Friday, officials neither confirmed nor denied U.S. involvement, adding that there were a number of possible explanations for the outage, including that the North Korean government itself knocked out its Internet capabilities.
The new sanctions came a day after a New Year’s Day speech by Kim Jong Un in which he appeared to offer direct talks about unification with South Korea, peppered with blistering hostile rhetoric aimed at the United States. South Korea quickly proposed preparatory talks to explore a summit.
“One way to interpret this is that the North Koreans have finally gotten the message that the road to Washington runs through Seoul,” said Marcus Noland, one of the nation’s foremost experts on North Korea and executive vice president of the Peterson Institute for International Economics.
The three entities sanctioned Friday were already under other sanctions tied to rights abuses and North Korea’s successful nuclear weapons program. They are the spy agency known as the Reconnaissance General Bureau, the state procurement company Korea Tangun Trading Corp. and the Korea Mining Development Trading Corp., known by its acronym Komid.
While these agencies are already treated as international pariahs, the senior administration officials, who briefed only on the condition of anonymity under rules imposed by the White House, said the new executive order made it easier in the future to go after government entities, representatives or members of the ruling Workers’ Party of Korea.
“What this does is really expand the aperture of our authorities” to sanction, one administration official said.
Eight of the 10 individuals sanctioned were Komid representatives: one in Russia, two in southern Africa, two in Iran, two in Syria and one who serves as an external affairs officer for Pyongyang. The Treasury Department, implementing the executive order, also targeted a North Korean government official and sanctioned Kim Kwang Chun, a regime official and representative of the trading company in the Chinese city of Shenyang, near the North Korean border.
“In some sense, this is a game of whack-a-mole,” said Noland, the North Korea expert. “We go after the North Korean individuals and entities, the North Koreans respond by expanding” the number of front companies.
There’s also a practical reason for making it easier to sanction North Korean companies and representatives, he said. Since taking power in late 2011, Kim Jong Un has moved aggressively to replace his late father’s loyalists at the tops of state agencies with his own confidants.
“He does just seem to go through people quickly. He’s been through four defense ministers,” said Noland, adding that all the rotation means “the U.S. would have to add names to keep current.”
Even with the new sanctions, the administration has yet to identify any individuals tied to the Sony hack. That’s helped fuel speculation about other potential sources of the cyberattack.