US Asks China to Help Rein In Korean Hackers – New York Times

By DAVID E. SANGER, NICOLE PERLROTH and ERIC SCHMITT
December 20, 2014

WASHINGTON — The Obama administration has sought China’s help in recent days in blocking North Korea’s ability to launch cyberattacks, the first steps toward the “proportional response” President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials.

“What we are looking for is a blocking action, something that would cripple their efforts to carry out attacks,” one official said.

So far, the Chinese have not responded. Their cooperation would be critical, since virtually all of North Korea’s telecommunications run through Chinese-operated networks.

It is unclear that China would choose to help, given tensions over computer security between Washington and Beijing since the Justice Department in May indicted five hackers working for the Chinese military on charges of stealing sensitive information from American companies.

Workers removing a banner for “The Interview” from a billboard in Hollywood after Sony canceled the movie’s release.

The secret approach to China comes as American officials, convening a half-dozen meetings in the White House Situation Room last week, including one of the top national security team on Thursday night, have been developing options to give to the president during his vacation in Hawaii. They include new economic sanctions, mirroring those recently placed on Russian oligarchs and officials close to President Vladimir V. Putin, which would cut off their access to cash — the one perk that allows the elite surrounding Kim Jong-un, the North Korean leader, to live lifestyles their starving countrymen can barely imagine.

The sessions also included discussions of “information operations” directed at the North Korean people, officials said, but similar efforts by South Korea to sway opinion in the North have often created a furious backlash.

As part of the administration effort to plan a response to the first major, state-sponsored destructive computer-network attacks on American soil, the president has asked the military’s Cyber Command, which is led by the same four-star admiral who directs the National Security Agency, to come up with a range of offensive options that could be directed at North Korea.

For now, the White House appears to have declined to consider what one Defense Department official termed “a demonstration strike” in cyberspace, which could have included targets such as North Korean military facilities, computer network servers and communications networks.

One obvious potential target is Yongbyon, the center of North Korea’s nuclear program, where the state has invested huge sums to produce plutonium and uranium fuel for its small arsenal of nuclear weapons. Because of its geographic and technological isolation, Yongbyon is considered a far harder target to attack than were Iran’s nuclear facilities, the subject of an American cyberoperation code-named Olympic Games.

The administration’s restraint grows out of a concern over the risk of escalation with North Korea, since the United States has far more vulnerable targets, from its power grid to its financial markets, than North Korea.

“There are a lot of constraints on us, because we live in a giant glass house,” said one official involved in the high-level debates. The official said the challenge was to find a mix of actions that “the North Koreans will notice” but that will not be so public that Mr. Kim’s government loses face and feels compelled to respond.

Several administration officials said the White House woke up late to the growing confrontation with North Korea, with senior officials not realizing at first the scope and long-term implications of the attacks on Sony for its plans for a Christmas Day release of “The Interview,” a crude comedy built around a far-fetched C.I.A. plot to have two bumbling journalists assassinate the young North Korean leader. But by last week, the combination of the destructive attack on Sony’s computers and the threat of attacks on moviegoers at any theater that showed the film sent the administration scrambling for a response.

In interviews over the past two days, officials said the president’s decision was to have the United States directly accuse the North Korean government — a public naming of the perpetrators that went beyond previous American criticism. Then the president, in his year-end news conference, cast Mr. Kim as an insecure leader so weak that he could be provoked by an outlandish satire, even while Mr. Obama castigated Sony Pictures for giving in to intimidation by withdrawing the film.

The attacks on Sony appear to have been routed through China and then conducted through servers in Singapore, Thailand and Bolivia. Each of the countries, officials said, had been contacted in an effort to cut off access for the hackers.

But the key is China. United States officials said that American efforts to block North Korea’s access to the Internet, which is available only to the military and the elite, would necessarily impinge on Chinese sovereignty. But they also saw in the confrontation a chance to work with the Chinese on a subject the two countries have been warily discussing for several years: Establishing “rules of the road” for acceptable behavior in cyberspace.

By some accounts, what the administration is trying to create is a computer equivalent to the Proliferation Security Initiative, an effort begun in the Bush administration, also aimed squarely at North Korea, to stop the shipment of nuclear materials and other weaponry. But in cyberspace that is a far harder task, since it is easier for the North Koreans to reroute computer code at lightning speed than to reroute a cargo ship carrying missiles.

Any financial sanctions also are tricky. The North is under perhaps the heaviest sanctions on earth. Yet the one sanction in the past decade that caused the most pain to the North Korean leadership was the freezing of its accounts at a small bank in Macau, which held the money the North Korean leadership uses to buy luxury goods — and serves as an escape route if officials need to leave the country.

Even if Mr. Obama was ready to respond with a cyberattack, it would not be instantaneous.

“One of the things people often overlook is the complexity and time it takes to launch an attack,” said Oren Falkowitz, a former analyst at the National Security Agency who now runs Area 1, a security company based in Menlo Park, Calif. “Most attacks take hundreds of days, if not years, to plan. People often want to move quickly, but they forget a lot of legwork must be done.”

In the past, other countries have resorted to basic distributed denial-of-service attacks, in which hackers flood a target’s systems with Internet traffic until they collapse under the load. But unlike systems in the United States, very little of North Korea’s network infrastructure is connected to the global Internet. The result, Mr. Falkowitz says, is that a similar denial-of-service attack on the North would amount to “ankle biting.”

Tom Kellermann, a former member of the presidential commission on cybersecurity, said one option was what security experts refer to as a “hack back,” in which they use the attackers’ own computer footprints and back doors to deploy an attack that destroys North Korea’s attack infrastructure, or compromises the integrity of the machines that did the hacking. For example, the United States could deploy a malicious payload that encrypts the data on North Korea’s machines, or renders them unable to reboot — clearly “proportional,” in the president’s words, because that was what happened to Sony’s computers.

But attack tools can be swapped out, and by destroying attackers’ systems, the United States would lose its ability to monitor them for future attacks.

Mr. Kellermann predicted a campaign of information warfare, in which the United States plays on North Korea’s worst fears by using its access to the North Korean domestic computer and radio systems to deploy propaganda inside North Korea’s closed media bubble.

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Want something else to read? How about ‘Grievous Censorship’ By The Guardian: Israel, Gaza And The Termination Of Nafeez Ahmed’s Blog

Bookmark the permalink.