The U.S. government was not responsible for crippling North Korea’s internet infrastructure after President Barack Obama blamed the country for hacking Sony Pictures Entertainment Inc., two senior U.S. officials told The Associated Press, as Congress announced Friday it will examine North Korea’s cyberthreats starting this week.
In a new interview, Sony Entertainment CEO Michael Lynton compared the sensational hacking against Sony Pictures to burning down the company. He revealed that the studio’s network was still down more than six weeks later and was expected to remain that way for weeks longer.
“They came in the house, stole everything, then burned down the house,” Lynton told the AP. “They destroyed servers, computers, wiped them clean of all the data and took all the data.”
The Obama administration has steadfastly blamed North Korea for hacking Sony but has been deliberately coy about whether it retaliated and caused North Korea’s outage, which affected all the nation’s internet connections starting the weekend of Dec. 20. The two officials, speaking on condition of anonymity because they were not authorized to openly discuss the issue, acknowledged to the AP that it was not a U.S. operation.
In a twist, North Korea has denied it hacked Sony but publicly blamed the U.S. government for causing its internet outages.
It was not immediately clear even within the administration whether rogue hackers or other governments disrupted North Korea’s networks. North Korea’s service was sporadic starting Saturday, Dec. 20, then collapsed entirely for nearly 10 hours two days later, in what has remained an enduring whodunit.
Within the U.S. government, contingents have debated privately whether to acknowledge that the U.S. played no role in North Korea’s disruptions or remain silent to avoid detailed conversations about U.S. capabilities and policy on offensive cyber operations, which are considered highly classified.
The disclosure denying U.S. involvement was intended to convey how seriously the administration considers offensive cyberattacks, intended to be used only in the most serious cases and consistent with the State Department’s admonitions for foreign governments to always preserve access to the internet for all citizens, one of the officials said.
Lynton, the studio’s chief executive, told the AP that he never knew whether the U.S. government electronically attacked North Korea as retaliation for the break-in at his company. In a wide-ranging interview, Lynton described the scramble inside Sony in the days after Thanksgiving. Hackers calling themselves Guardians of Peace left a grim message on computers and damaged hard-drives, as sensitive company files leaked onto the internet.
“We are the canary in the coal mine, that’s for sure,” Lynton said. “There’s no playbook for this, so you are in essence trying to look at the situation as it unfolds and make decisions.”
The new Republican-majority Congress said it will convene a hearing Tuesday about North Korea’s cyberthreats with testimony from senior officials at the Departments of State, Treasury and Homeland Security. The chairman of the House Foreign Affairs Committee, Rep. Ed Royce, R-Calif., said the hearing will examine the Obama administration’s efforts to curtail North Korean hacking.
The U.S. government hinted earlier this year, on Jan. 2, that it wasn’t involved in the North Korea outages, but its intended message was too understated to be recognized as an outright denial. When the White House announced new economic sanctions against North Korea for what it called a “destructive and coercive cyberattack” against Sony, Obama spokesman Josh Earnest described the sanctions as “the first aspect of our response.” In other words, the government was saying its initial response was coming 11 days after the mysterious attacks crippled North Korea’s networks.
As late as Thursday, Obama’s homeland security adviser, Lisa Monaco, declined to say whether the U.S. was behind the North Korea outages. At a cybersecurity conference in New York, Monaco would not answer a question from the U.S. attorney for the Southern District of New York, Preet Bharara, whether the administration was responsible, and agreed it could be helpful to be ambiguous about the consequences of hacking American targets.
“I’m not going to comment, and I never would, on operational capabilities,” she said.
At the time of the North Korea outages, the White House and State Department declined to say whether the U.S. was responsible. North Korea’s four principal connections to the internet began having serious problems just hours after Obama blamed North Korea for hacking into Sony and promised to retaliate. The hacking disclosed confidential company emails and business files and included threats of terror attacks.