We are all North Koreans now

As far as I know, I didn’t liberate a single North Korean during my four-year tour with the Army in South Korea, although I’ve argued their distant and forgotten cause ever since I came home. The crimes of Kim Jong Un were still distant just five weeks ago, when Professor Lee and I, writing in The New York Times, sounded a lonely warning about Kim’s efforts to censor his critics in the South with terror and violence, writing that “[c]aving into blackmailers merely begets more blackmail.” To some, that probably seemed absolutist, even hyperbolic. It should seem more prophetic now.

One morning this week, I awoke to the realization that the rights I’m arguing for are my own–in my own home, and in my own neighborhood. Here, in America. In the suburbs of Washington, D.C. Today, in a very small way, we are all North Koreans. Most of us have spent the last several decades ignoring the men who oppress North Koreans. Now, in a small but incalculably important way, the same men have oppressed us. Here is the FBI’s statement about the Sony hack, and the terrorist threats that followed it:

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

– Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

– The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

– Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt–whether through cyber-enabled means, threats of violence, or otherwise–to undermine the economic and social prosperity of our citizens. [FBI Press Release]

The feds sound very confident about their conclusions:

Intelligence officials “know very specifically who the attackers are,” said one individual familiar with the investigation, who like others spoke on condition of anonymity because the case is ongoing. [Washington Post]

As with the Cheonan incident, it’s almost as if North Korea wants everyone to know it did it, while leaving just enough doubt to let its apologists do their work. That strategy worked well for them in South Korea, which never responded to the two deadly attacks on its territory in 2010. Why should Kim Jong Un believe that attacking us would lead to different results? That’s one reason why I’m so glad the President said something about the importance of protecting free speech:

“We cannot have a society in which some dictator someplace can start imposing censorship here in the United States,” Obama said. “Because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don’t like or news reports that they don’t like.

Obama said he wished Sony had “spoken to me first,” adding: “I would have told them, ‘Do not get into a pattern where you get intimidated by these criminal attacks.’ ” [Washington Post]

Well, depending on who you believe, maybe they did. Still, that’s a welcome change, coming from the President who asked YouTube to take down “The Innocence of Muslims,” and whose Justice Department hustled Nakoula Nakoula off to jail to appease the whooping loonies who dominate the Middle East’s political culture today. But not to worry–the CEO of Sony Pictures says he’s “considering some sort of release on the Internet.”

I’ve never been much of a George Clooney fan, but he’s one of the few people in Hollywood with the spine to stand against North Korea’s terrorism:

“We’re talking about an actual country deciding what content we’re going to have,” he told Deadline. “This affects not just movies, this affects every part of business that we have.”

“What happens if a newsroom decides to go with a story, and a country or an individual or corporation decides they don’t like it? Forget the hacking part of it. You have someone threaten to blow up buildings, and all of a sudden everybody has to bow down. [CNN]

Our attention now turns toward what President Obama will do. Let’s hope it exceeds my low expectations, and Pyongyang’s:

Even in my myopic world view, these attacks raise far weightier questions than what our North Korea policy should be. The President’s response must be enough to restore U.S. deterrence of North Korea, and the confidence of our artists, media, journalists, and lowly bloggers that our government will protect them from the world’s petty despots:

“We will respond proportionally,” Obama said, “and we will respond at a place and time that we choose.”

U.S. officials have made clear for several years that they have a range of diplomatic, economic, legal and military options at their disposal in response to cyberattacks. Those steps might include indicting individuals believed to be behind the attack, asking like-minded states to join in condemning the intrusion, and if North Korea persists, undertaking a covert action to dismantle the computer systems used in the operation. [Washington Post]

I’ve already written about what that response should include. One of those possible responses seems almost inevitable, now that Senator Bob Menendez has asked Secretary of State John Kerry to put North Korea back on the list of state sponsors of terrorism. It’s difficult to see how he could avoid doing that, given the destructive power of the attack, its chilling effect on free speech, and the extensive evidence that North Korea was already sponsoring terrorism even before this incident.

“The United States condemns North Korea for the cyber-attack targeting Sony Pictures Entertainment and the unacceptable threats against movie theaters and moviegoers,” he said in written statement.

“We encourage our allies and partners to stand with us as we defend the values of all of our people in the face of state-sponsored intimidation,” Kerry added.

Separately, State Department spokeswoman Jen Psaki said U.S. and Chinese officials had met in Washington and Beijing to discuss the issue, adding that: “Both China and the United States agree that conducting destructive attacks in cyberspace is outside the norms of appropriate cyber behavior.” [Yonhap]

As is customary among journalists, The New York Times and Reuters printed the standard-issue, off-the-record-senior-State-Department-official talking point that North Korea sanctions are maxed out, without bothering to read the sanctions. This talking point sometimes comes without any citation of authority whatsoever, and sometimes cites “experts” who appear not to have ever read a sanctions regulation. When I pointed out to these Bloomberg reporters that they’d cited a cybersecurity expert‘s analysis of a legal question–and that the analysis was wrong–I received a polite and interested reply, suggesting that the reporters genuinely intend to research the question. In the case of Reuters, in particular, the propagation of this false narrative is disappointing, because most of the Reuters reporters I follow check their facts painstakingly before publishing them.

The Wall Street Journal’s Jonathan Cheng and Jeyup Kwaak did a better job:

On the financial front, the U.S. has wide latitude to target the North’s financial capabilities and its links to the global banking system, says Joshua Stanton, a Washington, D.C. lawyer and blogger who has advised the U.S. House of Representatives’ Foreign Affairs Committee on North Korea sanctions legislation.

Mr. Stanton says the U.S. can designate the North’s banking system as a money-laundering concern, add the country back to a list of state sponsors of terrorism, and move toward blocking U.S. tourism to the North.

“Our North Korea sanctions are weaker than our Zimbabwe sanctions,” Mr. Stanton said in an interview. “All of the top officials in the government of Zimbabwe have their assets blocked, and none of the top officials in the government of North Korea do.” [….]

“The single biggest thing that we can do is to designate the country as a primary money-laundering concern,” Mr. Stanton says, which he says would block the regime from conducting dollar-denominated transactions through the U.S. financial system, as its institutions can now do.

“That would have a very big impact on North Korea–banks around the world are very reputation-conscious,” he says, and would shy away from conducting any transactions with institutions tied to Pyongyang.

Some defectors from North Korea say Pyongyang has learned from the Banco Delta Asia sanctions, and now keeps much of its money outside the traditional banking system, which could limit the impact of such a move.

Mr. Stanton also notes that U.S. sanctions list just 63 North Korean ships, companies and individuals, far fewer than those for Myanmar or Cuba. He also says that U.S. Congress could start moving legislation that would impose similar restrictions blocking U.S. citizens from traveling to North Korea and spending money. [Wall Street Journal, Jonathan Cheng and Jeyup S. Kwaak]

Bruce Klingner of the Heritage foundation was also battling against this myth:

Oh, and for the record:

A North Korean U.N. diplomat said Pyongyang had nothing to do with the cyber attack. “DPRK (North Korea) is not part of this,” the diplomat told Reuters on condition of anonymity. [Reuters]

I think I speak for all of humanity when I sincerely hope this isn’t all Barack Obama’s pretext to advance Joe Biden’s cryptic plot to dominate North Korea’s vast riches of coal, meth, and refugees.

One thing that seems far more likely today is that the House and Senate will make North Korea sanctions legislation a higher priority. Even before the FBI fingered North Korea for this attack, and before President Obama announced his outreach to Cuba, Senator Menendez introduced a sotto voce version of the North Korea Sanctions Enforcement Act, S. 3012. That bill is too weak to be worth passing in its current form, but it’s structurally similar enough to what the House passed last year that it should be viewed as a serious opening bid and a welcome step toward a good compromise.

A friend on the Hill told me yesterday that in terms of seizing Congress’s attention, the events of this week are the equivalent of “two or three nuke tests.” A Chinese Security Council veto of U.N. human rights sanctions–sanctions that were just recommended by the full General Assembly–should be the equivalent of another. At an exceptionally formative moment, Congress’s attention has been focused on North Korea. The administration is distinguishing North Korea from Cuba, is almost certainly considering new sanctions, and has probably just scrapped its plans for Agreed Framework 3.0. If a bipartisan, centrist consensus concludes that the agony of North Koreans is no longer a problem we can treat as remote and irrelevant, and that it’s time to discard the failed solution of appeasement, we will have reached an inflection point in our North Korea policy.

One avenue of response I hope the President won’t overlook is that information warfare works both ways. Certainly, carefully targeted sanctions can play an important part in defunding and disrupting the regime’s capacity to censor and oppress its people. Symbolically and practically, however, no response–not even sanctions–would do more to alter North Korea than to wage a quiet, non-violent war against its information blockade. It is difficult to imagine that despite all of America’s innovative potential, it still lacks the means to bring free speech to the people of North Korea, and to help them find their own way to rid themselves of the accursed men who tread them–and us–down.