Tag Archives: cyber warfare

Russian Hackers Read Obama’s Unclassified Emails, Officials Say

Russian Hackers Read Obama’s Unclassified Emails, Officials Say

WASHINGTON — Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.

The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama’s BlackBerry, which he or an aide carries constantly.

But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation.

White House officials said that no classified networks had been compromised, and that the hackers had collected no classified information. Many senior officials have two computers in their offices, one operating on a highly secure classified network and another connected to the outside world for unclassified communications.

But officials have conceded that the unclassified system routinely contains much information that is considered highly sensitive: schedules, email exchanges with ambassadors and diplomats, discussions of pending personnel moves and legislation, and, inevitably, some debate about policy.

Officials did not disclose the number of Mr. Obama’s emails that were harvested by hackers, nor the sensitivity of their content. The president’s email account itself does not appear to have been hacked. Aides say that most of Mr. Obama’s classified briefings — such as the morning Presidential Daily Brief — are delivered orally or on paper (sometimes supplemented by an iPad system connected to classified networks) and that they are usually confined to the Oval Office or the Situation Room.

Still, the fact that Mr. Obama’s communications were among those hit by the hackers — who are presumed to be linked to the Russian government, if not working for it — has been one of the most closely held findings of the inquiry. Senior White House officials have known for months about the depth of the intrusion.

“This has been one of the most sophisticated actors we’ve seen,” said one senior American official briefed on the investigation.

Others confirmed that the White House intrusion was viewed as so serious that officials met on a nearly daily basis for several weeks after it was discovered. “It’s the Russian angle to this that’s particularly worrisome,” another senior official said.

While Chinese hacking groups are known for sweeping up vast amounts of commercial and design information, the best Russian hackers tend to hide their tracks better and focus on specific, often political targets. And the hacking happened at a moment of renewed tension with Russia — over its annexation of Crimea, the presence of its forces in Ukraine and its renewed military patrols in Europe, reminiscent of the Cold War.

Inside the White House, the intrusion has raised a new debate about whether it is possible to protect a president’s electronic presence, especially when it reaches out from behind the presumably secure firewalls of the executive branch.

Mr. Obama is no stranger to computer-network attacks: His 2008 campaign was hit by Chinese hackers. Nonetheless, he has long been a frequent user of email, and publicly fought the Secret Service in 2009 to retain his BlackBerry, a topic he has joked about in public. He was issued a special smartphone, and the list of those he can exchange emails with is highly restricted.

When asked about the investigation’s findings, the spokeswoman for the National Security Council, Bernadette Meehan, said, “We’ll decline to comment.” The White House has also declined to provide any explanations about how the breach was handled, though the State Department has been more candid about what kind of systems were hit and what it has done since to improve security. A spokesman for the F.B.I. declined to comment.

Officials who discussed the investigation spoke on the condition of anonymity because of the delicate nature of the hacking. While the White House has refused to identify the nationality of the hackers, others familiar with the investigation said that in both the White House and State Department cases, all signs pointed to Russians.

On Thursday, Secretary of Defense Ashton B. Carter revealed for the first time that Russian hackers had attacked the Pentagon’s unclassified systems, but said they had been identified and “kicked off.” Defense Department officials declined to say if the signatures of the attacks on the Pentagon appeared related to the White House and State Department attacks.

The discovery of the hacking in October led to a partial shutdown of the White House email system. The hackers appear to have been evicted from the White House systems by the end of October. But they continued to plague the State Department, whose system is much more far-flung. The disruptions were so severe that during the Iranian nuclear negotiations in Vienna in November, officials needed to distribute personal email accounts, to one another and to some reporters, to maintain contact.

Earlier this month, officials at the White House said that the hacking had not damaged its systems and that, while elements had been shut down to mitigate the effects of the attack, everything had been restored.

One of the curiosities of the White House and State Department attacks is that the administration, which recently has been looking to name and punish state and nonstate hackers in an effort to deter attacks, has refused to reveal its conclusions about who was responsible for this complex and artful intrusion into the government. That is in sharp contrast to Mr. Obama’s decision, after considerable internal debate in December, to name North Korea for ordering the attack on Sony Pictures Entertainment, and to the director of national intelligence’s decision to name Iranian hackers as the source of a destructive attack on the Sands Casino.

This month, after CNN reported that hackers had gained access to sensitive areas of the White House computer network, including sections that contained the president’s schedule, the White House spokesman, Josh Earnest, said the administration had not publicly named who was behind the hack because federal investigators had concluded that “it’s not in our best interests.”

By contrast, in the North Korea case, he said, investigators concluded that “we’re more likely to be successful in terms of holding them accountable by naming them publicly.”

But the breach of the president’s emails appeared to be a major factor in the government secrecy. “All of this is very tightly held,” one senior American official said, adding that the content of what had been breached was being kept secret to avoid tipping off the Russians about what had been learned from the investigation.

Mr. Obama’s friends and associates say that he is a committed user of his BlackBerry, but that he is careful when emailing outside the White House system.

“The frequency has dropped off in the last six months or so,” one of his close associates said, though this person added that he did not know if the drop was related to the hacking.

Mr. Obama is known to send emails to aides late at night from his residence, providing them with his feedback on speeches or, at times, entirely new drafts. Others say he has emailed on topics as diverse as his golf game and the struggle with Congress over the Iranian nuclear negotiations.

George W. Bush gave up emailing for the course of his presidency and did not carry a smartphone. But after Mr. Bush left office, his sister’s email account was hacked, and several photos — including some of his paintings — were made public.

The White House is bombarded with cyberattacks daily, not only from Russia and China. Most are easily deflected.

The White House, the State Department, the Pentagon and intelligence agencies put their most classified material into a system called Jwics, for Joint Worldwide Intelligence Communications System. That is where top-secret and “secret compartmentalized information” traverses within the government, to officials cleared for it — and it includes imagery, data and graphics. There is no evidence, senior officials said, that this hacking pierced it.

How the U.S. thinks Russians hacked the White House

How the U.S. thinks Russians hacked the White House

By Evan Perez and Shimon Prokupecz, CNN

Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government.

National Security Council spokesman Mark Stroh didn’t confirm the Russian hack, but he did say that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.”

Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.

Ben Rhodes, President Barack Obama’s deputy national security adviser, said the White House’s use of a separate system for classified information protected sensitive national security-related items from being obtained by hackers.

“We do not believe that our classified systems were compromised,” Rhodes told CNN’s Wolf Blitzer on Tuesday.

“We’re constantly updating our security measures on our unclassified system, but we’re frankly told to act as if we need not put information that’s sensitive on that system,” he said. “In other words, if you’re going to do something classified, you have to do it on one email system, one phone system. Frankly, you have to act as if information could be compromised if it’s not on the classified system.”

To get to the White House, the hackers first broke into the State Department, investigators believe.

The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.

As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.

Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.

“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.

The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.

The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”

The revelations about the State Department hacks also come amid controversy over formerSecretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.

But hackers have long made Clinton and her associates targets.

The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address​ now at the center of controversy: hdr22@clintonemail.com. The address is no longer in use.

‘Equation’ cyberspies use unrivaled, NSA-style techniques to hit Iran, Russia

‘Equation’ cyberspies use unrivaled, NSA-style techniques to hit Iran, Russia

By

equation cyberspies
A group of cyberspies called Equation that uses similar techniques as the NSA has struck at least 30 countries using never-before-seen malware that infects hard disk drives. Credit: Screenshot courtesy of Kaspersky Labs

The group’s attack on hard-drive firmware is one of the most advanced ever discovered, Kaspersky Lab said.

A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia.

Kaspersky Lab released a report Monday that said the tools were created by the “Equation” group, which it stopped short of linking to the U.S. National Security Agency.

The tools, exploits and malware used by the group — named after its penchant for encryption — have strong similarities with NSA techniques described in top-secret documents leaked in 2013.

Countries hit the most by Equation include Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, Kaspersky said.

Kaspersky’s most striking finding is Equation’s ability to infect the firmware of a hard drive, or the low-level code that acts as an interface between hardware and software.

The malware reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains.

“Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in a phone interview Monday.

Drives made by Seagate Technology, Western Digital Technologies, Hitachi, Samsung Electronics and Toshiba can be modified by two of Equation’s hard disk drive malware platforms, “Equationdrug” and “Grayfish.”

The report said Equation has knowledge of the drives that goes way beyond public documentation released by vendors.

Equation knows sets of unique ATA commands used by hard drive vendors to format their products. Most ATA commands are public, as they comprise a standard that ensures a hard drive is compatible with just about any kind of computer.

But there are undocumented ATA commands used by vendors for functions such as internal storage and error correction, Raiu said. “In essence, they are a closed operating system,” he said.

Obtaining such specific ATA codes would likely require access to that documentation, which could cost a lot of money, Raiu said.

The ability to reprogram the firmware of just one kind of drive would be “incredibly complex,” Raiu. Being able to do that for many kinds of drives from many brands is “close to impossible,” he said.

“To be honest, I don’t think there’s any other group in the world that has this capability,” Raiu said.

It appears Equation has been far, far ahead of the security industry. It’s almost impossible to detect this kind of tampering, Raiu said. Reflashing the drive, or replacing its firmware, is also not foolproof, since some types of modules in some types of firmware are persistent and can’t be reformatted, he said.

Given the high value of this exploitation technique, Equation very selectively deployed it.

“During our research, we’ve only identified a few victims who were targeted by this,” Kaspersky’s report said. “This indicates that it is probably only kept for the most valuable victims or for some very unusual circumstances.”

Another of Kaspersky’s intriguing findings is Fanny, a computer worm created in 2008 that was used against targets in the Middle East and Asia.

To infect computers, Fanny used two zero-day exploits — the term for a software attack that uses an unknown software vulnerability — that were also coded into Stuxnet, Kaspersky said. Stuxnet, also a Windows worm, was used to sabotage Iran’s uranium enrichment operations. It is thought to be a joint project between the U.S. and Israel.

It’s unlikely the use of the same zero-days was a coincidence. Kaspersky wrote that the similar use of the vulnerabilities means that the Equation group and the Stuxnet developers are “either the same or working closely together.”

“They are definitely connected,” Raiu said.

Both Stuxnet and Fanny were designed to penetrate “air-gapped” networks, or those isolated from the Internet, Kaspersky said.

The Equation group also used “interdiction” techniques similar to those used by the NSA in order to deliver malicious software to targets.

Kaspersky described how some participants of a scientific conference held in Houston later received a CD-ROM of materials. The CD contained two zero-day exploits and a rarely-seen malware doorstop nicknamed “Doublefantasy.”

It is unknown how the CDs were tampered with or replaced. “We do not believe the conference organizers did this on purpose,” Kaspersky said. But such a combination of exploits and malware “don’t end up on a CD by accident,” it said.

The NSA’s Office of Tailored Access Operations (TAO) specializes in intercepting deliveries of new computer equipment, one of the most successful methods of tapping into computers, wrote Der Spiegel in December 2013, citing a top secret document.

The German publication was one of several that had access to tens of thousands of spy agency documents leaked by former NSA contractor Edward Snowden.

Kaspersky uncovered the trail of the Equation group after investigating a computer belonging to a research institute in the Middle East that appeared to be the Typhoid Mary for advanced malware.

Raiu said the machine had French, Russian and Spanish APT (advanced persistent threat) samples on it among others, showing it had been targeted by many groups. It also had a strange malicious driver, Raiu said, which upon investigation lead to the extensive command-and-control infrastructure used by Equation.

Kaspersky analysts found more than 300 domains connected with Equation, with the oldest one registered in 1996. Some of the domain name registrations were due to expire, so Kaspersky registered around 20 of them, Raiu said.

Most of the domain names aren’t used by Equation anymore, he said. But three are still active. The activity, however, doesn’t lend much of a clue as to what Equation is up to these days, as the group changed its tactics in late 2013.

“Those three [domains] are very interesting,” Raiu said. “We just don’t know what malware is being used.”

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

US Military’s Central Command Twitter Hacked By Cyberattackers Claiming To Represent ISIS

US Military’s Central Command Twitter Hacked By Cyberattackers Claiming To Represent ISIS

A computer screenshot shows the U.S. Central Command Twitter feed after it was apparently hacked by people claiming to be Islamic State sympathizers January 12, 2015. The hackers published apparent intelligence material and what they said were names and addresses of military personnel.   REUTERS/Staff (UNITED STATES - Tags: MILITARY CRIME LAW POLITICS) - RTR4L5BH  

The Twitter account of U.S. Central Command, which oversees U.S. military operations in 20 countries throughout the Middle East and Asia, was hacked Monday by cyberattackers claiming to represent ISIS, who posted a message to American soldiers with the warning “watch your back.”

“ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now,” the attackers wrote.

A Tweet from the hackers included a link to a pastebin post warning they had hacked U.S. cybersecurity interests, and included links to the supposed stolen information. U.S. Central Command’s YouTube account also appears to have been hacked by the same attackers, who posted two YouTube videos appearing to be ISIS propaganda.

ISIS Sympathizers Hijack U.S. Military Social Media Accounts

Upon taking over the accounts, the hackers changed profile and wallpaper images to that of a masked militant with the words “CyberCaliphate” and “i love you isis.”

The messages described the hacks as acts of “CyberJihad” by the “CyberCaliphate,” and were followed up by tweets claiming to reveal secret information hacked from the Pentagon dealing with Korean and Chinese security interests. The attackers also posted lists of emails, addresses, phone and fax numbers belonging to U.S. military officers.

Google searches for some of the documents dumped by the hackers appear to show they were publicly available online prior to the hack.

U.S. Central Command’s Twitter and YouTube accounts were both suspended as of 1:30 p.m.

“We can confirm that the CENTCOM Twitter and YouTube accounts were compromised earlier today,” U.S. Central Command told the Daily Caller in a statement. “We are taking appropriate measures to address the matter. We have no further information to provide at this time.”

The hackers took control of the accounts while President Obama delivered a speech to the Federal Trade Commission about cybersecurity shortly before noon.

“I don’t have a lot of information on this,” White House Press Secretary Josh Earnest told reporters during a press briefing Monday afternoon. “I can tell you this is something we’re obviously looking into and something we take seriously. There’s a pretty significant difference between what is a large data breach and the hacking of a Twitter account. We’re still examining and investigating the extent of this incident.”

U.S. Central Command oversees the U.S. military-led airstrike campaign against ISIS in Iraq and Syria and the training of Iraqi troops in the region, where the Iraqi military is currently engaged in operations to reclaim territory seized by ISIS.

TheDC TheDC4

Follow Giuseppe on Twitter and Facebook

US Cyber Experts: North Korea Not Responsible For Sony Hacking

US Cyber Experts: North Korea Not Responsible For Sony Hacking

US cyber experts have expressed skepticism about the FBI’s conclusion that North Korea was behind the notorious attack against Sony Pictures Entertainment, citing lack of evidence

fbi hack cyber computer

Ekaterina Blinova – US cyber experts have expressed their doubts about North Korea’s involvement in the infamous hacking attack against Sony Pictures Entertainment last month.

“It’s clear to us, based on both forensic and other evidence we’ve collected, that unequivocally they are not responsible for orchestrating or initiating the attack on Sony,” said Sam Glines, the head of the cybersecurity company Norse, as quoted by CNN.

The experts insist that the evidence presented by the FBI is not enough to accuse North Korea’s communist regime for the cyber attack.

According to the FBI, “Guardians of Peace” (GoP), who broke into Sony’s Pictures computer system, used a malware similar to that used by North Korea in attacks against its southern neighbor. However, the malware code was exposed a long time ago and any hacker could have used it in order to break into the company’s computer network.

On the other hand, experts claim Pyongyang was not capable to carry out such a sophisticated hacking operation. Scott Borg the CEO of the US Cyber Consequences Unit, an independent research institute, claimed that although North Korea’s regime has a special cyber warfare group, the attack was “beyond the skill level we have been able to observe [in the country].”

Although Pyongyang has repeatedly expressed its outrage regarding the release of the “The Interview” movie, Sony Pictures Entertainment has plenty of other enemies “both internal and external,” the media outlet stresses. For instance, hackers calling themselves Lizard Squad, on December 25, recently brought down the Sony PlayStation network. Reportedly, the group was also behind the disruption of Microsoft’s Xbox service.

In addition, Sony Pictures’ former security employees, struck by recent layoffs, might have also been involved in cyber attacks, carried out apparently in retaliation for dismissal.

Sam Glines suggests that a former employee with code-name “Lena,” who had high access to the company’s servers and users’ data, could have been behind the attack since she had connections with GoP group. Citing the expert, CNN notes that “Lena” was probably mad about layoffs.” At the same time, “Lena” may have sympathized with cyber-pirates, Glines notes.

It is worth mentioning that neither FBI nor Sony Corp. has commented on the experts’ conclusions, regarding the alleged intruders or North Korea’s role in the attack.

“There are myriad other possibilities,” CNN points out, referring to numerous attacks conducted against Sony in the past, including the October 2012 theft of security keys which allowed users to run pirated games; an April 2011 data breach, when perpetrators obtained sensitive personal information of 77 million people; and a June 2011 cyber attack when hackers publicized up to 150,000 Sony Pictures records.

Cyber War Strike At Nuke Plant? Three South Korean Workers Killed At Plant

Cyber War Strike At Nuke Plant? Three South Korean Workers Killed At Plant

AP Photo/Ahn Young-joon

South Korea’s government-run hydroelectric and nuclear power company was threatened by an enigmatic group of hackers last week, at the same time the North Korean government was threatening to attack the United States and its allies for daring to suggest that Kim Jong Un’s regime might be behind the attack on Sony Pictures.  South Korea puts up with a steady stream of mischief from hackers who profess varying degrees of separation from the North Korean government, but this latest threat was taken very seriously.

The mysterious attackers stole and published blueprints of South Korean nuclear reactors and personal data on plant employees, along with some ominous technical data related to accidental radiation exposure, and suggested something bad would happen if at least three of the country’s 23 reactors were not shut down by Christmas Day.

As theUK Independent reported, anti-nuke radicals in Hawaii claimed responsibility for the data leak, but their culpability was not firmly established.  Students of the First Cyber War should by now be familiar with the shadow dances of deniability and separation conducted by hostile regimes, and the converse possibility that the work of independent digital vandals could be mistakenly attributed to foreign powers with aligned interests… especially if said foreign powers make a point of applauding when something goes kablooey.  Nobody’s wearing a uniform or marching under a flag in this new brand of warfare.

The South Korean government took the threat seriously enough to conduct emergency drills and step up cybersecurity efforts. Emergency teams were put on standby alertthrough New Year’s Day.

Reuters reported last Monday that although South Korea’s KHNPC power company said the data stolen by the hackers was “non-critical,” and expressed confidence it could block more serious attacks designed to compromise plant operations, doubts were expressed by some security analysts.

“This demonstrated that, if anyone is intent with malice to infiltrate the system, it would be impossible to say with confidence that such an effort would be blocked completely, and a compromise of nuclear reactors’ safety pretty clearly means there is a gaping hole in national security,” warned Suh Kune-yull of Seoul National University.

Today brings word that a fatal accident has occurred at the site of a nuclear plant under construction in the southeastern city of Ulsan.  According to a report by International Business TimesKHNPC does not officially believe the incident is linked to the hacker attack from earlier this week, but the circumstances surrounding the death of three plant workers remain murky.

Apparently some form of toxic gas was accidentally released and inhaled by the three workers, who passed out and were transported to a nearby hospital, where efforts to revive them proved unsuccessful.

It’s not yet known if the gas system was connected to a computer that could have been hacked to trigger its release, or compromised with more mundane forms of sabotage; in fact, the South Korean energy ministry is still uncertain about what sort of gas was released, theorizing that it might have been nitrogen from the cooling system. According to reports at both IBT and the Associated Press, KHNPC won’t even confirm if the plant under construction had a nitrogen cooling system.

For the moment, all evidence is speculative and circumstantial.  This could have just been a terrible accident, coincidentally occurring after threats leveled against the South Korean nuclear power industry by hackers who may have been freelance environmental extremists.

Some will laugh at the notion that such a convenient disaster could have occurred coincidentally, while others – particularly those who remain skeptical that the North Korean government had a direct role in the Sony attack – will caution against drawing conclusions based solely on the denial that random misfortune is possible.  It’s a safe guess that those South Korean standby security teams are going to have an even less relaxing holiday week than they thought.

North Korea blames the U.S. for Internet outages, calls Obama a “monkey”

North Korea blames the U.S. for Internet outages, calls Obama a “monkey”

By JACK KIM, Rueters

obama monkey

(Reuters) – North Korea called U.S. President Barack Obama a “monkey” as it blamed Washington Saturday for Internet outages that it has experienced amid a confrontation with the United States over the hacking of the film studio Sony Pictures.

The National Defence Commission, the North’s ruling body, chaired by state leader Kim Jong Un, said Obama was responsible for Sony’s belated decision to release the action comedy “The Interview”, which depicts a plot to assassinate Kim.

“Obama always goes reckless in words and deeds like a monkey in a tropical forest,” an unnamed spokesman for the commission said in a statement carried by the official KCNA news agency, using a term seemingly designed to cause racial offence that North Korea has used before.

Sony cancelled the release of the film when large cinema chains refused to screen it following threats of violence from hackers, but then put it out on limited release after Obama said Sony was caving in to North Korean pressure.

Obama promised retaliation against North Korea, but did not specify what form it would take.

North Korea’s main internet sites experienced intermittent disruptions this week, including a complete outage of nearly nine hours, before links were largely restored on Tuesday.

In the statement on Saturday, the North again rejected an accusation by the U.S. Federal Bureau of Investigation that North Korea was behind the cyberattack on Sony Pictures, and demanded that United States produce evidence for its accusation.

The National Defence Commission also dismissed U.S. denials of involvement in North Korea’s Internet outage.

“The United States, with its large physical size and oblivious to the shame of playing hide and seek as children with runny noses would, has begun disrupting the Internet operations of the main media outlets of our republic,” it said.

In a separate commentary, the North denied any role in cyberattacks on South Korea’s nuclear power plant operator, calling the suggestion that it had done so part of a “smear campaign” by unpopular South Korean leaders.

A South Korean official investigating the attacks this week, which led to leaks of internal data from Korea Hydro and Nuclear Power, said authorities were not ruling out North Korean involvement.

“The South Korean puppet authorities are working hard to link this case with (us) though the truth about it has not been probed,” Minju Joson, the official publication of the North’s cabinet, said in a commentary carried by KCNA.

By  the way, here’s how Liberals will see this:

Bush Obama Monkey

Obama: North Korea’s hack not war, but ‘cybervandalism’

Obama: North Korea’s hack not war, but ‘cybervandalism’

By Eric Bradner, CNN

STORY HIGHLIGHTS

  • President Obama stands by his criticism of Sony’s decision to cancel film’s release
  • But he said North Korea’s alleged actions are acts of vandalism, not war
  • Sony executive said he was “disappointed” in Obama’s Friday comments
  • Human Rights Foundation plans to drop copies of “The Interview” over North Korea

Watch Candy Crowley’s interview with President Barack Obama on“State of the Union with Candy Crowley,” Sunday at 9 a.m. ET on CNN

Washington (CNN) — President Barack Obama says he doesn’t consider North Korea’s hack of Sony Pictures “an act of war.”

“It was an act of cybervandalism,” Obama said in an interview with CNN’s Candy Crowley that airs Sunday on “State of the Union.”

But he stuck by his criticism of Sony’s decision to cancel its plans to release the movie “The Interview,” which includes a cartoonish depiction of the assassination of North Korean leader Kim Jong Un, after the country threatened attacks against theaters that showed it.

Obama said in a Friday news conference that Sony made “a mistake,” and that he wished the company had called him first. That led Sony Entertainment CEO Michael Lynton to tell CNN that Obama and the public “are mistaken as to what actually happened.” He blamed movie theater companies that opted not to show the film, saying they forced Sony’s hand.

Related: Sony exec fires back at Obama

Investigators: Hackers stole Sony passwords

Obama shot back, saying: “I was pretty sympathetic to the fact that they have business considerations that they got to make. Had they talked to me directly about this decision, I might have called the movie theater chains and distributors and asked them what the story was.”

The President told Crowley that his problem wasn’t with Sony specifically, but with the precedent the company’s decision set.

The FBI on Friday pinned blame on North Korea for a hack into Sony’s computer systems. Obama said both foreign governments and hackers outside government present cyberthreats that are part of the modern business landscape.

“If we set a precedent in which a dictator in another country can disrupt through cyber, a company’s distribution chain or its products, and as a consequence we start censoring ourselves, that’s a problem,” Obama said.

“And it’s a problem not just for the entertainment industry, it’s a problem for the news industry,” he said. “CNN has done critical stories about North Korea. What happens if in fact there is a breach in CNN’s cyberspace? Are we going to suddenly say, are we not going to report on North Korea?

“So the key here is not to suggest that Sony was a bad actor. It’s making a broader point that all of us have to adapt to the possibility of cyberattacks, we have to do a lot more to guard against them.”

Lynton, speaking to CNN’s Fareed Zakaria, said he was “disappointed” in what Obama said Friday.

“We have not given in. And we have not backed down. We have always had every desire to have the American public see this movie,” Lynton said.

But that’s not what the company initially said after canceling the film’s release.

On Wednesday night, a studio spokesperson said simply, “Sony Pictures has no further release plans for the film.”

The nonprofit Human Rights Foundation is pushing a campaign called #HackThemBack, inviting “those who support freedom and democracy” to “help North Korean defectors amplify, refine, and intensify efforts to break the monopoly of information” that the regime imposes on its people.

The group also plans to buy copies of “The Interview” and include them in balloon drops over North Korea, founder Thor Halvorssen said.

Sony Hacking Attack: Is The US Actually Behind The Attack?

Sony Hacking Attack:  Is The US Actually Behind The Attack?

Is Past Hacking Attacks Blamed On Other Countries, US Finally Confesses To The Crime

The White House claims North Korea is responsible for the Sony hack; Here’s what they’re not telling you:

See CNN speculate that North Korea may NOT be to blame for this attack asserting the US has played the blame game before only to be found guilty of committing the attack.