U.S. sanctions on North Korea suggest prospect of further retaliation

President Obama ordered new economic sanctions Friday against North Korea aimed at increasing financial pressure on the rogue state’s leadership, a preliminary retaliatory action by the administration in response to what it calls the “destructive and coercive” cyberattack on Sony Pictures Entertainment computers.

The order, the first time the U.S. cited cyberattacks in sanctioning another country, was described as part of the United States’ unfolding response to North Korea’s “ongoing provocative, destabilizing, and repressive actions and policies.” That characterization laid out the prospect of further and greater retaliation, whether it be public or something covert, like a counterattack on a North Korean computer network.

“The order is not targeted at the people of North Korea, but rather is aimed at the government of North Korea and its activities that threaten the United States and others,” Obama said in a letter to congressional leaders.

The new penalties were the first public reprisal since U.S. officials blamed North Korea two weeks ago for the Sony hack, saying it was probably done in response to Sony’s planned release of “The Interview,” a comedy starring Seth Rogen and James Franco that features a fictional plot to assassinate leader Kim Jong Un.

Obama had promised a proportional response to the cyberattack, a hit on a major player in a key U.S. industry, without detailing what that might include.

Experts have questioned how much more the U.S. could do given the array of strict sanctions already in place. Last week, North Korea’s limited Internet service saw a major outage, though the U.S. would not say whether it was responsible and suggested Friday that the reclusive nation had conducted the disruption itself.

The executive order signed by the president builds on existing sanctions by directing the Treasury Department to cut off access to the U.S. financial sector for 10 individuals and three government entities identified as key operatives engaged in hostile behavior, including the country’s intelligence agency and its primary military arms dealer. Obama’s order notes three previous rounds of penalties imposed on the nation in response to its nuclear weapons program.

But though the new actions were triggered by the Sony hack, a senior U.S. official said that none of the individuals and entities targeted by the sanctions were believed to be directly involved. Rather, the step reflects a broader concern about North Korea’s recent provocations on various fronts, particularly in cybersecurity.

“This attack on Sony Pictures Entertainment clearly crossed a threshold for us,” said another senior official, who, like the first, spoke to reporters on condition of anonymity. “We’ve moved from an era of website defacement and digital graffiti, as it were, to where people are actually willing to cross this line and conduct destructive attacks on data and try to coerce people. Therefore, we felt the need very strongly to take decisive action.”

Cybersecurity experts have cast doubt on the administration’s conclusion that North Korea was responsible for the attack, saying that the evidence that federal investigators disclosed publicly falls short of conclusive proof.

The U.S. has said that tools used in the Sony hack are similar to an earlier attack carried out by North Korea against institutions in South Korea, but analysts responded that such tools are widely available.

U.S. officials told reporters Friday that the doubts are misplaced and those firms don’t have access to the classified intelligence that the FBI and other U.S. agencies used to confirm North Korea’s hand in the intrusion.

The security experts remained skeptical.

“Simply saying this is similar to other attacks that have North Korea’s fingerprints on them doesn’t do much to convince me,” said Peter Toren, a cybersecurity expert who formerly worked in the Department of Justice. “The FBI is saying, in a sense, ‘We’re the government. Trust us.’“

Ralph Echemendia, chief executive of security consulting firm Red-e Digital, agreed, comparing the intelligence released about the Sony hack to the claims President George W. Bush’s administration made about weapons of mass destruction in Iraq in the run-up to war there, later proved to be without merit.

“If they’ve made that conclusion, then why hasn’t the data that supports that conclusion been released by them?” Echemendia said.

The cybersecurity firm Norse Corp. said this week that it told investigators that the evidence it has reviewed suggests a person who left Sony in May was involved in the breach. U.S. officials continue to investigate the attack.

In his letter to congressional leaders, the president said he has determined that North Korea’s cyber aggression violated four United Nations Security Council resolutions and constituted “a continuing threat to the national security, foreign policy, and economy of the United States.”

Though the new penalties probably will frustrate North Korea, particularly for going after money coming into the isolated country, they are unlikely to have much effect. North Korea is already heavily sanctioned, and most of its people live in stark poverty without basic freedoms, including access to the Internet.

Even so, experts said the sanctions break new ground in the way the Obama administration is going after North Korea.

Victor Cha, a top North Korea advisor during the Bush administration, noted that in addition to cyber-attacks, the administration cited human rights violations for the first time as the basis for sanctions. Previous penalties responded instead to the country’s controversial nuclear activities.

In addition, the 10 individuals all represent the government’s financial interests around the world. Sanctioning them “is another effort to dry up the money channels flowing into the country,” said Cha, who is with Georgetown University and the Center for Strategic and International Studies.

The North Korean government has resisted many of the layers of sanctions the U.S. has added to over recent decades. But the government is extremely sensitive to sanctions that go after the sources of money to the North Korean elite.

And its arms trade is vital as an important source of hard currency for the impoverished country.

With the new penalties, the administration also is trying to deter other countries from launching cyberattacks. Among them is China, whose alleged tampering with U.S. computer networks has been a major point of friction between the countries.

A group calling itself Guardians of Peace has taken responsibility for the attack on Sony Pictures, which became public Nov. 24 when the studio’s computer systems were shut down.

In the following days, the hackers released enormous amounts of sensitive data, including thousands of employees’ Social Security numbers and salaries of top executives, as well as embarrassing emails.

Last month, hackers threatened physical violence against movie theaters that were to show “The Interview,” and Sony canceled its plans to go forward with a wide release.

Sony scrambled to put together an alternative strategy, securing an online video-on-demand debut for Christmas Eve and in 331 independent movie theaters for the next day.

The film generated an impressive $15 million in revenue in its first four days of release online. The movie has since expanded to outlets such as iTunes and VOD services of pay-TV providers including Comcast, Time Warner Cable and Charter Communications.

“The Interview” has also expanded to about 580 independent cinemas and has grossed about $3.8 million from theaters.

Memoli reported from Honolulu and Faughnder from Los Angeles. Times staff writers Paul Richter and Brian Bennett in Washington contributed to this report.