Last December, after the FBI and the National Security Agency concluded that North Korea’s Unit 121 had hacked Sony Pictures and threatened the Americans who wanted to see “The Interview,” President Obama publicly accused North Korea of the cyberattack and threat, and promised a “proportional response” to it. On January 2nd, the President signed a new executive order whose potential was sweeping, but whose actual effect was “symbolic at best.” In practice, the designations under the new executive order amounted to whack-a-mole sanctions against ten small-time arms dealers, who were probably replaced by ten other small-time arms dealers within weeks.
Is that all? Maybe not. If you believe Rep. Michael McCaul, the President also directed the intelligence community to take down North Korea’s internet for a few days. The Director of the CIA, who seems rather desperately to want to deny the story, nevertheless stuck to the CIA’s customary neither-confirm-nor-deny line — sometimes called a “Glomar” response — which will be read in most places, including Pyongyang, as, “So they did it.”
Had this been the act of a band of angry nerds in Guy Fawkes masks (and by the way, about those masks), most people would have applauded it. I still hope that it was. As the act of a great power that once treasured and defended the free expression of its people with all of its might, no word would describe this better than “chickenshit.” It suggests that angry nerds in Guy Fawkes masks have been put in charge of defending the lives, liberty, and security of the world’s greatest power with a mighty arsenal of college pranks. What’s next, flaming dog poop on the doorstep of North Korea’s U.N. mission? It’s hard to see how this will deter future North Korean attacks; after all, the internet is about as vital to North Korea as a subway system is to North Dakota.
In the United States, freedom of expression is not only the foundation of our system of government — of what makes us America — it is also the foundation of what those who shrink from the use of hard power call “soft power.” It is difficult to measure the damage our freedom of expression has suffered in just the last three months alone, but the cyberattack caused Sony Pictures to cancel the release of a major film just before the holidays, and a second studio, New Regency, also announced that it would scrap a second film about North Korea.
In a very real way, the world’s most oppressive system of government has extended the reach of its censorship to our society, and our government acts as if it is impotent to react to this. When one considers the very real legal and safety risks attendant to engaging in what the most extreme adherents of Islam call “blasphemy” today, one strains to argue that the United States is as free today as it was five years ago. If only there were a man whose duties and authorities consisted of preserving, protecting, and defending the Constitution of the United States.
~ ~ ~
Knowing, as history has taught us, that finance is the only North Korean vulnerability the United States has ever exploited successfully, smarter people are following the money. No one should be following North Korea’s money more closely than Adam Szubin, the head of the Treasury Department’s Office of Foreign Assets Control (Szubin is also the Acting Treasury Undersecretary for Terrorism and Financial Intelligence because his predecessor, David Cohen, has been picked to be the new CIA Director. That should tell you everything about the importance of financial intelligence in U.S. foreign policy today.) This week, Szubin delivered a speech to a trade group in Florida, where he talked about the Obama Administration’s sanctions enforcement priorities:
We are imposing costs on Russia for its brazen violation of core international principles. We are working to deprive ISIL of the financial means to terrorize the people of Iraq and Syria and spread its warped ideology. We are keeping up the pressure on Iran while we seek a diplomatic means of ensuring that it will not acquire a nuclear weapon. [Treasury Dep’t Press Release]
By now, you’ve noticed a glaring omission from the list — the only state counterfeiter of the U.S. dollar. One of two nations (Iran being the other) singled out for countermeasures by the Financial Action Task Force. The only nation to have successfully suppressed freedom of expression in the United States by directing its clandestine agents to make a terrorist threat against the American people, in their own country. And as of this week, the only nation to have sponsored a cyberattack against multiple nuclear power plants, an attack that the South Korean government claims was intended to cause a reactor malfunction.
Where it matters — on the financial front — North Korea is a blind spot for the Obama Administration. You can see this manifested in a variety of ways. In this paper, I explained the general weakness of the sanctions authorities in place against North Korea, the relatively small number of North Korean entities designated for the blocking of their dollar-denominated assets, and the relatively low level of the entities designated. This matters, because as the U.N. Panel of Experts recently confirmed, North Korea still relies heavily on the dollar system to violate U.N. Security Council sanctions. Yet you’ll have to search far and wide for any evidence that Treasury has enforced even those sanctions against the banks that help North Korea finance itself, violate U.N. Security Council resolutions, break our laws, and suppress our fundamental freedoms, all by using our own financial institutions.
Last year, for example, the Treasury Department entered into the largest settlement of a potential sanctions penalty in its history, when the French parastatal bank BNP Paribas agreed to pay nearly $1 billion for stripping data out of records of transactions to evade sanctions. Sanctions against whom, you ask?
For instance, a Sudanese bank seeking to move U.S. dollars out of Sudan transferred funds internally within a BNP satellite bank, which then transferred the money to the Sudanese bank’s “intended beneficiary” without reference to the Sudanese bank.
BNP Paribas agreed with sanctioned entities “not to mention their names in U.S. dollar transactions,” and included explicit instructions to bank personnel, such as “! Payment in $ to [French Bank 1] without mentioning Sudan to N.Y.!!!” [….]
According to New York regulators, the scope of the violations was much larger. DFS said from 2002 to 2012, BNP Paribas provided more than $190 billion of dollar-clearing services for Sudanese, Iranian and Cuban parties.
Under orders from “high levels of the Bank’s group management,” BNP Paribas engaged in a “systematic practice…of removing or omitting Sudanese, Iranian or Cuban information” from U.S. dollar-denominated transactions with the purpose of avoiding disclosure “to any potential investigatory authorities,” according to the DFS document. [Wall Street Journal]
Once again, North Korea is absent from the list. Even after the BNP Paribas settlement, Treasury continued to investigate “at least six banks in Germany, France, Italy or Japan” for violating sanctions against “Iran, Sudan, Cuba or other nations hit with U.S. sanctions.” Although North Korea wasn’t one of the principal targets of that investigation, the article gave reason to hope that there would be at least one enforcement action against a bank this year. It linked to this 2014 report by Germany’s Commerzbank, revealing that the bank was under investigation for possible sanctions violations involving North Korea. That probably means that Commerzbank was suspected of dealing with the Foreign Trade Bank or Daedong Credit Bank, the only two North Korean banks of significance that have been designated by Treasury’s Office of Foreign Assets Control.
Months passed with no word of any enforcement action against Commerzbank. Then, last week, Treasury issued a press statement confirming the outcome of its investigation: Commerzbank signed a settlement with OFAC, agreeing to pay $258,660,796 for “apparent” violations of sanctions on Iran, Sudan, Burma, Cuba. What about North Korea? To be fair, OFAC also suspected Commerzbank of violating Executive Order 13,382, “Blocking Property of Weapons of Mass Destruction Proliferators and Their Supporters,” which is the authority for approximately half of the North Korean designations. Yet no North Korean entities are mentioned in the settlement agreement, which explains Commerzbank’s alleged violations in detail. Here’s Treasury’s summary of how Commerzbank did it:
Those practices included deleting or omitting references to Iranian financial institutions and replacing the originating bank information with Commerzbank’s name from payment messages sent to U.S. financial institutions. Commerzbank also created a process to route payments involving Iranian counterparties to a payment queue requiring manual processing by bank employees rather than routine, automated processing. Commerzbank utilized these practices in 1,596 financial transactions routed to or through banks in the United States between 2005 and 2010….
As is customary, Commerzbank denied any wrongdoing in the settlement agreement. The report does have one bright spot — It also notes that “Deutsche Bank, Germany’s largest bank, has said it stopped doing new business with Iran, Syria, Sudan and North Korea in 2007.”
It’s worth clarifying that the Treasury Department isn’t the problem here. Szubin is regarded by congressional staffers of both parties as a highly competent bureaucrat and technocrat. The problem is that his remarks reflect the priorities of the president he serves. For the same reasons, the OFAC staff aren’t the problem, either; when sufficiently resourced, they do their jobs very well. The problem is at the top — the President hasn’t made it a priority or dedicated sufficient resources to the problem, most likely because the State Department has persuaded the President to slow-walk sanctions enforcement. The result is that the President keeps the sweep of the sanctions narrow, barely enforces the sanctions that are in effect, and pays token attention to violations and offenses he absolutely can’t ignore.
That abstention from responsibility is now threatening the most fundamental freedoms of the American people, the safety of the South Korean people, the integrity of the U.N. Security Council’s sanctions, and the entire global nonproliferation system. North Korea has made it clear that its system of government and ours cannot coexist. The very least we should do is less of what we’re doing now to help North Korean fascism to continue to exist.
~ ~ ~
If you believe the anonymous U.S. government sources who talked to the Daily Beast, we didn’t knock KCNA down, but we did something else. The sources won’t say what, and more importantly, it’s hard to tell if these sources are high enough in their own organizations to understand the full picture of what various other agencies were up to.
On Tuesday, the online news outlet Daily Beast cited unidentified sources with knowledge of the U.S. government cyber-operations against North as saying that the operations were “designed to send a message that North Korean officials weren’t beyond the reach of the American government.”
The U.S. operations took place before the blackout, but the takedown itself was not the result of those operations, the sources were quoted as saying. The report also said independent hackers have claimed they are the ones that took the North offline.
Former U.S. intelligence officials were also quoted as saying that the American government would hesitate to take down the North’s entire network because it would cut intelligence agencies off from the cyber-spying they were doing inside North Korea. [Yonhap]
You can read the Daily Beast report here.