HONOLULU – The United States imposed new sanctions Friday on North Korean government officials and the country’s defense industry over a cyberattack against Sony Pictures Entertainment Inc., insisting that Pyongyang was to blame despite lingering doubts by cybersecurity experts.
The White House warned this was just the opening move in the U.S. response.
While the sanctions will have limited effect, as North Korea already is under tough U.S. and other sanctions over its nuclear and missile programs, American officials portrayed them as a swift, decisive response to North Korean behavior they said had gone far over the line. Never before has the U.S. imposed sanctions on another nation in direct retaliation for a cyberattack on an American company.
“The order is not targeted at the people of North Korea, but rather is aimed at the government of North Korea and its activities that threaten the United States and others,” President Barack Obama wrote in a letter to leaders in Congress.
The 10 North Koreans singled out for sanctions didn’t necessarily have anything to do with the attack on Sony Pictures, a unit of Sony Corp., senior U.S. officials said. Anyone who works for or helps the North Korean regime is now fair game, especially Pyongyang’s defense sector and spying operations, the officials said.
The sanctions also apply to three organizations closely tied to North Korea’s government: the country’s primary intelligence agency, a state-owned arms dealer that exports missile and weapons technology, and Korea Tangun Trading Corp., which supports defense research. All three entities were already subject to U.S. sanctions.
Obama has also warned Pyongyang that Washington is considering whether to put North Korea back on its list of state sponsors of terrorism, which could jeopardize aid to the country on a global scale. Beyond that, it’s unclear what additional penalties the U.S. has available.
North Korea has denied involvement in the cyberstrike, which led to the disclosure of tens of thousands of confidential Sony email messages and business files, the theft of unreleased movies, and which then escalated to threats of terrorist attacks against movie theaters.
Many cybersecurity experts say it’s possible that hackers or even Sony insiders could be the culprits, and questioned how the FBI can point the finger so conclusively. Senior U.S. officials, who briefed reporters on condition of anonymity, dismissed those arguments and said independent experts don’t have access to the same classified information as the FBI.
“We stand firmly behind our call that the DPRK was behind the attacks on Sony,” one official said, citing North Korea by its official name, the Democratic People’s Republic of Korea.
Those sanctioned include North Koreans representing the country’s interests in Iran, Russia and Syria. Any assets they have in the U.S. will be frozen, and they’ll be barred from using the U.S. financial system. Americans will be prohibited from doing business with them, the Treasury Department said.
At the United Nations, no one answered the phone at North Korea’s U.N. Mission, and calls to a diplomat there were not answered. Sony, too, declined to comment.
While denying any role in the cyberattack, North Korea has expressed fury over the Sony Pictures comedy flick “The Interview,” which depicts the fictional assassination of leader Kim Jong Un. Sony Pictures initially called off the film’s release after movie theaters decided not to screen it. After Obama criticized that decision, it decided to release the film to a limited number of theaters and online.
Questions meanwhile remain about who was behind a nearly 10-hour shutdown of North Korean websites late last month.
The U.S. never said whether it was responsible. Pyongyang’s powerful National Defense Commission blamed Washington and hurled racial abuse at Obama, calling him a reckless “monkey in a tropical forest.”