Breach, Data Security

President imposes sanctions against North Korea for Sony attack

As promised, President Obama has issued a formal U.S. response regarding North Korea's alleged attack on Sony Pictures Entertainment – a measure that comes in the form of imposing additional sanctions against the country.

On Friday, the U.S. Department of the Treasury announced that Obama signed an executive order which placed “financial pressure on the government of North Korea, including its agencies, instrumentalities, and controlled entities," a release from the agency said.

Three North Korean entities – the Reconnaissance General Bureau (the country's primarily intelligence organization), Korea Mining Development Trading Corporation (KOMID), and Korea Tangun Trading Corporation – were designated as being targeted by the sanctions and, therefore, prohibited from receiving U.S. funds, goods, or services. Ten individuals, including North Korean government officials Kil Jong Hun and Kim Kwang Yon, were also denied “access to the U.S. financial system” as well as entry into the country while the sanctions remain in place, the Treasury Department said.

“This step reflects the ongoing commitment of the United States to hold North Korea accountable for its destabilizing, destructive, and repressive actions, particularly its efforts to undermine U.S. cyber-security and intimidate U.S. businesses and artists exercising their right of freedom of speech,” the release said.

President Obama's executive order, signed Friday, can be read in full here (PDF).

Last month, the FBI concluded that the North Korean government was behind the major cyber attack on Sony Pictures. At the time, the FBI didn't mention specific methods as to how the information was gathered, but it said that a technical analysis of the data-wiping malware used in the Sony hack, as well as the attack infrastructure, revealed connections to previous North Korean actors and malicious cyber activity linked to the country.

Despite assertions that North Korea fostered the hackers who targeted Sony in late 2014, a faction of security practitioners continue to debate whether the acts are linked solely, or in part, to the country.

In a Monday interview, Jonathan Sander, strategy and research officer for STEALTHbits Technologies, told SCMagazine.com that, given the nature of the wiper malware that struck Sony's systems, attribution is “extremely difficult,” and something that is “going to take time” to determine.

“In some cases, the malware was wiping entire servers and machines,” in addition to deleting logs and evidence of its own tracks, Sander explained. “If you wipe the machine, game over. You would have to bring that machine to some really advanced state of forensics [to recover certain data]," he said.

As an influx of information about the Sony hack has emerged online, questions regarding attribution have even materialized over a recent alert released by federal investigators.

Last week, for instance, the FBI issued a bulletin warning that the alleged Sony hackers, called the Guardians of Peace (GOP), were now threatening to target a news organization in the U.S.

Days later, however, it surfaced that the Pastebin “threats” that reportedly inspired the agency to put out the alert were actually part of a prank. On Friday, Fusion reported that the 30-year-old man in Tennessee who posted the spurious Pastebin message, David Garrett Jr., was told to make his way to an FBI office New Year's Day for questioning, even though investigators were by then privy to the fact that his message was a joke.

On New Year's Eve, Garrett took to his Twitter account to say that he had "nothing to do with that group," meaning [GOP], and that "You cannot rely on Pastebin as a source. It is all anonymous."

Garrett told Fusion that, to his knowledge, the FBI didn't appear to be taking legal action against him.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.