WASHINGTON (CNN) — President Barack Obama on Friday said that Sony Pictures made a mistake in canceling the release of a movie after a cyberattack from North Korean-backed hackers.
“I am sympathetic to the concerns that they face. Having said all that, yes, I think they made a mistake,” Obama said at a news conference Friday. “Let’s not get into that way of doing business.”
Obama’s statement came hours after the FBI announced North Korea is officially responsible for the cyberattack on Sony Pictures, an attack law enforcement officials called a “game changer.”
“We cannot have a society in which some dictators some place can start imposing censorship here in the united states because if somebody is able to intimidate us out of releasing a satirical movie. Imagine what they start doing once they see a documentary that they don’t like or news reports that they don’t like,” Obama said. “That’s now who we are. That’s not what America is about.”
An FBI investigation linked the malware, infrastructure and techniques a group of hackers called “Guardians of Peace” used in the Sony attack to previous North Korean cyberattacks. The North Korean-backed hackers broke into Sony’s servers, published private emails and information and threatened to attack movie theaters screening “The Interview,” a comedy film about an assassination plot on North Korean leader Kim Jong Un.
The United States will respond “proportionally” to the attack, Obama said, though he would not say how the U.S. would specifically retaliate. He did note that the U.S. has beefed up its cybersecurity infrastructure, but that “occasionally there are going to be breaches like this.”
Obama added that the U.S. has “no indication” that any other country was involved in the North Korean attack.
Secretary of State John Kerry also sounded off on the “brazen” attack, which he called “provocative and unprecedented” and without any “justification whatsoever.”
“We are deeply concerned about the destructive nature of this state sponsored cyber-attack,” Kerry said in a statement. “These lawless acts of intimidation demonstrate North Korea’s flagrant disregard for international norms.”
Kerry characterized the attack as an assault on the core American value of freedom of expression, noting that the U.S. will continue to advocate for the freedom to “openly mock and criticize the powerful.”
“We don’t always like what they say about us or about others, and sometimes we’re even deeply offended. But those offenses have always taken a backseat to freedom of expression,” Kerry said.
And the idea of a foreign government launching a destructive attack on an American company over an ideological matter elevated this hack to “one of the highest priority investigations we’ve worked on,” one law enforcement official told CNN.
U.S. officials also tell CNN the hackers routed the attack through servers in countries from Asia, Europe and Latin America, even some in the U.S.
The hackers used common DNS masking techniques to make it look like it was coming from those places, but the National Security Agency and FBI were able to track it back to North Korea.
North Korean internet traffic is routed through China, which is one way they are able to hide their activity, but the FBI was still able to trace it back to the origin, sources tell CNN.
And Obama also addressed North Korea’s motives, noting that attacks came after a comedic, satirical movie.
“The notion that that was a threat to them I think gives you some sense of kind of what regime we’re talking about,” Obama said.
The FBI called North Korea’s actions “outside the bounds of acceptable state behavior” in a statement released Friday and called cyberthreats “one of the gravest national security dangers.” The FBI did not use the words “terror” in their statement.
“North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said in the release. “We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there.”
Sony backed off its plans to release the movie this week after the hacking group threatened to attack movie theaters. It has no further plans to release the film.
The investigation linked the “tools” of the Sony hack to North Korean cyberattacks in March 2013 against South Korean banks and media outlets.
Former Sen. Chris Dodd, the Chairman and CEO of the Motion Picture Association of America, released a statement Friday after the FBI announcement slamming the North Korean attacks by “cyber terrorists, bent on wreaking havoc” as a “despicable, criminal act.”
“This situation is larger than a movie’s release or the contents of someone’s private emails,” Dodd said. “This is about the fact that criminals were able to hack in and steal what has now been identified as many times the volume of all of the printed material in the Library of Congress and threaten the livelihoods of thousands of Americans who work in the film and television industry, as well as the millions who simply choose to go to the movies.”
Dodd added that “we cannot allow that front (of cyberattacks) to be opened again on American corporations or the American people.”
U.S. officials have said the government will retaliate for the attacks and White House Press Secretary Josh Earnest said the response would be “proportional.”
“Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests,” the FBI said in the release.
Bruce Bennett, a North Korean expert at the RAND Corporation told CNN that he consulted informally on the field as a favor to Sony Corporation Michael Lynton, who sits on the RAND Board of Trustees.
“He asked RAND’s president if he had a Korean expert to speak to in order to help sort out how to handle the picture and RAND’s president asked me to do that. We had a couple of brief conversations, viewed the movie and sent some comments,” he said, adding “this was not a paid consultency.”
Bennett said he suggested Sony let the State Department know about the film and the potential political issues involved and offered to call Robert King, the State Department’s envoy for North Korean human rights. He said “I simply notified him of what was going on.”
King told Bennett the film “was an American business decision and the State Department doesn’t get involved in things like that.”
Bennett said he did not show King or anyone at the State Department the film and said he was skeptical that anyone at the State Department saw it.
Referring to the State Department, Bennett said “their attitude was that they were glad to know about it, but it was not their role to intercede.”
In addition to King’s discussion with Bennett, the State Department has acknowledged that Assistant Secretary for East Asian Affairs Danny Russell spoke with Lynton about the film, but denied he had any involvement in its script or creative direction.
State Department spokeswoman said she did not know of anyone at State that screened the movie, though it is not clear still if State officials knew how the movie ended.
“I did not come across anyone who saw the movie in advance,” Spokeswoman Jen Psaki said in an interview Thursday on CNN’s The Lead with Jake Tapper. “It is a normal part of the process for us to consult with the private sector, including movie companies, to talk about issues in the world. And we’re certainly the experts on that. And that happened in this case as well. But, no, we don’t sign off on the content of movies.”
Sen. John McCain on Friday said the cyberattack amounted to “an act of war” on Friday and said the U.S. should retaliate in kind with cyberwarfare.
“This is the greatest blow to free speech that I’ve seen in my lifetime probably,” McCain said Friday on Arizona radio station KFYI 550’s “The Mike Broomhead Show.” “We have to respond in kind. We have lots of capability in cyber and we ought to start cranking that up.”
McCain plans to hold a cybersecurity hearing into the Sony hack in the first two weeks of the next Congress, when he takes over as the chairman of the Armed Services Committee.
Assistant Attorney General for National Security John Carlin applauded Sony’s cooperation with investigators and said the government will continue to “address this and other threats” with partners like Sony.
“We follow the facts and evidence wherever they lead, to identify the fingers at the keyboards that threaten our people, our companies, and our national security,” Carlin said. “Identifying those responsible for these attacks is only the first step, and we will continue to do our part to protect and defend our nation from the asymmetric threats posed through cyberspace.”
Elise Labott contributed to this report.