The United States has asked China for help in blocking cyberattacks emanating from North Korea, officials told CNN and the New York Times in the wake of the attack on Sony Pictures that the U.S. administration has now pinned on North Korea. And now China has responded, albeit obliquely.
On Monday, the Chinese foreign ministry said the country “opposes any country or individual using other countries’ domestic facilities to conduct cyberattacks on third-party nations,” according to a Reuters report. Chinese Foreign Minister Wang Yi told U.S. Secretary of State John Kerry that “China opposes all forms of cyberattacks and cyber terrorism.” However, China said there was still no proof that North Korea had perpetrated the attack.
North Korea isn’t exactly a highly-connected nation — only a few high-level officials are allowed to access the global internet – but what access it does have mostly flows through Chinese networks. There have been reports that the attack on Sony Pictures emanated partly from China (though such attacks can be routed through proxy servers pretty much anywhere.)
North Korea itself released a statement over the weekend, denying involvement in the hack and saying “the U.S. should not pull up others for no reason.”
The colorfully-phrased statement included this:
It is a common sense that the method of cyber warfare is almost similar worldwide. Different sorts of hacking programs and codes are used in cyberspace. If somebody used U.S.-made hacking programs and codes and applied their instruction or encoding method, perhaps, the “wise” FBI, too, could not but admit that it would be hard to decisively assert that the attack was done by the U.S….
After all, the grounds cited by the FBI in its announcement were all based on obscure sci-tech data and false story and, accordingly, the announcement itself is another fabrication. This is the DPRK’s stand on the U.S. gangster-like behavior against it.
China, of course, has spent much of 2014 engaged in a war of words with the U.S. over hacking. It began in May, when the U.S. charged several Chinese officials over the alleged hacking of U.S. firms for economic espionage reasons, and since then China’s authorities have been generally making life hard for U.S. firms trying to do business there. China, which has enthusiastically pointed to Edward Snowden’s revelations about U.S. cyber-naughtiness, said in October that the country was “resolutely opposed” to hacking.
Act of vandalism, not war
The Sony Pictures hack saw the theft of reams of the company’s strategic and commercial information, as well as employees’ personal information and several unreleased films.
Although the motives of the “Guardians of Peace” hackers were initially unclear, speculation that the attack was related to the imminent release of a Seth Rogen comedy called The Interview crystallized over the last few weeks. After theaters were threatened with some kind of physical attack if they screened the movie, which features a plot to assassinate North Korean dictator Kim Jong-un, Sony cancelled its release.
Following criticism by U.S. President Barack Obama for pulling The Interview, Sony is now insisting that it will release it somehow. The file-sharing platform BitTorrent has offered its BitTorrent Bundles facility for the release, though Sony has yet to respond.
Obama described the attack as a “very costly, very expensive” act of cyber-vandalism rather than an act of war, but he said he is considering putting North Korea back on the U.S.’s list of sponsors of terrorism, as part of the official response.
However, despite the U.S. administration and the FBI finally having gone on the record in blaming North Korea, many in the security community remain deeply skeptical. Marc Rogers, principal security researcher at Cloudflare, wrote over the weekend that the evidence for that attribution – at least, the evidence that has been shown to the public — was weak.
The FBI said that there were great similarities in the attack code and methods between the Sony job and earlier attacks attributed to North Korea, but Rogers pointed out that the evidence for North Korea having been behind those earlier attacks was “flimsy and speculative at best.” He pointed out that many components of the malware were publicly available and easy to use, and noted that almost all the IP addresses used in the Sony attack were proxies that were again open to the public.
A message allegedly posted by the Guardians of Peace over the weekend accused the FBI of being idiots in concluding that North Korea was the culprit.
Meanwhile, south of the Korean DMZ there is concern over the safety of several nuclear power plants. Unidentified hackers have warned the Korea Hydro and Nuclear Power Co. that the reactors should be shut down or people should “stay away from them. The hackers stole equipment designs and manuals and posted them online. While the energy company has played down the threat to the plants’ safety, it is conducting drills to test defences against a cyberattack.
This article was updated at 2.55am PT to include North Korea’s statement and again at 3.10am PT to note China’s comments on the evidence.