U.S. Asks China to Help Rein In Korean Hackers
By DAVID E. SANGER, NICOLE PERLROTH and ERIC SCHMITT

WASHINGTON — The Obama administration has sought China’s help in recent days in blocking North Korea’s ability to launch cyberattacks, the first steps toward the “proportional response” President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials.

“What we are looking for is a blocking action, something that would cripple their efforts to carry out attacks,” one official said.

So far, the Chinese have not responded. Their cooperation would be critical, since virtually all of North Korea’s telecommunications run through Chinese-operated networks.

It is unclear that China would choose to help, given tensions over computer security between Washington and Beijing since the Justice Department in May indicted five hackers working for the Chinese military on charges of stealing sensitive information from American companies.

The secret approach to China comes as American officials, convening a half-dozen meetings in the White House Situation Room last week, including one of the top national security team on Thursday night, have been developing options to give to the president during his vacation in Hawaii. They include new economic sanctions, mirroring those recently placed on Russian oligarchs and officials close to President Vladimir V. Putin, which would cut off their access to cash — the one perk that allows the elite surrounding Kim Jong-un, the North Korean leader, to live lifestyles their starving countrymen can barely imagine.

The sessions also included discussions of “information operations” directed at the North Korean people, officials said, but similar efforts by South Korea to sway opinion in the North have often created a furious backlash.

As part of the administration effort to plan a response to the first major, state-sponsored destructive computer-network attacks on American soil, the president has asked the military’s Cyber Command, which is led by the same four-star admiral who directs the National Security Agency, to come up with a range of offensive options that could be directed at North Korea.

For now, the White House appears to have declined to consider what one Defense Department official termed “a demonstration strike” in cyberspace, which could have included targets such as North Korean military facilities, computer network servers and communications networks.

One obvious potential target is Yongbyon, the center of North Korea’s nuclear program, where the state has invested huge sums to produce plutonium and uranium fuel for its small arsenal of nuclear weapons. Because of its geographic and technological isolation, Yongbyon is considered a far harder target to attack than were Iran’s nuclear facilities, the subject of an American cyberoperation code-named Olympic Games.

The administration’s restraint grows out of a concern over the risk of escalation with North Korea, since the United States has far more vulnerable targets, from its power grid to its financial markets, than North Korea.

“There are a lot of constraints on us, because we live in a giant glass house,” said one official involved in the high-level debates. The official said the challenge was to find a mix of actions that “the North Koreans will notice” but that will not be so public that Mr. Kim’s government loses face and feels compelled to respond.

Several administration officials said the White House woke up late to the growing confrontation with North Korea, with senior officials not realizing at first the scope and long-term implications of the attacks on Sony for its plans for a Christmas Day release of “The Interview,” a crude comedy built around a far-fetched C.I.A. plot to have two bumbling journalists assassinate the young North Korean leader. But by last week, the combination of the destructive attack on Sony’s computers and the threat of attacks on moviegoers at any theater that showed the film sent the administration scrambling for a response.

In interviews over the past two days, officials said the president’s decision was to have the United States directly accuse the North Korean government — a public naming of the perpetrators that went beyond previous American criticism. Then the president, in his year-end news conference, cast Mr. Kim as an insecure leader so weak that he could be provoked by an outlandish satire, even while Mr. Obama castigated Sony Pictures for giving in to intimidation by withdrawing the film.

The attacks on Sony appear to have been routed through China and then conducted through servers in Singapore, Thailand and Bolivia. Each of the countries, officials said, had been contacted in an effort to cut off access for the hackers.

But the key is China. United States officials said that American efforts to block North Korea’s access to the Internet, which is available only to the military and the elite, would necessarily impinge on Chinese sovereignty. But they also saw in the confrontation a chance to work with the Chinese on a subject the two countries have been warily discussing for several years: Establishing “rules of the road” for acceptable behavior in cyberspace.

By some accounts, what the administration is trying to create is a computer equivalent to the Proliferation Security Initiative, an effort begun in the Bush administration, also aimed squarely at North Korea, to stop the shipment of nuclear materials and other weaponry. But in cyberspace that is a far harder task, since it is easier for the North Koreans to reroute computer code at lightning speed than to reroute a cargo ship carrying missiles.

Any financial sanctions also are tricky. The North is under perhaps the heaviest sanctions on earth. Yet the one sanction in the past decade that caused the most pain to the North Korean leadership was the freezing of its accounts at a small bank in Macau, which held the money the North Korean leadership uses to buy luxury goods — and serves as an escape route if officials need to leave the country.

Even if Mr. Obama was ready to respond with a cyberattack, it would not be instantaneous.

“One of the things people often overlook is the complexity and time it takes to launch an attack,” said Oren Falkowitz, a former analyst at the National Security Agency who now runs Area 1, a security company based in Menlo Park, Calif. “Most attacks take hundreds of days, if not years, to plan. People often want to move quickly, but they forget a lot of legwork must be done.”

In the past, other countries have resorted to basic distributed denial-of-service attacks, in which hackers flood a target’s systems with Internet traffic until they collapse under the load. But unlike systems in the United States, very little of North Korea’s network infrastructure is connected to the global Internet. The result, Mr. Falkowitz says, is that a similar denial-of-service attack on the North would amount to “ankle biting.”

Tom Kellermann, a former member of the presidential commission on cybersecurity, said one option was what security experts refer to as a “hack back,” in which they use the attackers’ own computer footprints and back doors to deploy an attack that destroys North Korea’s attack infrastructure, or compromises the integrity of the machines that did the hacking. For example, the United States could deploy a malicious payload that encrypts the data on North Korea’s machines, or renders them unable to reboot — clearly “proportional,” in the president’s words, because that was what happened to Sony’s computers.

But attack tools can be swapped out, and by destroying attackers’ systems, the United States would lose its ability to monitor them for future attacks.

Mr. Kellermann predicted a campaign of information warfare, in which the United States plays on North Korea’s worst fears by using its access to the North Korean domestic computer and radio systems to deploy propaganda inside North Korea’s closed media bubble.

索尼被駭 反擊北韓駭客 美向陸求援

美國政府高級官員告訴紐約時報，美國近日已請求大陸協助封鎖北韓的網路攻擊能力，藉此報復北韓駭客入侵索尼影業公司，這也是美國總統歐巴馬誓言對北韓採取「對等回應」的第一步。美國還希望藉此對外發出更廣泛的警告，防範未來的駭客攻擊。

美國總統歐巴馬廿一日接受美國有線電視新聞網（CNN）訪問時表示，美國考慮重新將北韓列入支持恐怖主義國家名單。歐巴馬稱索尼被駭是網路破壞行為，不是戰爭行為，美國將在檢討所有證據後作成決定。

美國想對付北韓駭客，大陸是關鍵，因為北韓所有電子通訊都透過大陸經營的網路運作。美國官員說：「我們尋求的，是採取封鎖行動，癱瘓他們發動攻擊的努力。」

大陸尚未回應美國的請求。法新社報導，美國官員說，美中討論此事時，雙方「抱持同一觀點，於網域發動摧毀性的攻擊，是踰越網路適當行為標準的行為」。

不過，今年五月美國司法部曾大動作起訴五名解放軍軍官，指控他們以駭客手法竊取美國企業機密，雙方在網路安全問題上一直針鋒相對。如今美國卻要大陸協助防堵北韓駭客，幕後用意和大陸如何回應，將牽動雙邊關係進展。

紐時說，索尼影業被駭，顯然是透過大陸的網路，指揮新加坡、泰國、玻利維亞的伺服器執行攻擊。美國官員表示已請求各國封鎖北韓駭客。北韓矢口否認與索尼被駭有關，但美國列舉多項證據，一口咬定是北韓。

自稱「和平守護者」的團體駭入索尼影業，聲稱是為阻止描述刺殺北韓領袖金正恩的索尼喜劇片「名嘴出任務」（The Interview）於耶誕節上映。駭客並威脅攻擊放映此片的戲院，迫使索尼宣布全面停映此片。

美國欲封鎖北韓發動網攻，定會涉及侵犯大陸主權的問題。但美國官員認為，美中討論北韓駭客，同時是美中解決彼此網安問題的一次機會。多年來，雙方試圖訂定網域的「交通規則」，明訂出可接受的行為但未果。

美國官員上周於白宮戰情室至少集會六次，準備在歐巴馬於夏威夷度假期間，提供選擇供歐巴馬參考，包括施加新經濟制裁，對北韓人民展開「宣傳作業」等。

眼前白宮並不主張於網域對北韓發動「展示性攻擊」，這類攻擊的目標涵蓋北韓軍事設施、電腦伺服器、通訊網，可能目標之一是寧邊核子設施。

美國如此克制，明顯擔心可能升高與北韓緊張關係，畢竟美國的電力系統與金融市場遠比北韓容易被攻擊。

原文參照：
http://www.nytimes.com/2014/12/21/world/asia/us-asks-china-to-help-rein-in-korean-hackers.html

紐約時報中文版翻譯：
http://cn.nytimes.com/usa/20141221/c21cyber/zh-hant/

2014-12-22．聯合報．A13．國際．編譯王麗娟