Sanctions a warning to nations backing cyberattacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://hamptonroads.com/2015/01/us-sanctions-seen-warning-nations-backing-cyberattacks

New U.S. sanctions against North Korea over the hacking of Sony Corp. will
probably have a limited impact on the isolated Asian nation, but may serve
as a warning to other countries suspected of sponsoring cyberattacks.

After President Barack Obama announced measures against 10 North Korean
officials and three government entities Friday, the administration said
further punishment is coming. Even so, the moves to block U.S. bank access
and business dealings with targeted people and entities will be minimized
by the fact that impoverished North Korea already is subject to U.S.
penalties for its pursuit of nuclear arms and is largely isolated from the
rest of the world.

"Sanctions do little against North Korea and really do not put sufficient
pressure on the regime or Kim Jong Un personally," said David Maxwell, a
retired colonel in the U.S. Army special forces and a specialist on North
Korea, referring to the country's leader. "Sanctions, while important in
sending an international message, are just not strong enough to influence
regime behavior."

For the United States, the Sony attack was different because it wasn't
simply an attempt to disrupt traffic, spy or steal information, but to
destroy data on a foreign network, said an administration official involved
in the deliberations about how to respond.

The latest penalties are intended as a signal to nations engaged in
offensive cyber-activities that the attack on Sony crossed a line,
according to the official, who asked for anonymity to discuss internal
administration debates.

Some cybersecurity specialists have questioned whether North Korea was
behind the November attack. White House press secretary Josh Earnest, in a
statement accompanying the sanctions announcement, reiterated that the
administration blames the North Koreans.

"We take seriously North Korea's attack that aimed to create destructive
financial effects on a U.S. company and to threaten artists and other
individuals with the goal of restricting their right to free expression,"
Earnest said in the statement.

An administration official said on a conference call with reporters that
none of the agencies or individuals listed, however, are believed to have
been directly involved in the hacking. The official asked not to be named.

Joseph DeTrani, a former top U.S. intelligence specialist on North Korea,
in a phone interview said the sanctions target the key players in North
Korea's government and its major agencies.

He said the country has the technical capacity to carry out the attack on
Sony's computer network, and called evidence laid out by the Federal Bureau
of Investigation last month "pretty compelling."

The United States contends that the attack, which exposed confidential
industry information and forced Sony to take its computer network offline,
was retaliation for the planned release of the company's "The Interview," a
satirical movie that involves a fictional plot to assassinate Kim Jong Un.

A group that claimed credit for the attack also threatened movie fans with
violence if they went to see the film. Sony initially said it wasn't going
to distribute the film, a decision Obama on Dec. 19 said was a mistake. The
company has since sent the film to several hundred independent theaters and
released it through Internet video services.

While numerous American banks, retailers and other companies have been hit
by foreign hackers, the sanctions are the first the United States has
imposed on a foreign country in response to a cyberattack on a U.S.
company, another administration official said on the call.

Jonathan Pollack, an Asia specialist at the Brookings Institution, a
Washington-based policy research center, said because 90 percent of North
Korea's economic and financial transactions are made with China, the U.S.
reach is limited.

The sanctions show, though, the United States won't stand still if its
companies are the victims of cyberattacks, Pollack said.

"Part of it is a name-and-shame aspect," Pollack said in a phone interview.

The United States already blocks transactions involving people and entities
that help North Korea sell and buy arms, procure luxury goods or engage in
money laundering or drug trafficking. Administration officials said in the
conference call that they hoped other nations would join the U.S. effort.

Bruce Klingner, senior research fellow on Northeast Asia at the Heritage
Foundation in Washington, said in an interview that sanctions could have a
greater impact than some people think.

Despite the common perception that North Korea is the most isolated country
in the world, Syria, Myanmar and Zimbabwe are more heavily sanctioned by
the United States, he said.

The steps announced Friday will make it more difficult for the targeted
North Korean agencies and individuals from operating in the global
financial system, he said.

"The most reclusive regime or terrorist group has to have its money
cross-borders at some time," Klingner, the Central Intelligence Agency's
former deputy division chief for Korea, said in a phone interview.

The transfers can be made either impractically through suitcases or, more
probably, through digital means. Most of the electronic transactions go
through U.S. banks because they're nearly always denominated in American
dollars, he said.

The sanctions "could make it much more difficult to move money," he said.

North Korea had warned the United States against punishing it for the
cyberattack, saying it would lead to damage "a thousand times greater."

The sanctions would probably lead to more "trash talk," Pollack of the
Brookings Institution said.

DeTrani, now president of the Intelligence and National Security Alliance,
a nonprofit group that includes government and business leaders, said he
doubted the sanctions would draw any significant response from Kim Jong Un.

"I don't think he wants to go down that road," he said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!