The FBI hopes to indict the hackers responsible for infiltrating Sony Pictures Entertainment's computer network in US courts, according to FBI Assistant Attorney General for National Security John P. Carlin.
Carlin said today at the Cybersecurity for a New America: Big Ideas and New Voices conference in Washington, DC, that the FBI will approach the Sony hackers—believed to be operatives of the North Korean government by US security agencies—like it does China's People's Liberation Army (PLA). In May of 2014, five PLA hackers were indicted by a Pennsylvania grand jury for stealing sensitive information from several US corporations. All five of the Chinese attackers are currently listed on the FBI's Most Wanted list for cyber criminals.
"I'll say this: we continue to investigate [the Sony hack] as a criminal case," said Carlin. "I think with each one of these national security cases, we do what we're trying to do with PLA." When asked about whether the PLA hackers, and presumably the North Korean attackers, would be arrested by Interpol if they left their home country, Carlin would not divulge how the FBI would coordinate its actions. "I won't talk specifically about what we do, but we hope to bring them to a US courtroom—try them as we would try other cases," Carlin said.
Criminal sanctions for the Sony attackers will serve as a deterrent to nations aiming to infiltrate US networks, Carlin said: "I think we need to look at the particularly sophisticated nation states—Russia and China—[and] deter their activity."
This statement is ironic in light of the US's own offensive cyber activity. A 2013 NSA document leaked by Edward Snowden and obtained by The Intercept in February revealed that NSA hackers regularly infiltrate and sabotage Iranian computer networks. In 2010, US and Israeli agents unleashed Stuxnet, an advanced malware designed to target systems controlling critical infrastructure, on Iranian networks related to their nuclear program.
The lack of specific attribution for the hack beyond "North Korea"—in contrast, the PLA hackers were named as individuals—is also likely to add fuel to the flame of doubt among private cyber security experts regarding the identity of the Sony hack's perpetrators. Since the first hack was detected in November of 2014, some cybersecurity firms have even speculated that the attack was carried out by Russian, not North Korean, attackers.
Who, exactly, the FBI will be targeting inside the North Korean regime's opaque structure is unknown at this time. What is clear is that the US government is getting serious about cyber security, for better or for worse, and a criminal indictment for North Korean hackers would solidify this commitment. "We're not afraid to publicly say what we found," said Carlin, "and then we need to show there will be consequences for that type of activity."