AP sources: US did not ‘hack back’ against North Korea

WASHINGTON (AP) -- The U.S. government was not responsible for sustained electronic attacks that crippled North Korea's Internet infrastructure last month, just after President Barack Obama promised that his administration would respond to the hacker break-in at Sony Pictures Entertainment Inc., two senior U.S. officials told The Associated Press.

The Obama administration has been deliberately coy about whether it caused North Korea's outage, which affected all the nation's Internet connections starting the weekend of Dec. 20. But the two officials, speaking on condition of anonymity because they were not authorized to openly discuss the issue, acknowledged to the AP that it was not a U.S. operation.

It was not immediately clear even within the administration whether rogue hackers or other governments disrupted North Korea's networks. The networks are not considered especially robust since they rely on a single provider, China United Network Communications Group Co. Ltd., the state-owned provider in neighboring China. North Korea's service was sporadic starting Saturday, Dec. 20, then collapsed entirely for nearly 10 hours two days later in what has remained an enduring whodunit.

"It looks more like the result of an infrastructure attack than an infrastructure failure," said James Cowie, chief scientist at Dynamic Network Services Inc. of Manchester, New Hampshire, who studied the outages. "There's nothing you can point to that says it has all the hallmarks of an attack by a nation state. It could have been anybody."

Within the U.S. government, contingents have debated privately whether to acknowledge that the U.S. played no role in North Korea's disruptions or remain silent to avoid detailed conversations about U.S. capabilities and policy on offensive cyber operations, which are considered highly classified.

The disclosure denying U.S. involvement was intended to convey how seriously the administration considers offensive cyberattacks, intended to be used only in the most serious cases and consistent with the State Department's admonitions for foreign governments to always preserve access to the Internet for all citizens, one of the officials said.

Sony Pictures chief executive Michael Lynton told the AP in a new interview that he never knew whether the U.S. government electronically attacked North Korea as retaliation for the break-in at his company.

The government hinted earlier this year, on Jan. 2, that it wasn't involved in the North Korea outages, but its intended message was too understated to be recognized as an outright denial. When the White House announced new economic sanctions against North Korea for what it called a "destructive and coercive cyberattack" against Sony, Obama spokesman Josh Earnest described the sanctions as "the first aspect of our response." In other words, the government was saying its initial response was coming 11 days after the mysterious attacks crippled North Korea's networks.

As late as Thursday, Obama's homeland security adviser, Lisa Monaco, declined to say whether the U.S. was behind the North Korea outages. Speaking at a cybersecurity conference in New York, Monaco would not answer a question from the U.S. attorney for the Southern District of New York, Preet Bharara, whether the administration was responsible and agreed it could be helpful to be ambiguous about the consequences of hacking American targets.

"I'm not going to comment, and I never would, on operational capabilities," she said. "But you want to be able to have a number of tools in our toolbox and reserve them for use."

FBI Assistant Director Joseph Demarest, head of the cyber division, added: "You have to be able to reserve some ability for your capabilities, your methods, in a way that protects that capability going forward."

At the time of the North Korea outages, the White House and the State Department also declined to say whether the U.S. government was responsible. North Korea's four principal connections to the Internet began having serious problems just hours after Obama blamed North Korea for hacking into Sony, which included disclosure of confidential company emails and business files and threats of terror attacks against U.S. movie theaters until Sony agreed to cancel the Christmas Day release of its film "The Interview." Sony eventually decided to release the profane comedy that pokes fun at North Korea leader Kim Jong Un and depicts an assassination plot against him, offering it online for $6 and in a relatively small number of theaters.

Obama promised Dec. 19 to retaliate against North Korea but pointedly did not indicate what he had planned: "We will respond proportionally," he said, "and we'll respond in a place and time and manner that we choose. It's not something that I will announce here today at a press conference." But Obama later described the Sony hacking as "an act of cyber vandalism," not an act of war.

As North Korea's networks sputtered, on Dec. 22, State Department spokeswoman Marie Harf wouldn't say whether U.S. fingerprints were involved, but her answer was widely interpreted as confirming a U.S. role: "As we implement our responses, some will be seen, some may not be seen."

One day later, Harf clarified. "I don't think I actually winked or nudged," she said. "I said I can't comment on those reports one way or the other. I can't confirm them one way or the other. I don't actually know that their Internet was out, and it's not for me to speak to. I was broadly speaking about what the president has said but in no way was trying to link it to yesterday's activity."

She added: "I understand it was sort of interpreted that way and did not mean to be."

(© 2015 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed).