As President Barack Obama vows a proportionate response to North Korea’s alleged hack of Sony, experts see few measures that could effectively punish the isolated communist dictatorship.
The FBI concluded Friday that North Korea was behind the hack of Sony, and the White House is looking at different economic sanctions it could use against the regime, according to the Wall Street Journal.
Hawks in Congress have already called on the president to deploy available nonmilitary tools to punish North Korea.
The United States should “make it so hard on the North Koreans, they don’t want to do this in the future,” Sen. Lindsey Graham (R-S.C.) said on CBS’s “Face the Nation.” “Reimpose sanctions lifted by President Bush. Put them back on the state sponsor of terrorism list. Put China on notice that it’s just not a movie. It’s our way of life.”
President Bush took North Korea off the list of state sponsors of terrorism in 2008. Members of that list face financial sanctions and an arms embargo from the United States. However, some said that North Korea is already so isolated that putting it back on the list would have a negligible effect.
“The US already has an arms embargo against North Korea, provides little aid, and at present North Korea shows no interest in joining the [international financial institutions],” economist Marcus Noland wrote for the Peterson Institute. “This seems like a weak signal with little teeth beyond creating another issue to resolve down the road.”
- North Korea Experiencing Severe Internet Outages
- US Mulls Putting NKorea on Terrorism Sponsor List
- N. Korea Denies Hacking Sony, but Threatens US in Demand for Joint Probe
- Obama Vows Response to North Korea Hacking Sony
Trade sanctions, which the United States has deployed against Russia and Iran, are also seen as ineffectual because North Korea does very little trade except with China and South Korea, which together account for 95 percent of its imports.
Other methods the United States has successfully employed in the past are likely outdated, as the regime has worked to shore up its vulnerabilities. The United States was able to freeze North Korean assets at the Macau-based Banco Delta Asia bank in 2005 and used it as a bargaining chip in nuclear talks, but the regime has since diversified its income streams.
A report by the Committee for Human Rights in North Korea from earlier this year found that North Korea had branched out on exports to include ivory from endangered species, counterfeit prescription drugs, and cigarettes.
Moreover, the report found that existing sanctions are already systematically bypassed via false papers, cargo concealment, and loopholes in shipping regulations.
Efforts are further stymied by the inflexible nature of a robust enforcement measure that could hamper future negotiations. Currently, a bill called the North Korea Sanctions Enforcement Act proposes a wide range of retaliatory tactics, such as allowing the United States to put pressure on individual ports not in compliance with sanctions but would require congressional approval to retract as well.
Skepticism on whether the attacks originated from the North Korean regime continues despite the FBI’s conclusion last Friday, with experts in the information security industry questioning the agency’s methods.
The agency cites the similarity of the malware found in the Sony hack to that of previous attacks linked with North Korea and IP addresses as the main piece of evidence. Marc Rogers, who works at Cloudflare and reviews papers for DEF CON, one of the world’s oldest hacking conference, thinks that isn’t enough to indict North Korea.
“Many of these pieces of malware use publicly available tools and libraries … [and] are based on malware source code that has been sold/released/leaked and is therefore accessible and easy to use,” he wrote in a blog post rebutting the FBI.
Rogers also said that the IP addresses were a flimsy piece of evidence because hackers could easily hijack other machines to hide their tracks, and that the addresses cited by the FBI looked like public proxies.
North Korea has denied the attacks, and has offered to do a joint investigation of the hack with the United States.
Most to Lose
If the agent of the hack turned out to be a nonstate actor, Sony would have the most to lose from the revelation.
Jonathan Zittrain, a professor of law and computer science at Harvard University, said Sony was unquestionably facing anger over the breach and the resulting disclosure of thousands of sensitive documents. But the movie studio may be able to mitigate that reaction and potential legal exposure if it’s established that North Korea was behind the attack.
“If Sony can characterize this as direct interference by or at the behest of a nation-state, might that somehow earn them the kind of immunity from liability that you might see other companies getting when there’s physical terrorism involved, sponsored by a state?” Zittrain said.
Six class-action lawsuits have been filed against Sony, all within the past week, by past employees seeking damages in the hack, which they claim Sony caused by neglecting security.
The Associated Press contributed to this report.