In late December, just a few days after the U.S. government accused North Korea of being behind the hack on Sony Pictures Entertainment, North Korea’s sole connection to the Internet was disrupted for nine and a half hours.
At the time, there was speculation that the American government might be behind the action, especially as President Barack Obama had promised retaliation, but it was equally possible that a third-party group or technical problems were to blame. After all, it was far from the first time that North Korea’s Internet connection has gone down. More >
North Korea didn’t get a direct mention during President Obama’s State of the Union address on January 20, but Obama did take on the issue of computer hacking — something that has been put on the U.S. agenda since the November 2014 attack on Sony Pictures.
The U.S. government has blamed North Korea for the action and he mentioned nation-state attacks during the speech.
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama said. “We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism.”
He also reiterated plans to introduce legislation that would help the U.S. government better respond to cyberattacks.
“And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
Hackers have hit a Facebook page for North Korean airline Air Koryo replacing it with messages in support of Islamic State militants and against North Korean leader Kim Jong Un.
The page shot to fame earlier in the year when it began replying to user comments and questions about trips to North Korea. It claimed to be the airline’s official page, but appeared to be run by an Air Koryo agent in Russia.
The hack came a day after a similar attack on the Facebook and Twitter pages of U.S. Central Command. Hackers typically gain access to Facebook accounts by tricking users into giving away their passwords or by gaining access to their email accounts and then sending password reset messages.
Both Facebook and Twitter allows users to set a second, one-time use password to guard against such attacks.
The messages on the page included one that threatened North Korea and China:
And one that targeted Kim Jong Un:
There was also a message in support of ISIS and the so-called “cyber caliphate.”
Later in the day, Facebook blocked access:
The U.S. government has announced additional sanctions on North Korea as a result of the cyber-attack on Sony Pictures.
The sanctions are the first official U.S. response to the attack, for which the investigation continues but North Korea has already been named responsible by the Federal Bureau of Investigation.
In announcing the measures, President Obama said they were being imposed for “the provocative, destabilizing, and repressive actions and policies of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014, actions in violation of UNSCRs 1718, 1874, 2087, and 2094, and commission of serious human rights abuses.”
The sanctions take a swipe at one entity believed to be related to North Korea’s cyber capability: the Reconnaissance General Bureau (RGB), which is also known as Unit 586.
The RGB is a division of the Ministry of People’s Armed Forces that is believed to handle much of North Korea’s traditional and cyber espionage activities. Under it sit Office 91, reportedly the headquarters of North Korea’s cyber hacking force, and Unit 121, which is thought to contain most of the country’s hackers and has bases at home and overseas.
And the sanctions also take aim at North Korea’s conventional weapons of mass destruction program, targeting the Korea Mining Development Trading Corporation (KOMID) and Korea Tangun Trading Corporation. The sanctions announcement also names 10 individuals, eight of whom are related to KOMID, one who is related to the trading company and a final person, Yu Kwang Ho, who is only referred to as “an official of the North Korean government.”
The organizations have all been named in previous rounds of sanctions so the latest action by the U.S. government appears to be more symbolic than anything else.
“This step reflects the ongoing commitment of the United States to hold North Korea accountable for its destabilizing, destructive and repressive actions, particularly its efforts to undermine U.S. cyber-security and intimidate U.S. businesses and artists exercising their right of freedom of speech,” the White House said in a statement.
The State Department said Monday that it remains confident in the Federal Bureau of Investigation’s conclusion that North Korea was responsible for the cyber attack on Sony — despite a growing number of voices saying that might not be the case.
There has been some skepticism about North Korea’s involvement since the first reports earlier in December and that has increased in the last week.
- Linguistic analysis of the English suggests a Russian speaker, not a Korean
- The IP addresses used by the hackers were on compromised machines that could have been used by anyone.
- One of the latest reports suggests that a former Sony employee might have been involved, with a small group of others.
So on Monday at its regular news conference, the AP’s Matt Lee asked State Department spokesman Jeff Rathke about the reports.
Here’s the questioning, which begins at the 2:12 mark. A transcript is below.
QUESTION: Okay. You’re aware of reports that have surfaced over the last couple of days that suggest that North Korea might have actually had absolutely nothing to do with this and that, in fact, it was – it is more likely that it involved – that the hack involved disgruntled former Sony employees? Have you seen those reports?
MR. RATHKE: Well, we are aware that there have been some reports of that kind. However, as the FBI has made clear and the United States Government stands behind the FBI analysis, we are confident that North Korea is responsible for this destructive attack and we stand by that conclusion.
QUESTION: Are you aware of any time the U.S. Government has been – made such an allegation or accusation and has been wrong?
MR. RATHKE: I don’t have any specific examples to mind. Is there something you have in mind?
QUESTION: No. I’m just wondering how it is that you’re so sure of what they have come up with, what the FBI and the other investigators have come up with, when it seems that there are these reports suggesting a highly plausible alternate scenario that doesn’t involve an unpredictable and nuclear-armed country.
MR. RATHKE: Well, again, I’d refer you to the FBI for questions about the details of their analysis. They’ve released some of the —
QUESTION: Okay. So you’re —
MR. RATHKE: — some of their conclusions and – on which they’ve based their analysis. And I would also remind that the Government of North Korea has a long history of denying responsibility for destructive and provocative actions.
QUESTION: Right. But this building is comfortable with the – this building being the main building in Washington that deals with foreign governments is still —
MR. RATHKE: Sure.
QUESTION: — remains comfortable with the FBI’s accusation that the North Koreans were – the North Korean Government was behind this?
MR. RATHKE: Yes.
North Korea’s Internet connection with the world suffered outages on December 27 and December 28.
The latest instability on the connection began around 0400 UTC (1 p.m. local time in Pyongyang) on Sunday and continued for a couple of hours, according to monitoring by Dyn Research. The U.S.-based organization recorded several instances in which connections to the four sub-networks that make up the North Korean Internet were completely unavailable.
The outage followed a larger one on Saturday evening that appears to have begun at around 1040 UTC (7:40 p.m. local time in Pyongyang), said Dyn Research.
Saturday’s outage was the first major problem to hit the country’s Internet connection in three days and affected connectivity on both local Internet and 3G connections, said a Xinhua reporter in Pyongyang.
“At Pyongyang time 7:30 p.m. Saturday, DPRK’s Internet and 3G mobile network came to a standstill, and had not returned to normal at press time as of 9:30 p.m. Saturday, according to Xinhua reporters and Chinese facilities based in the country,” the news agency reported.
Here’s the December 27 outage:
The latest two outages are similar to others that hit the country on Tuesday.
Those were believed to be the result of a denial of service attack, which involves flooding computers with so many requests that they become unavailable and cannot handle legitimate traffic. Such attacks are different from hacking because they don’t involve breaking into websites or causing damage.
The U.S. denied involvement in the earlier attacks, which were later claimed by two Internet hacker groups.
Despite that denial, North Korean state media blamed the U.S. for the problems.
“The U.S. … started disturbing the internet operation of major media of the DPRK, not knowing shame like children playing a tag,” the National Defence Commission said in a statement carried on the Korean Central News Agency.
Here’s a look at North Korea’s Internet trouble since December 21:
North Korea has accused the U.S. of disrupting its Internet service and has renewed a call to participate in a joint investigation into claims that it hacked Sony Pictures Entertainment.
[UPDATE: English recording of Voice of Korea added below.]
The country’s websites were offline for more than nine hours on December 22 after an apparent denial of service attack.
In a statement carried by the state-run Korean Central News Agency on Saturday, the country’s National Defence Commission laid blame for the Internet problem at the feet of the U.S., saying the country “started disturbing the internet operation of major media of the DPRK.”
Earlier in the week, the U.S. State Department denied knowledge of the disruption. Network security companies have speculated the attack was probably the result of at least on hacker collective. Two such groups claimed responsibility.
In its latest statement, the NDC repeated its call for the U.S. Federal Bureau of Investigation to publish evidence that it hacked Sony Pictures, or accept its part in a joint investigation.
“If the U.S. is to persistently insist that the hacking attack was made by the DPRK, the U.S. should produce evidence without fail, though belatedly,” it said. “If the U.S. cannot open to public evidence due to ‘protection of sensitive information source’ as expressed by the FBI, the U.S. may conduct a joint investigation with the DPRK in camera.”
It also blamed U.S. President Obama for pressuring Sony Pictures into releasing “The Interview.” The movie, which follows two reporters on a plot to kill Kim Jong Un, was earlier canceled from release following the hacks. Sony released it online on December 24 and in independent movie theaters on December 25.
Here’s the statement as broadcast on Voice of Korea in English:
Here’s the full statement:
U.S. Can Never Justify Screening and Distribution of Reactionary Movie: Policy Department of NDC of DPRK
Pyongyang, December 27 (KCNA) — The spokesman for the Policy Department of the National Defence Commission (NDC) of the DPRK Saturday issued a statement denouncing the U.S. for screening even dishonest and reactionary movie hurting the dignity of the supreme leadership of the DPRK and agitating terrorism while groundlessly linking the unheard-of hacking at the Sony Pictures Entertainment to the DPRK.
The statement said that much scared at the hacking attack of justice made by the “guardians of peace”, the Sony Pictures Entertainment hastily suspended the screening of the above-said movie. But at the zealous prodding of the U.S. administration and wicked conservative forces, it again buckled down to distributing the movie, failing to guess a miserable fate to be faced by it in the future, it added:
U.S. President Obama is the chief culprit who forced the Sony Pictures Entertainment to “indiscriminately distribute” the movie and took the lead in appeasing and blackmailing cinema houses and theatres in the U.S. mainland to distribute the movie.
Obama always goes reckless in words and deeds like a monkey in a tropical forest. When the Sony Pictures Entertainment made public a statement that it would give up the distribution of the movie, frightened by the merciless retaliatory strike, Obama urged it to unconditionally screen the movie, claiming that the disgrace suffered by Sony Pictures Entertainment means sorrow of the U.S., why did it issue such a statement as holding a white flag without informing the president of it?, it is the violation of the freedom of expression and a threat to the security of the U.S. and it is necessary to make symmetric counteraction, considering the hacking attack was made by “north Korea”, though it is not clear who was behind it, the statement said, and went on:
Dancing to the tune of Obama’s outbursts, Kerry, McCain, Bolton and other wicked conservative politicians zealously prodded the Sony Pictures Entertainment into distributing the movie, blustering who else but “north Korea” caused property losses worth hundreds of millions of dollars to it.
If the U.S. is to persistently insist that the hacking attack was made by the DPRK, the U.S. should produce evidence without fail, though belatedly.
If the U.S. cannot open to public evidence due to “protection of sensitive information source” as expressed by the FBI, the U.S. may conduct a joint investigation with the DPRK in camera.
However, the U.S. is behaving recklessly, trumpeting about “symmetric counteraction”, “combination of invisible sanctions and visible sanctions” and “re-designation of sponsor of terrorism” while linking the hacking attack with the DPRK without clear evidence and sure ground.
In actuality, the U.S., a big country, started disturbing the internet operation of major media of the DPRK, not knowing shame like children playing a tag.
We had already warned the U.S. not act like beating air after being hit hard by others.
Of course, we do not expect the gangsters to pay heed to our warnings.
When the public is becoming increasingly vocal about the hacking attack on the DPRK media this time, the U.S. feigned ignorance, saying that they should ask “north Korea” and the U.S. neither admits nor denies.
The prevailing situation clearly shows that the U.S. is adding to its crimes by screening the movie “The Interview.”
With no rhetoric can the U.S. justify the screening and distribution of the movie.
This is because “The Interview” is an illegal, dishonest and reactionary movie quite contrary to the UN Charter, which regards respect for sovereignty, non-interference in internal affairs and protection of human rights as a legal keynote, and international laws.
It is also because it is a new politically-motivated provocation made by the U.S., pursuant to its hostile policy toward the DPRK as it is a movie for agitating terrorism produced with high-ranking politicians of the U.S. administration involved.
This is the reason why the world is branding “The Interview” as a typical product of the U.S. anachronistic act of challenging not only the dignity of the supreme leadership of the DPRK but also human justice and conscience and encroaching upon peace and security.
The anti-U.S. sacred war at present precisely means protecting justice and peace.
If the U.S. persists in American-style arrogant, high-handed and gangster-like arbitrary practices despite the repeated warnings of the DPRK, the U.S. should bear in mind that its failed political affairs will face inescapable deadly blows. -0-
What a difference a week makes. The Christmas Day release of “The Interview” is back on and Sony has already begun offering the movie online.
The movie, a comedy in which two TV reporters embark on a secret mission to kill Kim Jong Un, appeared on YouTube and Google Play on December 23 at 1pm ET. It costs $5.99 to rent for 48 hours and $15 to own.
Google said that it was first approached by Sony on December 17, on the same day that is announced it would be canceling the December 25 release.
“Last Wednesday Sony began contacting a number of companies, including Google, to ask if we’d be able to make their movie, ‘The Interview,’ available online. We’d had a similar thought and were eager to help — though given everything that’s happened, the security implications were very much at the front of our minds.,” said David Drummond, Google’s chief lawyer in a statement.
“Of course it was tempting to hope that something else would happen to ensure this movie saw the light of day. But after discussing all the issues, Sony and Google agreed that we could not sit on the sidelines and allow a handful of people to determine the limits of free speech in another country (however silly the content might be).”