If President Obama is going to respond with “the utmost seriousness” to the crippling cyberattack on Sony, as he promised in a press conference Friday, then he should be looking to China, not North Korea.
“Our best response,” a former senior intelligence official told The Daily Beast, “would be to turn the screws on [the North Koreans’] patrons.”
The most important of those patrons are in Beijing. China is the Hermit Kingdom’s most important trade partner, and it also supplies much of the manpower and technology North Korea uses to conduct cyberattacks. That puts China in a unique position to clamp down on Kim Jong Un’s burgeoning hacker army, which has also launched assaults on South Korean media companies for criticizing his rule, as it apparently did in response the Sony satire The Interview.
“China still has more leverage over North Korea than any other country does, and I think it’s in China’s interest to try and keep North Korea under control, because the more provocatively North Korea acts, the more American military presence it draws in the region,” said Rep. Adam Schiff, who sits on the House Intelligence Committee and counts Hollywood as part of his district. “We ought to seek Chinese cooperation in a response to this North Korean act of aggression.”
China has plenty of levers to pull. Schiff told The Daily Beast that he was given a classified briefing about the Sony attack from the intelligence community Friday. There was no indication that China was complicit, Schiff said, and all signs point to the Sony hack as a “North Korean-driven operation.” But he pointed out the country has “limited Internet infrastructure. With an attack of this nature, oftentimes hackers will use facilities in other locations.”
Indeed, North Korea relied on China for the attack because its entire access to the Internet runs through that country. That means that China could choke North Korea off from cyberspace. Persuading China to block the north is a lot easier than the U.S. launching a retaliatory cyberstrike against the Sony attackers.
Experts said that it’s China, not the U.S., that will have more luck bringing Kim and his cyber ambitions to heel.
“The United States is hugely important economically to China and with the recent cut in growth forecasts for China we are in a much better position to pressure the Chinese government to control the activities of North Korea,” said Darren Hayes, a former investment banker who’s now a professor and the director of cybersecurity at Pace University’s Seidenberg School of Computer Science and Information Systems in New York. “China is probably our best hope.”
How would China rein in its ally? For starters, Beijing could order any hackers working for the North Koreans from facilities located inside China to stand down, noted Nicholas Hamisevicz, the director of research and academic affairs at the Korea Economic Institute of America. “Rather than an overt taking out of a facility inside North Korea, hopefully we can let the North Koreans and the Chinese know we take this seriously,” Hamisevicz said.
Experts say that the majority of North Korean hackers are actually working in China, either under the auspices of the government—which has its own first-rate cyberspying and -warfare units—or as freelancers. “China could probably stop this directly and immediately if they wanted,” Jason Healey, the director of the Cyber Statecraft Initiative at the Atlantic Council, wrote in an oped for The Christian Science Monitor.
But the Chinese have shown little interest, of late, in corralling its own hackers—let alone those from another country. Official talks between the U.S. and China on network-security issues broke down after the U.S. Department of Justice indicted members of the People’s Liberation Army on corporate espionage charges. (Leaked documents detailing America’s online spying operations against China didn’t exactly help matters, either.) And in informal talks, Chinese leaders have compared hackers on both sides to unruly children who can only barely be controlled.
That North Korea was behind the Sony attack seems beyond doubt—at least as far as the Obama administration is concerned. On Friday, the FBI publicly attributed the attack to Pyongyang, noting technicians had linked the malicious computer code used in the attack to others “that the FBI knows North Korean actors previously developed,” and through specific Internet addresses. The FBI also found “similarities to a cyberattack” North Korea is believed to have launched in March against South Korean media companies and banks.
But there are still unanswered questions and possible holes in the U.S. government’s case. The hackers didn’t demand that Sony stop the release of The Interview until after internal communications from the company had been leaked, suggesting that the North Korean revenge angle could have been devised after a hack launched by some other group for a different purpose. At one point, Sony employees received demands for a cash ransom, which doesn’t seem to fit the North Korean government’s motives. And forensic analysis of the attack also showed that the intruders likely knew the names of specific Sony servers, indicating the possible work or help of an insider, such as a current or former Sony employee.
Obama acknowledged that the hackers had caused significant damage and showed that much more needs to be done to beef up U.S. defenses. “We will respond proportionally, and we’ll respond in a place and time and manner that we choose,” he said Friday. “It’s not something that I will announce here today at a press conference.” What “proportional” means, Obama didn’t say, and several experts said it was highly unlikely that Obama would order a physical military retaliation.
But if Obama chose to launch a cyberattack of his own, he’d bring a lot more firepower. “Our capabilities in comparison to the North Korean cybercapabilities are much more significant,” said Jay Kaplan, the CEO of security firm Synack and a former senior analyst at the National Security Agency. The North Koreans’ successful attack against Sony aside, they country is “not traditionally known as one of the superpowers when it comes to cyberwarfare,” Kaplan said. “We could theoretically cause a lot of damage should we take that route.”
The North Korean hackers have proven to be a persistent adversary, if not the most skilled one. The former senior intelligence official said the hacking bore the hallmarks of a “campaign,” and not a one-off operation. “They’ve clearly come back at this a number of times” to steal information, he said, based on the enormous volume of information that was stolen and later disclosed.
The hackers also found a vulnerable target. “Ordinarily, you see punch-counterpunch-punch,” as the attacked party tries to fend off the intruder, the former official said. “This time, you’re seeing punch-punch-punch.” That speaks to what the former official described as Sony’s soft cybersecurity. “I don’t think Sony is very good. And against a weakly defended network, any offense will do.”
Given the potential for a cyber tit-for-tat to escalate, Obama has even more incentive to find a diplomatic solution. And so does China. Even though the country itself has been “guilty of cyberespionage and cybertheft,” Schiff said, should it have a falling out with North Korea, “China could be the victim tomorrow, so they have to be concerned about the dangerously erratic nature of its neighbor.”
Ultimately, the best revenge may already be off the table. Sony’s CEO said Friday that he wants to release the film—somewhere. But right now, he added, he doesn’t have distribution partners.
Schiff, the Hollywood congressman, said that the movie should be promptly released and widely broadcast.
“The thing [North Korean government] want[s] the most is the non-release of this film,” Schiff said. So I think we ought to respond by giving it the broadest dissemination possible, dubbed in Korean and made available to a worldwide audience.”
—with additional reporting by Noah Shachtman