Archive for Terrorism (NK)

RFA: North Korea tells overseas workers to attack journalists

Ever since the U.N. Commission of Inquiry issued its report last year, North Korea has been particularly sensitive to accusations of human rights violations. It shouldn’t surprise us that this sensitivity is especially keen when the scrutiny threatens to cut off a growing source of hard currency — its export of what amounts to slave labor to places like Russia, Malaysia, and Qatar. Press reports on the working conditions of these workers, and the regime’s spotty history of paying their (paltry) wages, have embarrassed the regime, embarrassed companies and governments that use North Korean labor, and sometimes, disrupted those arrangements.

Now, according to a new report from Radio Free Asia, Pyongyang is reacting to renewed media scrutiny of overseas North Korean laborers about like you’d expect Pyongyang to react to that:

“Particularly, when a foreign reporter or human rights activists tries to take a picture or film you, take the camera, camcorder or cell phone from them and smash it,” the document said, according to Do.

“They [North Korean workers] must physically smash them, but also they must pull out internal memory cards such as SD cards and then return the broken cameras or camcorders to their owners,” he said.

Workers are also directed to physically attack the journalists and investigators:

The action guide also instructs workers not to hesitate to respond with violence and to gang up on those trying to video or photograph them, he said.

“The action guide even includes a series of details: Do not kill, but inflict a blow or fracture until the person’s body is physically damaged,” Do said.

If a person apologizes while a North Korean is beating him, the North Korean must record his words with a video camera or cellphone and give the recording to the supervisor or manager of the work unit to which they belong, Do said.

“If North Korean workers block activities by preventing or beating a South Korean who is reporter or human rights activist, they will be evaluated according to their actions,” he said. “But if they don’t [follow the guidelines] and pictures or videos appear on the Internet or TV, they’ll be punished.” [RFA]

A caution is in order on the sourcing of the story: it’s attributed to an NGO, the Citizens’ Coalition for Human Rights of Abductees and North Korean Refugees (CHNK), citing “sources inside North Korea.” Although CHNK itself is a respected NGO, we’re in no position to evaluate the reliability and basis of knowledge of CHNK’s own anonymous sources.

If the report can be confirmed, it could have significant policy implications. It would amount to an order by the North Korean government to subnational groups to commit politically motivated violence against non-combatant citizens of other nations on foreign soil. In this case, Pyongyang’s political motivation is to suppress the work of journalists and NGOs, and to preempt policy discussions among governments. It’s far from the most egregious example of North Korean sponsorship of international terrorism — the direction to refrain from murder may even count as progress — but if these orders are attempted or carried out, they could meet the legal standard for the hate that dare not speak its name (at least in Foggy Bottom).

President Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. The Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” Discuss among yourselves.

~   ~   ~

Update: New Focus also reports that the regime has tightened controls on its expat workers in China:

As a basic rule, it is understood that all workers must move in groups of at least fifteen people. But furthermore, television viewing is strictly prohibited. This is because South Korean dramas play regularly on Chinese broadcasts. If any labourer is caught moving out of bounds, away from the workplace and watching television, they will be sent straight back to North Korea the next day.

Previously, North Korean overseas labourers were allowed some degree of freedom, even being able to leave the workplace, provided that they moved in groups of two or three. However, during the lead up to Kim Il Sung’s birthday celebrations, the rules have changed and controls have tightened significantly.

To conclude, it can be observed that the North Korean government, in an effort to raise hard currency, is increasing its export labour, and, in addition, tightening its grip on them, especially in light of foreign influences such as Hallyu (the Korean Wave). The North Korean government has clearly shown, once again, its concerns and fears regarding the threat of exposure to Western cultural influences.

Or, I would add, its fears regarding the threat of Western exposure to how North Korea treats its people.

60 Minutes on the Sony attacks

Gone were the inside-job theories, except that one expert, when asked, allows the bare possibility that an insider might have made the North Koreans’ work easier. Like the heads of the FBI and the NSA, all the experts 60 Minutes interviewed are convinced that North Korea was behind the attack.

Worse, the attack itself was not all that sophisticated, when compared to what the U.S. and other governments are capable of today. An equally unsophisticated attack would have taken out 80% of corporate networks. All it takes is for one user in the network to click on the wrong attachment or fake update. Only then will most companies realize how dependent they are on their networks.

The IT security experts acknowledge that hacking North Korea is futility itself. The only real deterrent is to go after the leadership and its revenue streams. The Obama administration has only pretended to do that.

Justice for Rev. Kim Dong Shik: Court orders N. Korea to pay $330M in damages

Asher Perlin, the lawyer who argued and won the case against North Korea at the Court of Appeals on behalf of Rev. Kim Dong Shik’s family, writes in to direct me to this news:

An Israeli NGO announced on Monday that a US federal court in Washington, DC has granted it a historic $330 million default award judgment against North Korea in a civil damages trial for wrongful death, torture and kidnapping.

The judgment, only announced Monday, but written on April 9, included $15 million dollars each to the son and brother of Reverend Dong Shik Kim, presumed dead, as well as $300 million in punitive damages. [Jerusalem Post]

In 2000, Rev. Kim was in China helping North Korean refugees who had escaped from their homeland. North Korean agents kidnapped Rev. Kim and dragged him across the border. He’s believed to have died of starvation at a North Korean military base near Pyongyang. In 2005, the South Koreans caught one of the kidnappers, charged him with Rev. Kim’s kidnapping, and convicted him of the crime.

In August 2013, a District Court found that the evidence was insufficient to prove that North Korea killed Rev. Kim after the North Koreans hustled him over the border (undoubtedly, under the noses of Chinese border guards) and dismissed the case. Kim’s family appealed, and last December, the Court of Appeals reversed the District Court.

Shurat Hadin Director Nitzana Darshan-Leitner said, “The district court was holding us to a standard that no family, who had a loved one kidnapped and murdered by an outlaw regime like North Korea could ever satisfy.”

“Virtually no one has ever returned from the camps and been able to testify about the fate of individual Korean prisoners. This is an important human rights decision that will be utilized in all political abduction cases going forward. We are proud that an Israeli NGO was able to assist this family of a Korean priest living in the US … during this holiday season.” 

The NGO also said that the US should re-add North Korea to the US State Department’s watch list, from which North Korea was removed in 2008 during a period of warming of relations.

Perlin said the court “sent a message that repressive regimes cannot exploit their repression to gain advantage in US courts.”

He added that “the fact that all witnesses were either murdered, imprisoned or are in grave fear of retaliation by the DPRK regime should not immunize North Korea from liability.”  [Jerusalem Post]

President Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. The Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” Discuss among yourselves.

Rev. Kim’s kidnapping is just one example of North Korea’s sponsorship of terrorism, along with multiple assassination attempts directed at defectors and dissidents, several shipments of weapons to Hamas and Hezbollah, threats against American moviegoers, and an attempt by North Korean hackers to cause malfunctions in the reactors of South Korean nuclear power plants.

The $330 million judgment now sits alongside $378 million awarded to the victims of the 1972 Lod Airport massacre (and their children), and $69 million to survivors of the U.S.S. Pueblo. That’s a total, so far, of $777 million in compensatory and punitive damages, but it’s not a grand total.

Last July, U.S. District Judge Royce Lamberth found North Korea provided training, technical assistance, and rocket components to Hezbollah, and held that the North Korean government was liable for the attacks. A Special Master is deciding and apportioning the damages North Korea owes to each plaintiff.

Now, the hunt begins for North Korean assets to levy to satisfy the judgment, which may be the more challenging part of the Kim family’s pursuit of justice. I wish Mr. Perlin good hunting.

With Sony in mind, Obama signs new cyberwar E.O., but will he enforce it?

On Wednesday, the President signed a new executive order authorizing sanctions against anyone the State and Treasury Departments decide has engaged in conduct we’d colloquially call cyberespionage, cyberwarfare, or cyberterrorism. The new categories of sanctionable conduct include —

(A) harming, or otherwise significantly compromising the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector;

(B) significantly compromising the provision of services by one or more entities in a critical infrastructure sector;

(C) causing a significant disruption to the availability of a computer or network of computers; or

(D) causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain. [link]

The E.O. also targets the theft of trade secrets and intellectual property, and in a novel provision, also authorizes the blocking of property of those who profit from those crimes. Deep breath now:

(A) to be responsible for or complicit in, or to have engaged in, the receipt or use for commercial or competitive advantage or private financial gain, or by a commercial entity, outside the United States of trade secrets misappropriated through cyber-enabled means, knowing they have been misappropriated, where the misappropriation of such trade secrets is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States; [link]

The order also contains standard (but crucial) clauses authorizing sanctions for assisting, sponsoring, facilitating, or attempting to commit those crimes. In a significant omission, it does not authorize sanctions against those who threaten to commit them.

For the most part, however, the new E.O. follows a well-worn path. It essentially does to certain cybercriminals and their enablers what Executive Order 13,224 does to terrorists and their enablers, or what Executive Order 13,382 does to proliferators and their enablers. The main substantive differences are the targeting of those who profit from the crimes, and a provision for the exclusion of aliens who are designated under the new order (something that Section 206 of the NKSEA would also do to enablers of North Korea’s illicit, prohibited, or sanctionable activities, including cyberwarfare).

In an accompanying Q&A and blog post, the White House names China, Russia, Iran, and North Korea as being responsible for the conduct the E.O. is meant to target. And yet the Obama Administration hasn’t designated anyone under this new executive order yet.

The program’s effectiveness will depend on its implementation, said Bruce Klingner, senior research fellow for Northeast Asia at the Heritage Foundation. On North Korea, for instance, he said that the administration “has pursued a policy of timid incrementalism — of talking a tough game, but not following through on its rhetoric.” [Washington Post, Ellen Nakashima]

And crucially, the Sony hackers operated more-or-less openly from Chinese soil, to no less an extent than the Taliban allowed Al Qaeda to operate from Afghan soil. What the law enforcement people will tell you is that to shut down that kind of behavior, you have to show the hosts and sponsors that you’re willing (even eager) to go after them, too.

But James A. Lewis, a cyberpolicy expert at the Center for Strategic and International Studies, said the new program is promising — especially as a tool to combat one of the nation’s top cyberthreats: economic espionage by China.

“You have to create a process to change the behavior of people who do cyber-economic espionage,” he said. “Some of that is to create a way to say it’s not penalty free. This is an effective penalty. So it moves them in the right direction.” [WaPo]

Both Klingner and Lewis are correct, but the early signs aren’t encouraging. The new E.O. does fill key gaps in our authorities against cyberespionage and the theft of intellectual property, and those things are doing great damage to our economy and our national security. But the absence of designations suggests that like E.O. 13,687, this may turn out to be another empty threat, at least until we have a president who’s tough-minded enough to protect our interests and our most fundamental freedoms from foreign threats.

In the case of Sony, for example, the Administration already had sufficient tools to sanction those responsible. The threats against “The Interview” moviegoers were clearly terrorism, and the administration could just as well have designated those responsible under Executive Order 13,224, or even charged them criminally under Chapter 113B of Title 18. So why didn’t it? Probably because that would have undermined the State Department’s flat-earth dogma that North Korea hasn’t sponsored an act of terrorism since 1987. North Korea’s December 2014 attacks against South Korean nuclear power plants, which were reportedly meant to cause a reactor malfunction, could also have been designated under E.O. 13,224, and if the evidence was strong enough, should have been.

It may be that the administration is as worried about Congress as it is about the North Koreans, and is trying to stay ahead of it and protect its own role. For example, the new Congress recently passed discretionary sanctions authorities against cyberespionage in Section 1637 of the Carl Levin and Howard P. “Buck” McKeon National Defense Authorization Act for Fiscal Year 2015. Section 104(a) of the NKSEA will also provide for mandatory sanctions against North Korean hackers, and Section 104(b) will provide for discretionary sanctions against their enablers.

Kim Jong Un’s censorship knows no limits or borders. To submit to it is to forfeit freedom.

If Kim Jong Un is weighing whether to answer leaflets from South Korea with artillery, it won’t discourage him that many on South Korea’s illiberal left have already begun to excuse him for it. Within this confused, transpatriated constituency, there is much “anxiety” lately about “inter-Korean tensions.” Those tensions have risen since North Korea has begun threatening to shell the North Korean defectors who send leaflets critical of Kim’s misrule across the DMZ. But then, any rational mind can see who is at fault when the object of non-violent criticism answers his critic’s threats with violence. Right?

10329169_908328475873426_6301317851756141996_n

[The Park Police should check those blankets for wet spots.]

I don’t suppose it occurred to these people to take their grievances and anxieties to the ones who are threatening war over non-violent expression. That would be the logical reaction if these people were really as concerned about “tension” as they were about acting as Kim Jong Un’s proxy censors. Their undisguised demand is that Seoul should censor — and that Washington should abstain from supporting — free expression, for the very reason that Pyongyang is threatening to shell civilian villages in response to it.

Dismiss this as the view of a lunatic fringe if you will, but not all of this lunacy is on the fringe.

For example, today is the fifth anniversary of North Korea’s premeditated and unprovoked sinking of the ROKS Cheonan, an act of war that killed 46 South Korean sailors. An international investigation team found that a torpedo fired from a North Korean submarine sank the Cheonan. Yet only yesterday, the head of the left-opposition New Politics Alliance for Democracy finally acknowledged that the North did it. For five years, conspiracy kooks and appeasers had enough influence within the NPAD to prevent it from giving the first small comfort of this acknowledgement to the souls of the dead and the hearts of the bereaved. The NPAD’s long, reprehensible silence speaks more loudly than its words.

And now, here is Jeong Se-Hyun, who headed the Committee for the Peaceful Reunification of the Fatherland Reunification Ministry under Kim Jong Il Roh Moo Hyun:

“The (South Korean) government claims the leaflet scattering is a matter of free expression, but such a slander on (North Korean leader) Kim Jong-un is something fatal to the North,” the former point man on the North said in a local symposium.

“If the Park Geun-hye administration wants to hold a meaningful inter-Korean dialogue during its term, it should send a sincere message that (Seoul) will acknowledge and respect (Pyongyang),” he noted. [Yonhap]

I could not answer this better than Shirley Lee did, in a series of three profound and cogent tweets:

With all this and more, it is laughably tragic that we who are free to think continue to think only within frames set by such a system.

Where each of its subjects living beyond its narrative must be despised and scorned, and those submitting to its frame to be praised.

We side with a brutal, inhumane, zero-sum system merely by siding with its frames, by not calling it out, forging and articulating our own.

Also, Jeong reveals too much here. If he really thinks that non-violent expression is “fatal,” he must believe that a few scattered scraps of paper have the potential to inspire the North Korean people to risk their lives to overthrow His Porcine Majesty. That, given half a chance, they’d hang him from a lamppost (and they should be sure it’s a very sturdy one). Jeong is a closet collapsist! Perhaps he could write me a guest post expanding on this.


Park Sang Hak – Hacking North Korea’s… by NORTHKOREATV

This week, Pyongyang’s proxy censors are especially afraid of Park Sang-Hak. Park is obviously under great pressure from both Korean governments, including the one that hasn’t yet tried to assassinate him. Just this week, Park has said that he would abstain from sending leaflets “for now,” and also vowed to send them “next week” despite the North’s threats.

Screen Shot 2015-03-26 at 6.46.48 AM

[This is a syringe, loaded with the poison neostigmine bromide. Agents of North Korea’s Reconnaissance General Bureau use them to assassinate dissidents and activists. One of them tried to kill Park Sang-Hak with this one.]

Incidentally — and please, stop me if you’ve read this somewhere — President George W. Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. The Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” Discuss among yourselves.

South Korea’s National Human Rights Commission has opined that Park’s activities are guaranteed under Universal Declaration of Human Rights. It might also have said that they’re protected under Article 21 of the South Korean Constitution. There is another party whose rights we shouldn’t forget, either. The North Korean people also have a right to receive information from across the no-smile line:

Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers. [Universal Declaration of Human Rights, Article 19]

Writing in The New York Times before the Sony attack and threat, Professor Lee and I took the moderate view that the South Korean government must honor these rights, but could still impose reasonable restrictions on the time, place, and manner in which Park sends his leaflets. After all, North Korea clearly has no regard for the lives of South or North Koreans. Perhaps, then, we should concede the prudence of asking the activists to send their leaflets from less populated areas, for the sake of those who live nearby. But then, this recent story caused me to wonder if we had conceded too much:

North Korea on Tuesday threatened to mercilessly punish South Korean activists for allegedly hurting the dignity of its young leader Kim Jong-un during a public demonstration, the latest in a series of harsh rhetoric against rival South Korea.

The latest threat came days after a conservative activist in Seoul trampled a photo of Kim and slashed it with a knife during a rally as others burned printed replicas of North Korean flags. [Yonhap]

In other words, North Korea is now threatening free assembly and expression in downtown Seoul. When you consider that Pyongyang has sent multiple assassins to Seoul and to China to murder dissidents there, no dissident should see this as an idle threat. It has also repeatedly threatened and cyber-attacked South Korean newspapers and broadcasters. It’s not as if Pyongyang has the standing to demand that anyone respect its (unconscionable, soul-crushing) laws when it shows such contempt for the South’s society and laws. No government that submits to such threats can call itself a democracy. The only appropriate response to this is unprintable on a blog with a PG-13 rating, and for most people, would be anatomically impossible.

Aside from the desire to police thought on the streets of Seoul, what other principled grievance might Pyongyang have? Might it have a principled objection to cross-border propaganda leafleting, based on some idea of mutual non-interference? Umm, no:

Screen Shot 2015-03-25 at 8.16.51 PM Screen Shot 2015-03-25 at 8.16.28 PM

In 1998, just after morning formation one day, a soldier friend found this outside the fence around Yongsan Garrison in Seoul and gave it to me. The Army told us to drop these things into special leaflet collection boxes, but who needs one of those cheap gift pens the ROK Defense Ministry hands out every year when you could have a souvenir like this? (Sorry for the wrinkles. Sweaty PT uniforms do that.)

Is it North Korea’s principled position that it’s an act of war to fly physical objects across the DMZ? I doubt that, too.

In any event, if the objection to balloons is that they’re a physical intrusion — notwithstanding their obvious non-violence — then the South Korean and U.S. governments should expand their support for Radio Free North Korea and Open Radio. South Korea should also let them broadcast on medium wave. Pyongyang and Seoul both broadcast to each other now, although on a limited scale.

~   ~   ~

The odds are greater than ever that someone who shares Jeong’s world view will be the next President of South Korea. In fact, given the healthy tendency of voters to tire of any extended rule by a single party, I’d assess them slightly higher than that. If Jeong speaks for a majority of South Koreans, South Korea won’t remain a free and open society for long. It was barely a free and open society when Roh Moo-Hyun was in charge. Let’s not forget that last year, the NPAD proposed to regulate (read: ban) cross-border leafleting. Does anyone expect North Korea to be more respectful of free expression in the South now that it’s at the verge of nuclear breakout? It wouldn’t be unprecedented for an appeasement-minded government in Seoul to add the in terrorem effect of arrests and tax audits to this.

The question here is nothing less than whether South Korea has the courage and reason to remain a free society. If it does, we should give South Korea our support. If not, just remember that Pyongyang’s demands have no borders or limits. Accede to one and there will be another. As a wise man said,

“We cannot have a society in which some dictator someplace can start imposing censorship here in the United States. If somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary they don’t like, or news reports they don’t like.”

Last year, Kim Jong Un effectively extended the reach of his censorship to the United States, not only by preventing theaters from screening a film critical of him, but also by preventing Hollywood studios from making any more of them. By my count, in the last year, Pyongyang has attempted to extent the writ of its censorship — with some success — to Seoul, Tokyo, Berlin, London, Rangoon, Paris, and an academic conference in downtown Washington, D.C. It is also suspected of a cyberattack against The Washington Post. Several years ago, someone hacked this very site.

Of course, South Korea doesn’t have to remain a free society, any more than the United States has to keep 28,500 soldiers and airmen there. Regardless of what kind of society South Korea chooses to be, the United States would still have interests in maintaining friendly relations and trade with it. It’s just that the world is descending into madness at the moment, and we’ve become more particular about who and what we’re willing to die for.

There are two possible lessons here, depending on the path taken in Seoul, Washington, and the world’s other capitals.

The first is that terrorism works when governments are more willing to yield to it than to stand up to it and protect free expression.

The second may not be the one that Pyongyang hoped for: that Pyongyang sounds as afraid of free expression as it is of sanctions. Something here has nipped an especially sensitive nerve in the tender man-bosoms of His Porcine Majesty. Where there is upset, there is also a deterrent. Perhaps Pentagon planners should explore the “soft” power of free expression, not only as a tool to transform North Korean society, but to deter North Korean provocations. An extended deployment of Commando Solo may be just the thing to deter a fourth nuclear test. Perhaps free speech isn’t the problem at all. Perhaps it’s an important part of the solution.

How Barack Obama let Kim Jong Un get away with censoring and terrorizing America (updated)

Last December, after the FBI and the National Security Agency  concluded that North Korea’s Unit 121 had hacked Sony Pictures and threatened the Americans who wanted to see “The Interview,” President Obama publicly accused North Korea of the cyberattack and threat, and promised a “proportional response” to it. On January 2nd, the President signed a new executive order whose potential was sweeping, but whose actual effect was “symbolic at best.” In practice, the designations under the new executive order amounted to whack-a-mole sanctions against ten small-time arms dealers, who were probably replaced by ten other small-time arms dealers within weeks.

Is that all? Maybe not. If you believe Rep. Michael McCaul, the President also directed the intelligence community to take down North Korea’s internet for a few days. The Director of the CIA, who seems rather desperately to want to deny the story, nevertheless stuck to the CIA’s customary neither-confirm-nor-deny line — sometimes called a “Glomar” response — which will be read in most places, including Pyongyang, as, “So they did it.”

Had this been the act of a band of angry nerds in Guy Fawkes masks (and by the way, about those masks), most people would have applauded it. I still hope that it was. As the act of a great power that once treasured and defended the free expression of its people with all of its might, no word would describe this better than “chickenshit.” It suggests that angry nerds in Guy Fawkes masks have been put in charge of defending the lives, liberty, and security of the world’s greatest power with a mighty arsenal of college pranks. What’s next, flaming dog poop on the doorstep of North Korea’s U.N. mission? It’s hard to see how this will deter future North Korean attacks; after all, the internet is about as vital to North Korea as a subway system is to North Dakota.

In the United States, freedom of expression is not only the foundation of our system of government — of what makes us America — it is also the foundation of what those who shrink from the use of hard power call “soft power.” It is difficult to measure the damage our freedom of expression has suffered in just the last three months alone, but the cyberattack caused Sony Pictures to cancel the release of a major film just before the holidays, and a second studio, New Regency, also announced that it would scrap a second film about North Korea.

In a very real way, the world’s most oppressive system of government has extended the reach of its censorship to our society, and our government acts as if it is impotent to react to this. When one considers the very real legal and safety risks attendant to engaging in what the most extreme adherents of Islam call “blasphemy” today, one strains to argue that the United States is as free today as it was five years ago. If only there were a man whose duties and authorities consisted of preserving, protecting, and defending the Constitution of the United States.

~   ~   ~

Knowing, as history has taught us, that finance is the only North Korean vulnerability the United States has ever exploited successfully, smarter people are following the money. No one should be following North Korea’s money more closely than Adam Szubin, the head of the Treasury Department’s Office of Foreign Assets Control (Szubin is also the Acting Treasury Undersecretary for Terrorism and Financial Intelligence because his predecessor, David Cohen, has been picked to be the new CIA Director. That should tell you everything about the importance of financial intelligence in U.S. foreign policy today.) This week, Szubin delivered a speech to a trade group in Florida, where he talked about the Obama Administration’s sanctions enforcement priorities:

We are imposing costs on Russia for its brazen violation of core international principles.  We are working to deprive ISIL of the financial means to terrorize the people of Iraq and Syria and spread its warped ideology.  We are keeping up the pressure on Iran while we seek a diplomatic means of ensuring that it will not acquire a nuclear weapon. [Treasury Dep’t Press Release]

By now, you’ve noticed a glaring omission from the list — the only state counterfeiter of the U.S. dollar. One of two nations (Iran being the other) singled out for countermeasures by the Financial Action Task Force. The only nation to have successfully suppressed freedom of expression in the United States by directing its clandestine agents to make a terrorist threat against the American people, in their own country. And as of this week, the only nation to have sponsored a cyberattack against multiple nuclear power plants, an attack that the South Korean government claims was intended to cause a reactor malfunction.

Where it matters — on the financial front — North Korea is a blind spot for the Obama Administration. You can see this manifested in a variety of ways. In this paper, I explained the general weakness of the sanctions authorities in place against North Korea, the relatively small number of North Korean entities designated for the blocking of their dollar-denominated assets, and the relatively low level of the entities designated. This matters, because as the U.N. Panel of Experts recently confirmed, North Korea still relies heavily on the dollar system to violate U.N. Security Council sanctions. Yet you’ll have to search far and wide for any evidence that Treasury has enforced even those sanctions against the banks that help North Korea finance itself, violate U.N. Security Council resolutions, break our laws, and suppress our fundamental freedoms, all by using our own financial institutions.

Last year, for example, the Treasury Department entered into the largest settlement of a potential sanctions penalty in its history, when the French parastatal bank BNP Paribas agreed to pay nearly $1 billion for stripping data out of records of transactions to evade sanctions. Sanctions against whom, you ask?

For instance, a Sudanese bank seeking to move U.S. dollars out of Sudan transferred funds internally within a BNP satellite bank, which then transferred the money to the Sudanese bank’s “intended beneficiary” without reference to the Sudanese bank.

BNP Paribas agreed with sanctioned entities “not to mention their names in U.S. dollar transactions,” and included explicit instructions to bank personnel, such as “! Payment in $ to [French Bank 1] without mentioning Sudan to N.Y.!!!” [….]

According to New York regulators, the scope of the violations was much larger. DFS said from 2002 to 2012, BNP Paribas provided more than $190 billion of dollar-clearing services for Sudanese, Iranian and Cuban parties.

Under orders from “high levels of the Bank’s group management,” BNP Paribas engaged in a “systematic practice…of removing or omitting Sudanese, Iranian or Cuban information” from U.S. dollar-denominated transactions with the purpose of avoiding disclosure “to any potential investigatory authorities,” according to the DFS document. [Wall Street Journal]

Once again, North Korea is absent from the list. Even after the BNP Paribas settlement, Treasury continued to investigate “at least six banks in Germany, France, Italy or Japan” for violating sanctions against “Iran, Sudan, Cuba or other nations hit with U.S. sanctions.” Although North Korea wasn’t one of the principal targets of that investigation, the article gave reason to hope that there would be at least one enforcement action against a bank this year. It linked to this 2014 report by Germany’s Commerzbank, revealing that the bank was under investigation for possible sanctions violations involving North Korea. That probably means that Commerzbank was suspected of dealing with the Foreign Trade Bank or Daedong Credit Bank, the only two North Korean banks of significance that have been designated by Treasury’s Office of Foreign Assets Control.

Months passed with no word of any enforcement action against Commerzbank. Then, last week, Treasury issued a press statement confirming the outcome of its investigation: Commerzbank signed a settlement with OFAC, agreeing to pay $258,660,796 for “apparent” violations of sanctions on Iran, Sudan, Burma, Cuba. What about North Korea? To be fair, OFAC also suspected Commerzbank of violating Executive Order 13,382, “Blocking Property of Weapons of Mass Destruction Proliferators and Their Supporters,” which is the authority for approximately half of the North Korean designations. Yet no North Korean entities are mentioned in the settlement agreement, which explains Commerzbank’s alleged violations in detail. Here’s Treasury’s summary of how Commerzbank did it:

Those practices included deleting or omitting references to Iranian financial institutions and replacing the originating bank information with Commerzbank’s name from payment messages sent to U.S. financial institutions.  Commerzbank also created a process to route payments involving Iranian counterparties to a payment queue requiring manual processing by bank employees rather than routine, automated processing.  Commerzbank utilized these practices in 1,596 financial transactions routed to or through banks in the United States between 2005 and 2010….

As is customary, Commerzbank denied any wrongdoing in the settlement agreement. The report does have one bright spot — It also notes that “Deutsche Bank, Germany’s largest bank, has said it stopped doing new business with Iran, Syria, Sudan and North Korea in 2007.”

It’s worth clarifying that the Treasury Department isn’t the problem here. Szubin is regarded by congressional staffers of both parties as a highly competent bureaucrat and technocrat. The problem is that his remarks reflect the priorities of the president he serves. For the same reasons, the OFAC staff aren’t the problem, either; when sufficiently resourced, they do their jobs very well. The problem is at the top — the President hasn’t made it a priority or dedicated sufficient resources to the problem, most likely because the State Department has persuaded the President to slow-walk sanctions enforcement. The result is that the President keeps the sweep of the sanctions narrow, barely enforces the sanctions that are in effect, and pays token attention to violations and offenses he absolutely can’t ignore.

That abstention from responsibility is now threatening the most fundamental freedoms of the American people, the safety of the South Korean people, the integrity of the U.N. Security Council’s sanctions, and the entire global nonproliferation system. North Korea has made it clear that its system of government and ours cannot coexist. The very least we should do is less of what we’re doing now to help North Korean fascism to continue to exist.

~   ~   ~

If you believe the anonymous U.S. government sources who talked to the Daily Beast, we didn’t knock KCNA down, but we did something else. The sources won’t say what, and more importantly, it’s hard to tell if these sources are high enough in their own organizations to understand the full picture of what various other agencies were up to.

On Tuesday, the online news outlet Daily Beast cited unidentified sources with knowledge of the U.S. government cyber-operations against North as saying that the operations were “designed to send a message that North Korean officials weren’t beyond the reach of the American government.”

The U.S. operations took place before the blackout, but the takedown itself was not the result of those operations, the sources were quoted as saying. The report also said independent hackers have claimed they are the ones that took the North offline.

Former U.S. intelligence officials were also quoted as saying that the American government would hesitate to take down the North’s entire network because it would cut intelligence agencies off from the cyber-spying they were doing inside North Korea. [Yonhap]

You can read the Daily Beast report here.

Investigators: N. Korean hackers tried to cause reactor malfunction

Earlier this week, I posted on South Korean investigators’ conclusion that North Korea was behind the hacking of several South Korean nuclear power plants, but that the attacks caused no operational impact. Evidently, that wasn’t for lack of effort:

The team of South Koreans investigating the incident says the hackers tried to cause a malfunction at the reactors, which supply around 30% of the country’s electricity, but failed to break through the control systems. [Sky News]

See also this report from AFP.

The Unification Ministry called the attack “cyber-terror” and accused Pyongyang of “taking the life and safety of our people as a hostage.” And if what the investigators say is true, this would be the first serious attempt at nuclear terrorism that I’m aware of.

Honestly, I can’t believe this isn’t a much, much bigger story than it is. It should be as big a story as any of the attacks in 2010. Either someone at the Unification Ministry is hyping this (and I really don’t see the incentive for that) or someone else in the Korean government is downplaying the scope of the attack to avoid political responsibility for lax nuclear security (and if you still remember the Sewol Ferry, you can certainly see the incentive for that).

South Korea blames North Korea for hacking nuke plants

Let the conspiracy theories commence at Naver, Minjok Tongshin, and MissyUSA, in 3, 2, 1 ….

South Korean prosecutors on Tuesday blamed North Korea for cyber attacks against the country’s nuclear reactor operator last December, based upon its investigation into Internet addresses used in the hacking.

The conclusion comes less than a week after a hacker believed to be behind the cyber attacks on Korea Hydro and Nuclear Power Co Ltd released more files on Twitter that are believed to have been taken in December. The investigation included last week’s leak of a blueprint and test data.

“The malicious codes used for the nuclear operator hacking were the same in composition and working methods as the so-called ‘kimsuky’ that North Korean hackers use,” a statement from Seoul central prosecutors’ office said. [Reuters]

President Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. The Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” Discuss among yourselves.

Ironically, this story has received little attention thus far because when it came out last December, the Sony hacks crowded it off page one. According to the initial reports at that time, the hackers used malware, possibly introduced through social engineering attacks, to gain access to the systems of South Korea’s Korea Hydro and Nuclear Power Corporation.

According to the The Joongang Ilbo, “The hackers’ group threatened that the three nuclear reactors in Gori and Wolseong must be shut down by Christmas or they would reveal more files and carry out a second attack,” and threatened that “[i]t will be a Fukushima.”

The hackers, posing as anti-nuclear hacktivists, then released blueprints for multiple South Korean nuclear power plants online. Korea Hydro has said that the attacks did not affect the plants’ operating systems.

South Korean government investigators traced the attack to Shenyang, a wretched hive of scum and villainy favored by North Korean hackers, but which is not otherwise renowned for its feisty tradition of pushing the boundaries of free expression.

At the time, Justice Minister Hwang Kyo-Ahn told the South Korean National Assembly that authorities were investigating suspicions that North Korea may have been behind the attack, but an official from the investigation team said, “We cannot confirm nor deny the North’s involvement in the case.”

After this, the story went cold again for months. Then, on March 12th, the hackers had made a fresh demand for extortion money:

Using an account under the name of the president of an anti-nuclear group in Hawaii, the hacker posted additional files on Twitter, which reportedly included documents concerning the country’s indigenous advanced power reactor 1400.

“Need money. Only need to meet some demands… Many countries from Northern Europe, Southeast Asia and South America are saying they will buy nuclear reactor information. Fear selling the entire information will undermine President Park (Geun-hye)’s efforts to export nuclear reactors,” the posting said.

The hacker did not say how much money he wanted but warned that South Korea will end up losing much more if it tries to save a few hundreds of millions of dollars. [Yonhap]

The circumstances would suggest that this latest communication provided new evidence of the North’s involvement, although the reports do not say so.

Now, armed with evidence of North Korea’s culpability, let’s parse the definition of terrorism in the Foreign Relations Authorization Act (you can parse other definitions here and here). That statute defines “terrorism” as “premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents.” Premeditated? Obviously. Politically motivated? Although the ostensible purposes of the attacks were to disrupt infrastructure, get ransom money, and generally scare the soondae out of South Korea’s civilian population, the very fact of North Korea’s culpability suggests a political motivation. The link to President Park and export revenue is also evidence of one, as is the group’s release of “the transcript of a telephone conversation between President Park and the U.N. chief, Ban Ki-moon, on Jan. 1.” Korea Hydro is a noncombatant target, and the attack was perpetrated by Unit 121, which reports to the Reconnaissance General Bureau, a clandestine agency.

The main problem with calling this terrorism is the absence of an act of violence. Still, there is ample precedent for the State Department considering threats of violence (“It will be a Fukushima”) to be acts of terrorism in its annual Country Reports on Terrorism. For example, State’s 2013 “Country Reports” cites a threat by an anarchist group to poison soft drinks, the conviction by a Norwegian court of an Ansar-al-Islam leader for “issuing threats and intimidating witnesses,” a bomb threat by Aum Shinrikyo, a death threat by Harakat-al-Mujaheddin, a threat by Jaish-e-Mohammed against an Indian politician, and threats by the Jewish extremist organization Kahane Chai.

The State Department has also cited threats by state actors, including a threat by Iran against Saudi Arabia (1989), Iraqi threats against Saudi interests (1990), Iranian threats that participants in the Middle East peace process would “suffer the wrath of nation” (1991), Libyan threats to support extremists in neighboring countries (1993), Libyan threats against dissidents abroad (1994, 1997, and 1998), and alleged attempts by the former Iraqi regime to intimidate dissidents abroad (2000 and 2002).

The Immigration and Nationality Act’s definition of “terrorist activity” includes threats, and the Criminal Code’s chapter on terrorism also makes threats punishable. Thus, the omission of threats from the FRAA definition appears to be a drafting oversight, and State treats it accordingly. Although the cyberattacks against Korea Hydro, by themselves, probably do not qualify as terrorism, the threat to make the plants “like Fukushima” would meet the standard, to the same extent as the threats against audiences for “The Interview” would.

For more information on what re-listing North Korea as a state sponsor of terrorism would actually do, see this post.

It’s concerning to see North Korea’s threats escalate to this level. Much like the attacks of 2010, hacking nuclear power plants goes a step beyond what I’d have thought even North Korea to be capable of. It’s more evidence of Kim Jong Un’s impulsive and violent nature. It’s more evidence that ignoring North Korea isn’t working. Just as clearly, appeasing them didn’t work, either. Four months after President Obama promised a “proportional” response to North Korea’s terrorist threats against American moviegoers, he has still failed to deliver on that promise. North Korea has drawn the obvious conclusion.

~   ~   ~

Update: Yonhap’s take, and North Korea’s predictable reaction.

N. Korea calls for S. Koreans to join “patriotic struggle to check and foil the U.S. imperialists.”

Following North Korea’s post-hoc support for the slashing of U.S. Ambassador Mark Lippert, my two main questions where (1) whether the North had a role in inciting the attack (for which I’ve seen no direct evidence thus far); and (2) whether the North is calling for more violent anti-American attacks.

KCNA’s latest helps us answer the latter question in the affirmative. It isn’t specific about its favored methods of “patriotic struggle,” although its recent approval of the slashing of diplomats should give you a fairly good idea.

Full text below the fold.

Read more

Roh Moo Hyun’s ex-campaign manager just hates it when politicians exploit tragic isolated incidents

The good news is that Ambassador Mark Lippert has been released from the hospital, and is recovering well.

¹àÀº Ç¥Á¤À¸·Î Åð¿øÇÏ´Â ¸¶Å© ¸®ÆÛÆ® ÁÖÇÑ ¹Ì ´ë»ç

[Joongang Ilbo]

Give the South Koreans credit for making lemonade from lemons — the news coverage here has been filled with images of well-wishers greeting Lippert, or expressing regret for the attack on him. The greetings look both staged and sincere,* but because of that reaction, most Americans will see Kim Ki-Jong as one small turd in a vast, sweet, fizzy bowl of gachi gapshida.

lippert 2

I’m not sure I quite agree with that image now, and I certainly wouldn’t have agreed with it nine years ago. In today’s environment, however, I’d guess that Kim’s actions, Lippert’s obvious gift for public diplomacy, and the imagery of the pro-American reaction will shift public opinion in a more anti-anti-American direction, at least until something shifts it back. But as we’ll also see in a moment, the reactions of other Koreans seem oddly conflicted.

Lippert’s assailant, Kim Ki-Jong, has been charged with attempted murder. The Men in Blue have established that Kim visited North Korea not six, not eight, but seven times between 1999 and 2007. Which does raise a rather obvious question:

“We are investigating whether there is any connection between the suspect’s visits to North Korea and the crime committed against the U.S. ambassador,” Yoon Myeong-seong, chief of police in Seoul’s central Jongno district, told reporters. [Reuters]

It’s hard for me to believe that North Korea ordered a hit on the U.S. Ambassador, but then, I never thought they’d order a hit on a South Korean warship or build a nuclear reactor in Syria, either (or get away with both of those things, but I digress). It’s still the sort of thing you expect the police to investigate when someone slashes a foreign ambassador, especially when the assailant’s preferred country-of-destination publicly approves of the attack.

The police are doing a forensic analysis of Kim’s hard drive, and looking at what his phone and financial records say about any accomplices or foreign sponsorship. They’re also going through his library, and have concluded — to the astonishment of no one with any sense at all — that it has some pro-North Korean content.

Ordinarily, I wouldn’t want the police to investigate a man’s political views. I don’t believe it should be illegal to hold any political belief, but as we’ve established, Kim Ki-Jong fits the American legal definition of a terrorist, and the motives of a terrorist have to be probative of something in a criminal investigation. Not that there should be much question, based on Kim’s words, actions, target, and timing, that Kim was a North Korean sympathizer. Right?

Opposition leader Moon said that he expressed his appreciation to Lippert as his calmness and online messages helped the alliance remain on a firm footing.

“I believe Lippert’s attitude helps enhance the alliance, but if this incident is politically used (by the ruling party), which claims pro-North Korean followers are behind it, such a move will rather hurt the Seoul-Washington ties,” Moon said. [….]

The liberal NPAD says the attack was an “isolated incident” committed by an extremist nationalist, urging the Saenuri Party not to use the case politically. [Yonhap]

That’s right. Roh Moo Hyun’s former campaign manager and successor party earnestly hope that conniving politicians won’t exploit emotions arising from a tragic-yet-isolated incident for political gain.

_38523663_restaurant300ap

360_southkorea_0118

koreans_ripping_apart_american_flags_2002_protests

Because that could hurt the alliance. Nice of him to warn us about that.

angry-koreans-protests-demonstrations-08

Also, does anyone else see anything off about Moon passing judgment on the attitude of the guy who just had 80 stitches? Couldn’t he have at least waited for Lippert to come home from the hospital before deconstructing the sensitivity of his tweets? In what sense is “the alliance” responsible for Korean politicians doing what politicians do? And why, by contrast, is Moon so rigidly non-judgmental about Kim Ki-Jong’s motives? He isn’t even waiting for the police to finish their investigation to rule out the McCarthyist smear that Kim Ki-Jong, who slashed the face of the American Ambassador while shouting, “The two Koreas must be reunified!” and protesting joint military exercises, might just maybe have been a North Korean sympathizer.

With this risible statement, Moon not only opened the door to rebuttal about Kim’s views, he opened the door to questions about his own grasp of reality.

Before you get too worried that Moon’s election to the presidency would be the second coming of Roh Moo-Hyun, at least take comfort in the fact that it would be a terrific opportunity to withdraw two brigades from South Korea and put the OPCON handover on a six-month timetable. And if you think hard enough about the insecurity and dependency from which Moon’s attitudes grow, you’ll start to see why that would be a healthy thing for South Korea’s sense of nationhood, self-reliance, and sense of responsibility for its own policies. I’d prefer to see our alliance with Korea become more like our alliance with Israel.

Oh, and since Kim Ki-Jong lawyered up, he now denies having ever been to North Korea, that (in Reuters’s phrasing) his actions were “connected in any way with North Korea,” or that he intended to kill Lippert. Not that I have any great interest in the success of Kim Ki-Jong’s legal defense, but it’s a hard thing to stand by and watch legal malpractice. So, as a man with some experience defending criminal suspects, I’ll offer this gratis consultation to Mr. Kim’s lawyer: get your client under control and shut him the f**k up.

Below the fold, for your enjoyment, I’ve posted excerpts from the delectable inter-Korean dialogue that has broken out over the question of whether slashing Ambassador Lippert’s face was the moral equivalent of Korean patriots resisting the Japanese occupation. (Yes, Pyongyang is doubling down on that one.) I can’t imagine that in the 1930s, a popularly elected Korean government (had one existed) would have lobbied Tokyo to stall the transfer of OPCON back to Seoul. I see that Marcus Noland also found that analogy objectionableWhat I did not see is where Moon Jae-in did. Anyone?

~   ~   ~

* A regular reader, based in Seoul, and with strong connections to conservative groups there, writes in to say that the pro-Lippert demonstration shown in this photo was not staged by the Korean government, and describes the organizer as “a grass-roots, pro-US conservative” woman.

Read more

N. Korea’s support for slashing of U.S. Amb’r might be state sponsorship of terrorism

Yonhap and The Washington Post are reporting that North Korea’s official “news” agency, the Korean Central News Agency or KCNA, has expressed its support for an extremist’s slashing of U.S. Ambassador Mark Lippert yesterday, calling it “a just punishment.” You won’t find those words in the English version of KCNA’s report, whose headline is a dry, “U.S. Ambassador Attacked by S. Korean,” although you will see that KCNA spelled the Ambassador’s name “Report.” The Korean-language headline of the same article, however, translates to something like, “Act of just punishment for war-crazy America.” Here’s a screenshot of the original Korean.

Screen Shot 2015-03-05 at 10.19.25 AM

KCNA has as bad a reputation for malware infections as Tijuana has for infections of other kinds, but if you’re willing to risk it, here’s a link. You’ve been warned.

The linguistic disparity looks like another case of KCNA code-switching for Korean- and English-speaking readers, in the same way it chose not to translate its most racist attack on President Obama. KCNA must assume that English speakers won’t notice, and that Korean speakers won’t care (which says a lot about what kind of Korea KCNA believes in). I’ve pasted the full English-version KCNA article below the fold. Here are some excerpts:

Kim Ki Jong, representative of the Uri Madang, a civic organization demanding peace against war, suddenly stormed with a knife Mark, shouting the south and the north must be reunified and he is opposed to a war. [….]

He didn’t stop shouting slogans opposing war and the U.S.-south Korea joint military exercises, being walked away by police.

Because you can’t really say you love peace unless you’ve slashed a diplomat’s face for it.

KBS, CBS, MBC and other broadcasting services of south Korea reported the news, screening Mark shedding blood from his face and wrist. The AP and other foreign news agencies promptly aired the breaking news.

This is my cue to remind you that the AP is a business partner of KCNA, through two memoranda of agreement that the AP refuses to disclose. According to leaked drafts, however, the AP agreed to “serve the purpose of the coverage and worldwide distribution of policies of the Worker’s Party of Korea and the DPRK government.”

CNN, quoting south Korean media as reporting Kim was opposed to the joint military exercises, said that his remarks were prompted by his anti-American feelings.

The puppet police are strictly guarding U.S.-related facilities allegedly to cope with emergency.

The recent case amid mounting anti-Americanism reflects the mindset of south Korean people censuring the U.S. for bringing the danger of a war to the Korean peninsula through the madcap saber-rattling. -0-

President Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. The Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” Discuss among yourselves.

~   ~   ~

Ambassador Lippert’s wounds were ghastly:

Surgeon Jung Nam-sik of Yonsei University Hospital, speaking at a televised briefing, said 80 stitches were needed to repair Lippert’s facial wound, which was more than four inches long and one inch deep. The cut did not affect his nerves or salivary gland, the surgeon said. Lippert also suffered significant knife wounds to his left wrist while apparently struggling to push off his assailant.

The ambassador is expected to be able to use his hand after four weeks of treatment, but due to tendon damage, a more complete recovery will take longer because of the loss of sensation in his little finger, his doctors said. [N.Y. Times]

According to the doctors, “it will take several months for Mr. Lippert to recover full use of his injured fingers.” If there’s anything fortunate about this ugly incident, it’s the fact that it happened in the world’s plastic surgery capital. It’s never a good thing to have your face slashed by a knife-wielding extremist, but if it happens, there’s no better place to get reconstructive surgery than Seoul. The attack must have been horrifying for Lippert and his wife. That Pyongyang would support this openly tells you plenty about its easy, casual embrace of crimes that cause human suffering.

The attack will mean the end of Lippert’s brave walks through Seoul without bodyguards, but if anyone in the State Department reads this, I hope they’ll encourage the Ambassador to go right back onto the streets, scars and all — with bodyguards — as a vivid reminder of what Kim Ki-Jong’s ideology stands for. As soon as he feels well enough, of course.

Kim sounds like the sort of left-nationalist whose ideology was at its apex when I was in Korea, as I described it in my congressional testimony years ago. That sentiment has since ebbed, although latent extremism is a hard thing to poll. South Korea wants us to see this as an isolated incident, which, strictly speaking, it is today.

Kim Ki Jong

[Kim Ki-Jong at a protest at the U.S. Embassy in Seoul, one year ago]

That wasn’t always the case. In 1989, left-nationalist thugs occupied U.S. Ambassador Donald Gregg’s residence, occupied the U.S. Information Service building in Seoul, and tried to burn down the U.S. Cultural Center in Gwangju. In 2006, others blocked former Ambassador Sandy Vershbow from going to an interview.

There is a small-but-significant constituency in South Korea that agrees with Kim Ki-Jong’s sentiment, if not necessarily his methods. Some commenters at the far-left, U.S.-based Minjok Tongshin are expressing their support for the attack. (Yes, I’m assuming that some of them are South Koreans.) One even compares Kim Ki-Jong to Yun Bong-Gil, who orchestrated an anti-Japanese bombing in 1932, and who is considered a national hero in South Korea. The intersection of nationalism and socialism is an especially ugly place.

Other commenters disagree with Kim’s violent methods. Overall, the vast majority of Koreans will be repelled by the attack.

~   ~   ~

Having established that the reports of North Korea’s support for the attack are accurate, let’s examine the legal significance of that support. Under Section 6(j) of the Export Administration Act, the Secretary of State may designate a state as a sponsor of terrorism if he finds that the state has “repeatedly provide[d] support for acts of international terrorism.” There are no authoritative definitions of “support” or “international terrorism” for purposes of a SSOT listing, but we can get a good idea of what those words mean from the various definitions of “terrorism” scattered around the U.S. Code, and in the case of “support,” from other, less authoritative sources.

We’ll take the simpler question first. Was the attack international terrorism? Based on the facts reported so far, pretty clearly so. It was a premeditated, violent, politically motivated attack by the head of a violent, extremist subnational group (it calls itself Uri Madang) against a noncombatant target. The attacker knew where and when Lippert would be speaking and may have had a hand in inviting him to breakfast. His political motive was to protest annual U.S.-Korean military exercises. Targeting an ambassador makes the attack international terrorism. As such, it would meet the definitions at 22 U.S.C. 2656f and in the Criminal Code, at 18 U.S.C. 2331(1). It would also meet the definition of “terrorist activity” in the Immigration and Nationality Act, which is the definition the State Department uses to designate Foreign Terrorist Organizations.

Also, Kim reportedly told the police, “Today I committed a terrorist act.” So there’s that.

The question of “support” is the harder one. Although KCNA’s statement certainly fits one plain-usage meaning of “support,” as far as we know, the support was only post-hoc, verbal support. There’s no evidence that KCNA has ever referred to Kim Ki-Jong or “Uri Madang,” the group he led before today. On the other hand, Kim had visited North Korea six times, which is pretty rare for South Koreans who aren’t involved in some kind of cross-border business venture. Kim even tried to build a Kim Jong-Il* monument in Seoul. It seems unlikely that the North Koreans could have failed to take an interest in him by his third visit, but that’s just my speculation.

By itself, KCNA’s statement of support doesn’t prove that North Korea encouraged, facilitated, or planned the attack. But what does “support” mean, legally? The answer isn’t clear. There are only two places where anyone wrote anything in official sources approximating a definition. One of them is a (non-binding) 1989 congressional report, quoted here. That report lists some categories of conduct that would qualify, including providing materials, money, training, sanctuary, or planning or directing attacks. KCNA’s post-hoc verbal support isn’t any of those things, but that list isn’t exclusive.

A more authoritative source is this section of the Foreign Relations Authorization Act for Fiscal Years 1988 and 1989 (the same section that defines “international terrorism,” as codified in Title 22). It doesn’t, strictly speaking, define “support” — no statute does that — but it does describe conduct that the State Department is required to report in its in annual Country Reports on Terrorism. That conduct includes political support. That suggests Congress wanted State to consider conduct that falls short of material support, but which nonetheless encourages terrorism. And a fair reading of KCNA’s reaction to the attack on Ambassador Lippert would be, “More like this, please.”

Did the North Koreans say anything before the attack that could be viewed as inciting it? Well, read this and this from Pyongyang’s Rodong Sinmun from a few days ago and ask yourself how Kim Ki-Jong would have interpreted it. For example:

The whole Korean nation and the peace-loving people all over the world are required to resolutely check and frustrate the anti-DPRK nuclear war drills by the U.S. and south Korean puppet group that harass the peace and stability on the Korean peninsula and in its vicinity.

Rhetoric like this is common in North Korean propaganda. We have no way of knowing whether Kim Ki-Jong even read this, of course. It’s technically illegal to read the Rodong Sinmun in South Korea. Regardless of whether you believe Pyongyang incited this attack, however, it pretty clearly means to incite the next one.

Is there any precedent for the State Department considering the mere incitement of attacks to be the state sponsorship of terrorism? There is. State’s 1991 Country Reports on Terrorism cited Saddam Hussein’s call for “all of his terrorist allies to attack coalition targets, frequently through announcements on Iraq’s Mother of Battles radio.” The 1997 report (among others) cited the Ayatollah Khomeini’s offer and broadcast of a bounty for the first guy to kill Salman Rushdie for writing “The Satanic Verses.” The 2009, 2010, and 2012 reports cited Syria’s hosting of al-Rai radio, a pro-Baathist radio station that “transmitted violent messages in support of terrorism in Iraq.” So there’s ample precedent for State to consider incitement of violence as the state sponsorship of terrorism. And it’s certainly not above Pyongyang to directly incite the very sort of act that Kim Ki-Jong committed:

Screen Shot 2015-03-05 at 11.36.54 AM

Could State re-list North Korea as an SSOT because of its approval of an attack on a U.S. Ambassador? The legal standards are vaporous, but yes, it could. There isn’t much evidence that Pyongyang actually caused this incident or intended for it to happen, although its statement today encouraged more like it. The incitement of terrorism was enough to justify the SSOT listings of Iran, Iraq, and Syria. It could justify a re-listing of North Korea.

Should State re-list North Korea as a SSOT for expressing its support for this attack? No. State should re-list North Korea as a state sponsor of terrorism because of its multiple attempted or completed assassinations of activists and defectors in China and South Korea. It should re-list North Korea because of its long relationship with Hezbollah, in which North Korea helped Hezb dig a tunnel system, and was caught shipping it two boatloads and one plane-load of weapons, including MANPADS. It should re-list North Korea because of its threat against audiences for “The Interview,” right here in the United States. It should re-list North Korea for the kidnapping and murder of the Reverend Kim Dong Shik, for which Barack Obama personally promised, in writing, to oppose removing North Korea from the list to begin with.

All of those things meet any reasonable interpretation of what “support for international terrorism” means. Of course, if none of those things was enough for our State Department, I don’t suppose this will be, either.

~   ~   ~

* A previous version of this post said Kim Il-Sung. Since corrected.

Read more

Once again, North Korea threatens free speech here in the United States

On December 19, 2014, in response to the FBI’s conclusion that North Korea was behind the threats against audiences for “The Interview,” President Obama said, “We cannot have a society in which some dictator someplace can start imposing censorship here in the United States.” After all, the President reasoned, “if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don’t like or news reports that they don’t like.”

Or, he might have added, a human rights conference put on by an N.G.O. in downtown Washington, D.C., where current and former U.S. diplomats were in attendance.

North Korea says it will respond “very strongly” to a conference in Washington on Tuesday about its widespread human rights abuses and says the United States ignored Pyongyang’s offer to attend and defend itself. Puzzled conference organizers said the event was open to the public.

North Korea’s U.N. Ambassador Jang Il Hun told reporters Monday his country has asked the U.S. government to “immediately scrap the so-called conference” hosted by the nonprofit Center for Strategic & International Studies. Speakers include Robert King, the U.S. special envoy for North Korean human rights issues. [AP]

President Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. The Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” Discuss among yourselves.

You can debate what Jang meant and exactly what he was threatening, if you care to. I have no doubt that Jang’s masters chose exactly the words they did so that they could preserve a modicum of deniability, while allowing the rest of us to put his words into the context of North Korea’s recent actions and draw the obvious conclusions. What’s beyond dispute is that Pyongyang is trying to censor debate right here in Washington, D.C., by purporting to tell Americans what they can meet and talk about. Pyongyang now believes it can enforce its censorship writs on Rhode Island Avenue. It must be disabused of that notion.

If the President of the United States believes in defending our freedom to debate issues that are important to public policy, his first response will be to expel Ambassador Jang for activities incompatible with his diplomatic status. His second response will be to put North Korea back on the list of state sponsors of terrorism. His third response will be to get on with that “proportional” response he promised, after North Korean hackers threatened to attack American moviegoers. Those threats successfully suppressed two major films, and they have done incalculable harm to our freedom of expression. The President’s response ought to be premised on the determination that if North Korea forces us to choose between our freedom of expression and North Korea’s existence, then North Korea must cease to exist. A policy of imposing incremental inconvenience would no longer do.

Few Americans would describe President Obama as a particularly good president, particularly when it comes to foreign policy, although I’d still argue that with respect to North Korea, President Bush’s combination of empty tough talk and appeasement was even worse. Yet for some reason, fair or unfair, the North Koreans have made the calculation that Obama is a lightweight, and that he won’t offer a serious response to this sort of thing. That means we’re sure to hear more like this from them.

Does the State Department think there’s a six-month statute of limitations for terror sponsorship? (Updated)

If the Congressional Research Service had its own store at the mall, you’d often find me there at 3 a.m., sleeping in my lawn chair the night before the next release, possibly in some sort of costume. The researchers are smart and genial people, and most of their work has been terrific. There also appears to be some mutuality of readership between us, because as it turns out, the latest CRS report on North Korea’s sponsorship of terrorism cites no less than three of my works in six of its footnotes (just call me the Congressional Research Service research service). Large portions of the CRS report read like a response to my various briefs supporting North Korea’s designation as a state sponsor of terrorism (SSOT). Again, it’s always a good thing to have your ideas read and considered, so I hope what follows won’t seem ungracious, but CRS’s latest left me feeling the way I felt after I watched “Phantom Menace.”

That’s because CRS appears to have followed the State Department into a serious legal error that affects the quality of the analysis that resulted. The problem only becomes evident in the conclusion of the report, where CRS argues that most of the events I’ve cited (inter alia) here and here that would support North Korea’s SSOT re-listing would “fall outside the six-month window that the State Department uses to determine governments’ placement on the lists.” That is to say, State thinks there’s a six-month statute of limitations for purposes of an SSOT listing.

Now, as we speak, I’m putting the final touches on a very extensive report on SSOT listing–its statutory history, authorities, key definitions, purposes, and conduct justifying an SSOT listing. Look for it in fine bookstores everywhere (no, not really). I re-checked the key authorities, and there is no such window. Wanna check them yourself? Look at Section 6 of the Export Administration Act (EAA), Section 140 of the Foreign Relations Authorization Act for Fiscal Years 1988 and 1989, Section 620A of the Foreign Assistance Act, and Section 40 of the Arms Export Control Act. You won’t find that window, but you will find another possible source of the State Department’s confusion: Section 6(j)(4) of the Export Administration Act. But this is a provision for rescission–in English, removal from the SSOT list–not for listing in the first instance. (There are similar rescission provisions in the EAA and the FAA).

There are other reasons to question that there’s any six-month window, not the least of which is the illogic of writing annual reports that would have to overlook the first half of the year. Not only does text of the EAA provide no support for this view, its use of the term “repeatedly” implies the opposite conclusion. Many of State’s prior SSOT justifications have cited conduct occurring years before a listing (if you doubt me, read them). North Korea wasn’t listed after the 1987 KAL bombing and then de-listed the very next year, after a six-month statute of limitations ran out. Its abductions of Japanese citizens and its harboring of Japanese Red Army hijackers were both cited as reasons for North Korea’s listing years after they occurred. (Arguably, these could be called continuing offenses; they still are.) When the State Department added Sudan to the SSOT list in 1993, it found “no conclusive evidence linking the Government of Sudan to any specific terrorist incident during the year.” And as the State Department itself once said:

The United States is committed to holding terrorists and those who harbor them accountable for past attacks, regardless of when the acts occurred. The US Government has a long memory and will not simply expunge a terrorist’s record because time has passed. The states that choose to harbor terrorists are like accomplices who provide shelter for criminals. They will be held accountable for their “guests’” actions. International terrorists should know, before they contemplate a crime, that they cannot hunker down in safehaven for a period of time and be absolved of their crimes.

Perhaps because of this erroneous interpretation, CRS largely overlooks some of North Korea’s most egregious recent acts of terrorism–its assassination plots against Hwang Jang Yop and Pak Sang-Hak, the assassination of Kim Chang-Hwan in China, the attempt to assassinate another activist in China the following day, the attempted kidnapping of a North Korean student in Paris last year, and the attempted murder of a North Korean refugee in Denmark last year. One could argue that direct, retail terrorism isn’t the “sponsorship” of terrorism, but if that’s so, it’s an obtuse evasion of Congress’s intent. And if it’s so, why has the State Department repeatedly cited Iran’s attempts to assassinate Iranian dissidents abroad to support Iran’s SSOT listing? Or the assassination of Rafiq Hariri to support Syria’s SSOT listing? Or the 1983 bombing in Rangoon, the KAL 858 bombing (the original basis for North Korea’s SSOT listing), or the abductions of Japanese citizens?

CRS’s report thereby concludes “that 2009 and 2013 seizures of North Korean shipments of chemical protection equipment to Syria were the only DPRK actions since 2008 that both (1) were recognized by official U.S. or U.N. bodies, and (2) could conceivably have met the statutory criteria for redesignation.” Now, maybe this is the lawyer in me talking–but I was under the misunderstanding that the final judgment of a U.S. District Court, or the opinion of a federal Court of Appeals, counted as “recognition” by an “official body.” (See here, here, and here.) Also, it seems unfair to count only the orders of U.S. federal courts, while overlooking the multiple convictions of North Korean agents by South Korean courts (here, here, here, and here; this and this may be relevant, too). I’m not going to argue that the South Korean legal system is a paragon of due process, but if its convictions are good enough to merit recognition by our federal courts, they’re good enough for our State Department.

Perhaps consequently, the CRS report also misses the main point of my citation of the 2009 weapons seizures in Bangkok, aboard the M/V ANL Australia, and aboard the M/V Francop—not that North Korea was shipping those weapons to Iran and Syria, but that it was shipping weapons to Hamas and Hezbollah (and maybe the Quds Force for good measure) through Iran and Syria. Begin with the U.N. Panel of Experts reports documenting those seizures and cargoes in exhaustive detail, but that’s only the first step. Then, compare those reports to the contemporary press reports informing us that those weapons (including MANPADS) were destined for terrorist end-users.

Finally, CRS argues that “a decision to redesignate the DPRK as a state sponsor of terrorism could have a significant impact on diplomacy with North Korea,” to which I ask, “What diplomacy?” Weirdly enough, CRS also cites Kim Jong Un’s byungjin policy—the North Korean policy that declares its dual pursuit of both nukes and economic development—and equates it with reform:

The Kim regime has been promoting a two-track policy (the so-called byungjin line) of nuclear development and economic development, with the latter goal partially dependent upon influxes of foreign investment.…  The DPRK could be particularly sensitive to a redesignation, which could be perceived as a threat to the potential economic gains the North Korean government expects from its byungjin policy. Therefore, those who wish to encourage North Korea’s economic reforms, in the belief that they eventually would lead to changes in the government and/or the government’s behavior, may oppose redesignating the DPRK. In contrast, those who wish to increase economic pressure on North Korea by undercutting the byungjin line may favor redesignating the DPRK.

The latter group includes both the Obama and Park administrations, which hold that byungjin is a non-starter, “a pipe dream.” Officially, our policy is that North Korea can’t have it both ways. That makes the disruption of byungjin a net positive for an SSOT listing. (This also re-raises the question of whether a capitalist, fascist North Korea is less dangerous than a socialist one. It has never been clear to me why that would be the case.)

CRS also argues that “China may be inclined to use redesignation as a pretext for opposing U.S. and South Korean efforts to increase pressure on North Korea through other means.” Like they need one. I’ve given a long series of examples of China violating UNSC sanctions here. I’m not sure why an SSOT listing would give China any needed justification to do what it has done for years.

Finally, CRS punts on the most important question of all—by what standard can we avoid calling this terrorism?

Warning

We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.

Soon all the world will see what an awful movie Sony Pictures Entertainment has made.

The world will be full of fear.

Remember the 11th of September 2001.

We recommend you to keep yourself distant from the places at that time.

(If your house is nearby, you’d better leave.)

Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.

All the world will denounce the SONY.

More to come…

It’s important to make a distinction between the Guardians of Peace’s hacking of Sony Pictures from its threats against American moviegoers. The hacking itself doesn’t clearly fit within the various legal definitions of terrorism, and there’s no precedent for State citing hacking as a basis for an SSOT listing. For reasons I won’t argue today, that’s probably a good policy. Threats against American moviegoers, on the other hand, would clearly fit both the legal definitions of terrorism and the plain meaning of the term.

~   ~   ~

As for the impact of an SSOT listing, I’m not going to argue that the sanctions triggered by a listing would be among the strongest financial and legal tools at our disposal. Sanctions under 31 C.F.R. Part 596 would have less impact than designation as a Primary Money Laundering Concern, a sustained campaign of financial diplomacy to isolate Kim Jong Un’s access to his offshore hard currency, or a serious and sustained campaign of information operations. Still, an SSOT listing would close an important loophole in our weak sanctions against North Korea. To understand the significance of that point, however, you have to understand how weak our sanctions are to begin with. And none of this means that these policy choices would be mutually exclusive.

Maybe the most important reason for an SSOT listing is that it would reflect the truth. The State Department’s dogmatic insistence that North Korea hasn’t sponsored an act of terrorism since 1987 is–there is no other word for this–a lie, one that smacks of unaccountability and bureaucratic arrogance. Regardless of the diplomatic or legal effects of a SSOT designation, it is never acceptable for our government to lie to us. Our own federal courts have found that North Korea has repeatedly sponsored acts of international terrorism. South Korean courts have repeatedly convicted North Korean agents of international kidnappings, assassinations, and assassination attempts. A U.N. Panel of Experts has offered voluminous evidence of North Korea’s arms exports intercepted en route to Iran–arms that intelligence sources tell reporters were bound for Hamas and Hezbollah. And although the legal basis to call a cyberattack “terrorism” is questionable, threats against American filmmakers and moviegoers clearly fit the legal and commonly understood definitions of terrorism. Telling the truth always matters. So does holding people accountable for the evil that they do.

~   ~   ~

Update: 2 Feb 2014: CRS has corrected its report to remove any references to a “six-month window.” I’ll add that when I raised the legal question with CRS, they were very classy about reexamining the law and correcting the mistake. The error was not the State Department’s, as it turns out; it was just CRS’s misreading of the Export Administration Act. Hey, I make mistakes, too! The final CRS report, however, still fails to address most of the substance that I’ve argued could be a basis for an SSOT listing. Without the “six-month window” issue, the report now leaves those omissions largely unexplained. I hope CRS will go back and examine those issues in more detail another day, in the near future.

Three Cheers for Obama’s Sony attribution, a golf clap for his “proportional” response.

In The Washington Post, Ellen Nakashima describes how Sony’s decision to cancel the premiere of The Interview catalyzed the Obama Administration’s decision to blame North Korea publicly:

The next day, alarmed by the surrender, President Barack Obama convened his top officials in the White House Situation Room and, based on their unanimous recommendation, decided to take an action the United States had never dared before in response to a cyberattack by another nation: name the government responsible and punish it. [….]

The blocking of Sony’s freedom of expression, on top of a highly damaging hack, is what ultimately compelled officials to act, in the name of deterrence.

“The argument I made was the whole world is watching how we as a nation respond,” said Adm. Michael Rogers, the director of the National Security Agency, who, other officials said, was at the previously undisclosed meeting.

“And if we don’t acknowledge this, if we don’t name names here, it will only — I’m concerned — encourage others to decide: ‘Well, this must not be a red line for the United States. This must be something they’re comfortable [with] and willing to accept,’ ” Rogers said at an international cybersecurity conference at Fordham University last week.

There “was a significant debate within the administration about whether or not to take that step” of naming North Korea, a senior administration official said. “Attribution is hard, and there are all sorts of reasons we don’t normally want to do that,” including setting a precedent that would increase pressure to name other countries in future incidents and antagonizing the offending governments.

But the attack on Sony’s right to screen a movie struck a nerve. The entertainment company may not be “critical” to national security, but free speech is “a core value,” said the official, who spoke on the condition of anonymity to describe internal discussions. “Yes, it was a Seth Rogen comedy, but next time it might not be,” he said. What he described as the hack’s “destructive” nature combined with the element of coercion against Sony “crossed the threshold,” he said. “It took us into a new realm.”

The attack was a violation of U.S. sovereignty “coupled with an attempt to interfere with freedom of expression,” said Christopher Painter, State Department coordinator for cyber issues. “You had, in many ways, the perfect storm of all these things coming together that were really important.” [WaPo, Ellen Nakashima]

I applaud this unreservedly. It was the right decision for the right reasons.

~   ~   ~

The administration has stumbled twice since then, however. For several weeks, the administration failed to challenge inside-job theories from some IT security experts. Some of them challenged the sufficiency of the publicly available evidence, which is fair enough. But to argue that North Korea didn’t do it is much more problematic. Some of the inside-jobbers lost sight of the possibility that they were arguing based on incomplete information. Others may have been motivated by grudges against the administration over the Snowden revelations, or other biases. Yet others, including inmates of the Alex Jones, Christine Ahn, and Ron Paul asylums, shared the sort of skepticism that’s unique to the world’s most gullible people.

The administration continued to lose this argument for several weeks before FBI Director James Comey publicly reaffirmed that he was certain that the North Koreans did it. Comey’s call to declassify more of the evidence is now being answered by the National Security Agency:

Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.

A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.

The evidence gathered by the “early warning radar” of software painstakingly hidden to monitor North Korea’s activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation. [N.Y. Times, David E. Sanger & Martin Fackler]

The CIA’s malware was built on its highly successful Stuxnet worm:

For about a decade, the United States has implanted “beacons,” which can map a computer network, along with surveillance software and occasionally even destructive malware in the computer systems of foreign adversaries. The government spends billions of dollars on the technology, which was crucial to the American and Israeli attacks on Iran’s nuclear program, and documents previously disclosed by Edward J. Snowden, the former security agency contractor, demonstrated how widely they have been deployed against China. [N.Y. Times]

For those incapable of wrapping their heads around the idea of North Korea being technologically sophisticated enough to hack someone, the Times story also provides an extensive history of Unit 121, and an interview with two defectors with insider knowledge of the unit’s operations.

See also CNN and CBS News (quoting Comey, “We could see that the IP addresses that were being used to post and to send the e-mails were coming from IPs that were exclusively used by the North Koreans.”).

Interestingly enough, just a few weeks before the Sony hack, Director of National Intelligence James Clapper had dinner with Kim Yong-Chol, the head of North Korea’s Reconnaissance Bureau (RGB), the man responsible for overseeing North Korea’s hackers, and also for multiple attempts to assassinate human rights activists and North Korean dissidents in exile. The RGB’s assets are blocked, but Gen. Kim’s are not. I can’t help wonder if Gen. Kim smiled at the thought of how Clapper would react to the Sony attacks. Let’s hope that the Obama Administration gives Gen. Kim cause to regret this lapse of malignant egomania.

It amuses me some to wonder whether there was a small bandage on Mr. Clapper’s right palm when the two men shook hands.

~   ~   ~

Which brings us to the President’s second stumble: his failure, so far, to respond credibly, to deter others from crossing the red line that North Korea crossed in November, and also to deter others from blunting President Obama’s response by undermining sanctions.

It did not take long for American officials to conclude that the source of the attack was North Korea, officials say. “Figuring out how to respond was a lot harder,” one White House official said. [N.Y. Times]

That’s becoming more painfully obvious by the day. President Obama has said that Executive Order 13,687 and the designations of January 2nd were only a beginning, and let’s hope he’s right about that. Sanctions work better when they hit with a shock than when they’re applied incrementally, and give the target time to adapt. If my guess is right, however, Treasury needs more time to do that, because this administration hasn’t made North Korea a priority in its financial intelligence targeting. But so far, as former CIA Director Michael Hayden said, the administration’s new sanctions have been “symbolic at best,” for reasons I explained here. Worse, our apparent lack of determination is inviting troublemakers to undermine the administration’s negative reinforcement.

Here is Vladimir Putin’s cue to enter stage left.

According to this article, Russia has recently begun to service transactions for the U.S. Treasury-sanctioned Foreign Trade Bank of North Korea in rubles. Treasury sanctioned the FTB in March 2013 for its involvement in servicing WMD-related financial transactions. The article’s author, whose work reads like that of a Putinjugend fangirl, may not have considered the possibility that the Russian businesses involved could still be cut out of the financial system under EO 13,687 or (one day in the not-too-distant future, according to Chairman Royce) the North Korea Sanctions Enforcement Act. However unwittingly, fangirl has done us a great public service by bringing this information to our attention.

In his State of the Union speech, President Obama promised to defend us against cyberattacks. He didn’t mention North Korea by name, but the reference was obvious. Deterrence is a critical part of defense. Imposing new cybersecurity laws and regulations on industry alone will not be a complete answer, and the new requirements will come with massive costs to American industry. Even if the administration has good reasons to delay the main thrust of its response to Kim Jong Un until it finds a critical mass of North Korea’s financial nodes, it still needs to make a bold demonstration that it’s unwilling to tolerate the willful subversion of its policies by Russia and others. If the sanctions of January 2nd are the only price a foreign enemy pays for a devastating and chilling attack on the central principle of our political system, those sanctions will mean less than no deterrent at all.

N. Korea threatens U.S. with “a hail of bullets and shells on its own territory.”

Via our friends at the Korean Central News Service, North Korea’s official journo-terrorism service.

In 2011, the Associated Press signed two memoranda of agreement with KCNA in which AP and KCNA agreed to cooperate in the reporting of “news” about North Korea. The AP refuses to disclose the contents of those memoranda.

President Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. The Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.”

Discuss among yourselves.

FBI Director: Yes, I’m sure North Korea did it. (Update: So is NSA’s Director)

The other day, a reporter asked me whether the “considerable doubt” about Pyongyang’s responsibility for the Sony hacks and terror threats undermined the legitimacy of the President’s response. I suppose the answer depends on your perspective. I’m not privy to the FBI’s evidence against North Korea, but my greater doubt is whether the President’s response, so far, is meaningful.

A week ago, however, I decided that the FBI was losing the battle for public opinion. I recalled the CIA’s video about the North Korean-built reactor at Al-Kibar, Syria, and wondered if it would be possible to create something like this for Sony.

As a result of this video, there’s little room for serious doubt about North Korea’s responsibility for Al-Kibar. The irony of Al-Kibar is that while one part of the Bush Administration did a fine job of making its case — once forced to do so by Congress — Bush himself was just as determined to do nothing about it. After an equally slow start, the FBI Director is now making an effort to shore up public confidence in its case.

Federal Bureau of Investigation Director James Comey on Wednesday said the U.S. is confident about North Korea’s involvement in the December threats against Sony Pictures because the people involved at times slipped up and didn’t properly use tactics designed to obscure the source of the messages.

When that happened, investigators were able to see clearly that they came from Internet addresses used solely by North Korea, Mr. Comey said. “There is not much in this life that I have high confidence about,” Mr. Comey said. “I have very high confidence about this attribution.”

Mr. Comey also highlighted other evidence, such as analysis by FBI personnel that matched patterns of writing and other signatures to those found in other attacks launched by North Korea. [….]

Mr. Comey said the U.S. has more evidence that North Korea was behind the attack that it can’t release publicly. He said those who have questioned the conclusion North Korea was involved “don’t have the facts that I have, they don’t see what I see.” [Wall Street Journal]

Comey delivered the remarks at a four-day cybersecurity conference in New York.

Though Mr. Comey did not offer more details about the government’s evidence in a speech in New York, senior government officials said that F.B.I.’s analysts discovered that the hackers made a critical error by logging into both their Facebook account and Sony’s servers from North Korean Internet addresses. It was clear, the officials said, that hackers quickly recognized their mistake. In several cases, after mistakenly logging in directly, they quickly backtracked and rerouted their attacks and messages through decoy computers abroad. [….]

Responding to critics who have questioned why the United States thinks North Korea was the source of the attacks, Mr. Comey said on Wednesday that the hackers became “sloppy” as they tried to cover their tracks. He acknowledged that the North Koreans had used decoys but did not elaborate about the specific mistakes the hackers made that gave him “high confidence” the country was behind the attack.

Mr. Comey urged the United States intelligence community to declassify all the information that showed that the hackers had used such servers, something that could take months. [N.Y. Times]

This is a good start, particularly the call to declassify as much of the evidence as can be declassified without compromising sources and methods the intelligence community will need again. The Director’s statement alone won’t be enough to marginalize the skeptics to the fringes and gain enough support for the President to take effective action, assuming (as I don’t) that the administration really wants to take effective action.

Different motives are driving different reactions to Sony, and not all of those motives necessarily yield to the evidence.

Some of the skepticism is based on IT forensic analysis, and seems conscientious, if inconclusive. After all, most of those criticisms began by arguing that IT forensics is an inexact science, and then proceed to offer their own alternative IT forensic theories. Not everyone agrees that the skepticism is even conscientious:

[T]he F.B.I. and other security experts say those critics have had access to only some of the evidence from the attack. They say the accumulation of the evidence collected by the F.B.I., Sony and Mandiant, a security firm hired by Sony, makes clear that North Korea was the culprit.

Just before Mr. Comey made his statements, a leading cybersecurity expert took those critics to task.

“One of the joys of the Internet is that anyone with a keyboard and a connection can be an expert,“ James A. Lewis, a director and senior fellow at the Center for Strategic and International Studies in Washington, wrote in an essay posted online on Wednesday. “Opinion substitutes for research. The uninformed debate over the Sony cyberincident is the most recent example of the Internet’s limitations.” [N.Y. Times]

Some of the skepticism, such as the analysis of the hackers’ English, reads like pseudoscience. Lewis’s comment reminds me of the two years after 9/11, when everyone with a GeoCities account was suddenly a structural engineer.

I’m no expert on computer forensics. I can only hope that the FBI was very confident about its conclusions before making such a serious charge. Those conclusions are obviously based on classified evidence, but it would be a mistake to assume that the FBI is basing its conclusions on computer forensics alone. I don’t know what the FBI knows. More importantly, neither do the inside-job theorists. Unfortunately, intelligence agencies that do have that information have to keep their sources and methods secret, or they won’t have those sources and methods for long.

Mr. Lewis said a close reading of classified documents leaked last year by Edward J. Snowden, the former National Security Agency contractor, made clear that American intelligence officials maintained deep access in North Korea’s networks.

The real debate, Mr. Lewis said, was one of government mistrust by the cybersecurity community, particularly after the revelations by Mr. Snowden. [N.Y. Times]

Of course, the FBI isn’t always right. In this case, however, the criticism doesn’t persuade me to deny the FBI a presumption of veracity.

First, I don’t see any motive for the FBI or the President to fabricate a case against North Korea. If you’ve been watching this administration’s North Korea policy, what’s remarkable is the extraordinary efforts it has made to ignore North Korea; hence the term “strategic patience.” In fact, this administration has been forced to turn to a whole series of foreign policy problems that it would have preferred to ignore — the Arab Spring, the Green Revolution in Iran, Libya, the South China Sea, Ukraine, Syria, the rise of ISIS, and now, North Korea. The last thing it wanted was yet another foreign policy crisis, or for North Korea to make it look incapable of protecting the United States from the tantrums of a porcine adolescent heir to a blighted kingdom.

Second, the ease with which some readers have seized on inside-job theories reminds me that a dubious political psychology often drives them. Among some quarters of the left, there is a capacity for introspection and self-criticism that makes our society more just and more fair when imbibed in moderation, but which quickly becomes witless masochism when drunk to excess. In recent years, both the far left and the far right have been seized by the temptation to deny, at any cost, the frightening thought that our freedom and our safety are threatened by thugs from beyond our borders. It makes them feel safer, somehow, to cling to inside-job explanations that would relieve us from the burdens of confronting hard questions that spring from unwelcome conclusions. But feeling safer isn’t the same as being safer.

None of which should really be reason to debate the legitimacy of blocking Kim Jong Un out of the financial system. There were many good reasons for tougher sanctions against North Korea long before the Sony hack. Michael Kirby called for them a year before Sony, and Congress introduced sanctions legislation nearly two years before. The administration could have taken action against North Korea for any number of reasons — North Korea’s crimes against humanity, proliferation, money laundering, support for terrorism, military provocations, or its refusal to give up its nuclear weapons programs. The administration didn’t necessarily have to blame Pyongyang for Sony, but if it was convinced of Pyongyang’s guilt, but a President who is unwilling to assign blame to those who attack and threaten us in our own country signals an unwillingness to deter the next attack.

I commend President Obama for putting the country’s interest before his political interest by doing so. Having come this far, his administration must make its case. I hope it makes a compelling one.

~   ~   ~

Update, Jan. 10, 2015: The NSA’s Director weighs in:

Rogers, the NSA director, discussed the Sony hack at numerous points throughout his talk, prior to the question and answer period. “I have very high confidence—I remain very confident—that this was North Korea,” he said, echoing FBI Director James Comey the day before. He said this was the first time a nation-state has carried out an act to “stop the release of a film with a particular viewpoint and characterization of a leader.” [….]

Naming North Korea and announcing economic sanctions was critical for deterrence of future nation-state or other types of cyber attack, Rogers argued. “The entire world is watching how we as a nation are going to respond to this,” he said. [The Intercept]

So far, the administration’s response has been to designate ten low-level individuals and three mid-level entities that have been designated for years.

Ros-Lehtinen bill to call for N. Korea’s listing as a terrorism sponsor

WASHINGTON, Jan. 5 (Yonhap) — A U.S. congresswoman said Monday she will introduce a bill calling for re-listing North Korea as a state sponsor of terrorism in response to the communist nation’s alleged cyber-attack on Sony Pictures.

“North Korea should have never been taken off the state sponsor of terrorism list and should be reinstated immediately,” Rep. Ileana Ros-Lehtinen (R-FL) said in comments emailed to Yonhap News Agency. “I will soon be reintroducing legislation to redesignate North Korea as a state sponsor of terrorism and to ratchet up the sanctions pressure on the North Korean regime.”

The congresswoman welcomed the latest sanctions that the administration of President Barack Obama imposed on North Korea last week in response to the Sony hack, but she stressed that what’s more important is to enforce those sanctions.

“Simply talking tough on sanctions without enforcing them in order to manipulate public opinion, as this White House has done with regard to North Korea and other rogue regimes, will only diminish whatever credibility and influence the administration has left while putting the security of the United States at risk,” she said. [Yonhap]

Funny how the administration says an SSOT listing would be “symbolic,”yet so stubbornly refuses to do it. If it’s only symbolic, what are they afraid of?

North Korea and terrorism, a response to Micah Zenko

Zenko, who is a made member of the Council on Foreign Relations, has written an article for Foreign Policy with the headline, “Sorry, But North Korea Isn’t a State Sponsor of Terrorism.” I tried to post a comment, but because FP‘s user-unfriendly website prevents that, I’ll just post that comment here.

I wish Mr. Zenko knew enough about his subject matter to question the State Department’s assertion that North Korea hasn’t sponsored any acts of terrorism since 1987. In fact, it has done so repeatedly and recently.

Around the time Mr. Zenko published his article, North Korean agents attempted to murder a North Korean refugee in Denmark. A few months before that, regime agents attempted to kidnap a North Korean student in Paris.

In December, a federal appeals court allowed a suit by the family of a U.S. lawful permanent resident to proceed against the North Korean government for his alleged abduction and murder. This year, a federal district court judge ruled that North Korea has supported Hezbollah attacks against Israeli civilians.

Last July, “Western diplomats” told The Telegraph that North Korea had struck a deal to sell rockets to Hamas. Let’s also talk about the North Korean arms shipments to Hamas and Hezbollah that featured in these recent U.N. panel of experts reports.

Let’s also talk about the poison needle assassination campaign against emigres and human rights activists, resulting in convictions of North Korean agents in South Korean courts. Or Pyongyang’s repeated threats against civilian targets in South Korea, Japan, and the United States.

The State Department’s refusal to acknowledge the overwhelming evidence of North Korea’s sponsorship of terrorism is obtuse and mendacious. State denies these things to support policy decisions it has made for other reasons. That doesn’t make the assertion (and consequently, Zenko’s article) factually true.