Calling out North Korea, China on hacks part of evolving US policy
NEW YORK — The U.S. government is increasingly committed to publicly calling out foreign governments when there is evidence that they are responsible for cyberattacks, a senior Justice Department official said Thursday.
After U.S. officials determined that North Korea was behind a massive intrusion at Sony Pictures Entertainment Inc., publicly announcing it was made part of the U.S. response, said Assistant Attorney General John Carlin, head of the Justice Department's National Security Division.
"We know you did it, and we're going to say you did it," Carlin said of the government's approach.
That decision, along with last year's indictment of five Chinese military officials on charges of vast corporate espionage, is part of a growing determination by the U.S. government to publicly name foreign culprits behind digital attacks, Carlin said.
Law enforcement is generally loath to point fingers at suspects before an arrest is made, and standard policy has long been to keep investigative details closely held. But the U.S. government increasingly sees value in speaking out publicly when there's evidence a foreign government was responsible, according to Carlin and other officials.
Carlin appeared at a cybersecurity conference at Fordham University in New York, where he and other Obama administration officials reaffirmed their conclusion that North Korea was responsible for the Sony hack in the face of continued skepticism from some independent experts. Some have suggested that the intrusion could have been the work of a disgruntled employee or hackers unrelated to the North Korean government, but FBI officials have said there's no credible evidence of an inside job or that anyone other than the isolated county was responsible.
Lisa Monaco, President Barack Obama's homeland security adviser, said during a panel discussion earlier in the day that those who were challenging the government's findings did not have access to all of the evidence the government is seeing. FBI Director James Comey made a similar point during an appearance Wednesday at the same conference, where he revealed new details by saying that hackers mistakenly sent messages directly that could be traced to IP addresses used exclusively by North Korea.
"If you're going to be making statements about the activities of a nation-state having crossed a threshold into very destructive and coercive action, a.) you'd better be right, and b.) you want to be able to do so with ... people having confidence in your judgment," Monaco said, later adding that the decision to deliver a public announcement was not made lightly.
Assistant FBI Director Joseph Demarest, the head of the FBI's cyber division, said it was hard to look through all the Sony evidence and reach a different conclusion. He said the FBI had studied North Korea for a long time and was familiar with how criminals there operate.
"Overwhelmingly, it came out as North Korea or a proxy put up by North Korea," he said.