Return to Transcripts main page
The Situation Room
U.S.: Cyberattack on Sony a National Security Threat; Iran Suspected in Cyberattack on U.S. Casinos; Hackers Stole Credentials of Sony Official; Inside the Scene of Taliban Attack
Aired December 18, 2014 - 17:00 ET
THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.
WOLF BLITZER, CNN ANCHOR: Happening now, new demands to punish North Korea for the cyber-terror attack on Sony. The president's national security team has been meeting as the U.S. prepares to blame Kim Jong-un's regime.
We're learning secrets about the nerve center for North Korea's cyber warfare. A defector is opening up to CNN about the country's vast army of online attackers.
And a triple kill. New confirmation that U.S. airstrikes are taking a toll on top terrorists in ISIS.
I'm Wolf Blitzer. You're in THE SITUATION ROOM.
ANNOUNCER: This is CNN breaking news.
BLITZER: Let's get to the breaking news this hour. The White House now is calling the cyberattack on Sony a national security threat against the United States that's been taken very seriously. U.S. investigators say an announcement pinning the blame on North Korea is expected soon.
Top Obama administration officials are meeting daily. They say they're planning a proportional -- that's their word -- a proportional response to what many are calling an act of cyber-terror.
There's intensifying debate about Sony's decision to cancel release of the film entitled "The Interview" and whether it amounts to giving in to terrorists.
He chairman of the House Foreign Affairs committee, Ed Royce, he's standing by along with our correspondents, our analysts as we cover all the breaking news.
But let's begin with our justice correspondent, Pamela Brown. She has the very latest -- Pamela.
PAMELA BROWN, CNN JUSTICE CORRESPONDENT: Well, Wolf, we know right now U.S. officials are hammering out language as they try to figure out how to respond and hold North Korea accountable. This in the wake of the extraordinary move by Sony not to release its controversial comedy "The Interview."
(BEGIN VIDEOTAPE)
BROWN (voice-over): U.S. officials are preparing to place the blame on North Korea for the unprecedented hack on Sony, an attack that led to the company pulling the plug on its comedy, "The Interview," depicting the assassination of Kim Jong-un.
UNIDENTIFIED FEMALE: Take him out.
BROWN: Law enforcement officials say the blueprint of the current attack mimicked a hack against South Korean banks and media organizations last year. According to a North Korean defector, the North Koreans have a vast, secretive network of hackers around the world called Bureau 121.
JON LOOMIS, CEO, CYBERSPONSE: Bureau 121 is a highly sophisticated organization under the military branch of the People's Republic of North Korea. And what this group is designed to do is to advance their cyber-warfare capabilities.
BROWN: Sony executives are calling the hack an act of terrorism. Now the Obama administration under mounting pressure to respond; yet so far the administration is hesitant to publicly point the finger at North Korea.
JEH JOHNSON, HOMELAND SECURITY SECRETARY: We've got to consider a range of serious options which we're doing right now in the U.S. government about how to respond to it.
BROWN: U.S. officials tell CNN that's because the White House is still trying to decide how to hold North Korea's feet to the fire. One option on the table: tougher sanctions. North Korea could be crippled if the U.S. goes after Chinese banks that do business with Pyongyang, or the U.S. could flex its cyber-muscles and flex an attack on Pyongyang's computer systems.
STEWART BAKER, FORMER NSA GENERAL COUNSEL: Right now, the North Koreans feel they're winning. The only way that we will stop them is if they are persuaded that this was a bad idea. And so we have got to react in a way that deters future attacks of this kind.
BROWN: There is also a legal option: returning an indictment like the U.S. did against five Chinese military hackers earlier this year. But sources tell CNN there is not enough evidence yet to tie the Sony hack to specific individuals.
As Washington scrambles to figure out an appropriate response, one former homeland security official warns this remarkable decision to pull the film is a serious mistake.
BAKER: There are a lot of countries that would like to censor Americans. And if we start giving into it, there won't be an end to it.
(END VIDEOTAPE)
BROWN: And Wolf, sources tell us that at this point in the investigation, there is not enough evidence to rule out that a Sony insider or someone else may have been involved in this, but I want to emphasize, the FBA [SIC] -- FBI investigation is still ongoing, Wolf.
BLITZER: All right. Pamela, thanks very much.
Let's get some more now about possible U.S. retaliation options against North Korea. Our chief national security correspondent, Jim Sciutto, is with us.
I know you're looking at it. This is not an easy thing for the Obama administration to come up with what to do, now that they're convinced North Korea was directly responsible.
SCIUTTO: That's right. They have a number of options on the table, as Pamela said. They have not decided which options they're going to choose. The White House says that it wants a proportional response but one that does not give into any North Korean provocation. They are clearly still trying to work out how to achieve that. We now that here are some, several of the options under discussion.
Naming and shaming North Korea publicly would be a first step. It's a move that the U.S. took years to make with Beijing despite its multiple and systematic cyberattacks against U.S. businesses and government departments.
Now, if investigators do identify individuals behind the attack and that is something that they are still far away from at this point, the U.S. Could also file criminal charges against North Korean hackers. Again, a step that the U.S. took against an elite Chinese group of hackers earlier this year.
More likely is the U.S. to tighten already stringent sanctions on the dirt-poor North Korean economy, including applying those stricter restrictions on Pyongyang's access to dollar-denominated trade, as Pamela mentioned. That is the communist state economic lifeline to food, fuel and, crucially, to weapons. It's a tactic the administration has had success with, applying against Iran regarding its nuclear program; more recently against Russia following its invasion of Crimea and Eastern Ukraine.
So Wolf, I think some of our viewers might be imagining what about a retaliatory cyberattack against North Korea, in fact, give them a taste of their own medicine? That is something the U.S. is extremely wary about, whether it's with China or North Korea. The last thing they want to do is start up some sort of cycle of cyberattack and counter attack that could escalate.
Because, you know, with North Korea very unpredictable, the extreme worry that it escalates into some sort of military action. And there is concern about North Korea perhaps launching another missile or testing another nuclear device. That said, I'm told that the administration has not seen any of the signs of preparation that North Korea would have to do to take such a step. So they're not concerned about that in the near term.
BLITZER: It's interesting that they use the word proportional. Whatever the U.S. does do, assuming it blames North Korea directly, the response will be proportional. I guess they don't want to go too far, because it would make matters, as you say, even worse.
SCIUTTO: No question. I think by using that word, in effect, they're telegraphing, to some degree, to the North Koreans as well, that yes, we are angry, and we've been told that they're ready to identify them. But the U.S. is going to go no further, because again, they want to send that message. We don't want to turn this into any sort of cyberwar or perhaps something worse.
BLITZER: All right, Jim. Thanks very much. Jim Sciutto reporting for us. There are certainly a lot of second guessing about Sony's decision to actually cancel the release of the film "The Interview."
Did the White House or the State Department have a say in that decision? Let's bring in our White House correspondent, Jim Acosta. He's taking a closer look at this part of the story.
What are they saying over there at the White House, Jim, about the decision to formally cancel the film?
JIM ACOSTA, CNN WHITE HOUSE CORRESPONDENT: Well, the White House is describing the cyberattack on Sony as a serious national security matter. And in the words of a top administration official, a response is coming.
White House press secretary Josh Earnest declined to specify whether North Korea is behind the hacking. But in the toughest rhetoric to date on this situation, Earnest described the attack and those threats on those movie theaters as, quote, "destructive activity with malicious intent," end quote. And that the activity merits an appropriate response from the United States.
Earnest would not say whether that means sanctions or some sort of cyber response, as Jim and Pam were talking about, but a senior administration official wanted to make it very clear, saying the White House absolutely did not put pressure on Sony to pull "The Interview" from theaters, no pressure, Josh Earnest told reporters earlier today.
(BEGIN VIDEO CLIP)
JOSH EARNEST, WHITE HOUSE PRESS SECRETARY: The United States stands squarely on the side of artists and companies that want to express themselves. And we believe that that kind of artistic expression is worthy of protection and is not something that should be subjected to intimidation just because you disagree with the views.
(END VIDEO CLIP)
ACOSTA: Now to hammer that home, Earnest said officials would not be opposed to a presidential screening of "The Interview" at the White House, like other films that are shown here for the president and special guests. That's an indication that the White House views Sony's decision to pull "The Interview" as something of a problem. And we should point out, Wolf, there have been consultations
between the FBI and Sony. And a senior administration official said those conversations were relayed to the president's national security team. For now the White House says it's waiting on investigators from the FBI and the national security team at the Justice Department to wrap up their investigation and, as everybody has been indicating, that appears to be happening soon -- Wolf.
BLITZER: It's moving along. As you know, the president yesterday said the American people should simply go to the movies when he was asked about all of this. What did he mean by that? Because it sounds -- at least it sounds like he's not all that concerned.
ACOSTA: Well, you know, it is a sign of what people at the White House are saying, in that it's really contrary to American values for people to fear fearful about going to the movies because of one particular film that's been criticized by hackers.
It is also a sign from what we're hearing from multiple sources, Wolf, in that there was no chatter in this intelligence to suggest that these threats in these theaters were going to be carried out.
But no question about it, they're very, very concerned about this matter at the White House, and they say a response is coming, Wolf.
BLITZER: All right. Jim Acosta at the White House, thank you. The White House describing the cyberattack on Sony as a serious national security matter. In the words of top administration officials, a response is certainly coming.
The White House press secretary, Josh Earnest declined to specify whether a foreign government is behind the hacking, but in the toughest rhetoric to date on this situation, he described the attack and the threats on movie theaters destructive with malicious intent and that the activity merits further action.
Tonight, we're also learning more about the secret nerve center for North Korea cyber-terror, known as Bureau 121. A defector tells CNN hundreds of computer warriors in North Korea may be working on attacks right now.
CNN's Kyung Lah is joining us now live. She's in Seoul, South Korea with new details. What are you learning, Kyung?
KYUNG LAH, CNN CORRESPONDENT: Well, this is something, this bureau known as Bureau 121 out of North Korea, it's something that's concerned the government of South Korea for some time.
And now there is this new wrinkle, the idea of going overseas. These hackers spread around the world, we're learning, with one sole mission: to hack and cripple western interests.
(BEGIN VIDEOTAPE)
LAH (voice-over): North Korean soldiers, a Technicolor parading force against the west. On state-run television, a near ridiculous bravado of the military.
But there are unseen soldiers in Kim Jong-un's cyberwar versus the west. They have no face and only known by a number, Bureau 121.
(on camera): What is Bureau 121?
(voice-over): "They conduct the cyberattacks against overseas and enemy states," says Jang Se-yul (ph). Jang is a North Korean defector, former Pyongyang military computer systems worker, now in South Korea, independently attempting to crumble an agency nearly impossible to chase.
Bureau 121, a shadow agency with an unknown number of the regime's hand-picked shadow agents placed in countries around the world. Jang believes there are approximately 1800 of them, though he says the agents themselves don't know how many exist.
We can't verify Jang's claims about the shadow group, but he says he's obtained from a current operative hundreds of financial files, hacks from South Korean banks, complete with names and other bank account details.
LAH: Is the cyberwar the real war for North Korea?
"Raising cyber agents is fairly cheap," he says. "The world has the wrong view of the North Korean state. With that incorrect world view, North Korea was able to increase its ability to launch cyberattacks."
South Korea learned the hard way. Banks across the country last year were paralyzed, ATMs frozen for days. Media outlets went dark, servers jammed or wiped.
North Korea denied it was the source of a hack. But in the wake of the attack, South Korea beefed up its own cyber forces, declaring the online war as dangerous as Pyongyang's nuclear ambitions.
North Korea exists in the land of over-the-top propaganda, while experts say it wages its parallel war in cyberspace, led by a young man of the Internet age, ushering in of the Korean War.
(END VIDEOTAPE)
LAH: While we're waiting for that official acknowledgment out of Washington, here in South Korea, there's little doubt who is responsible. At least that's the general consensus. They've moved, Wolf, to now wondering what's next -- Wolf.
BLITZER: We probably will find out sooner rather than later. Thanks very much, Kyung Lah reporting live from Seoul, South Korea.
Joining us now, the chairman of the House Foreign Affairs Committee, Republican Congressman Ed Royce. Mr. Chairman, thanks very much for joining us.
Is it confirmed, in your mind, that North Korea is responsible for this cyberattack?
REP. ED ROYCE (R-CA), CHAIRMAN, HOUSE FOREIGN AFFAIRS COMMITTEE: Yes.
BLITZER: There's no doubt in your mind it was North Korea?
ROYCE: It's no doubt in my mind that they began the attack, whether or not others joined in. There's no question but what they began the attack.
BLITZER: When you say "others," another government or individuals who were hired, subcontractors, if you will. But the organization of this, the plot was created by the North Korean regime?
ROYCE: That is correct.
BLITZER: No doubt about that?
ROYCE: No doubt about it.
BLITZER: Is the administration going to announce that? Because they're -- they're going to have to tell the American people if that's what they concluded, right?
ROYCE: They're already briefing -- they haven't decided upon their response yet, but the briefs unofficially already.
BLITZER: They are already briefing members of Congress, key members. But they haven't told you yet what they're going to do about it?
ROYCE: They're briefing, actually, key members of the press. And at the same time, there is obviously growing evidence from what has been leaked out from especially this one particular North Korean defector who actually taught these classes that he had a directive from President Kim Jong-Il at the time in North Korea.
BLITZER: From the late president? The father of Kim Jong-un?
ROYCE: To bring this number of hackers up to 3,000, and they were supposed to use malware and they was very explicit about how this malware would be utilized. It has already been utilized against South Korea in just these types of cyberattacks.
BLITZER: Because we saw what happened in South Korea, the banks to other industries. They were paralyzed for days when, presumably, North Korea hacked into their system.
If you can't get into your online account or your ATM and this goes on for weeks, it's a problem. And from the calculus on the part of the North Koreans, they don't have a banking system. They don't have this kind of infrastructure.
So to go on offense here, this is the cheapest way. And frankly, there's only two real areas where they put all of their -- all of their capital. One is in their nuclear program, weapons program and then second is in this particular unique expertise that they're developing.
BLITZER: So it jumped out at me when I was listening to the White House press briefing today. The press secretary, Josh Earnest, said there would be a proportional response. I guess he was suggesting that if the U.S. went too far, that could make matters even worse. In your mind, what is a proportional response?
ROYCE: Well, you have to find a response, you know, a proportional response to hack into North Korean computers, that is not going to be very effective because, frankly, their infrastructure is such that they don't run off of a computer system. I've been once in North Korea.
And, frankly, you know, their economy is not an economy that you can really attack in this way. It seems to me that their total dependency upon financial transfer of hard currency into the regime is the only thing that would be affected.
BLITZER: And could the U.S. impose sanctions that would obliterate that opportunity for their economy to get hard currency? I think if we sanctioned a dozen banks, the ones that do financial transactions with North Korea, that would absolutely implode their economy.
ROYCE: These are mostly Chinese, but in the past when we've done it in 2005 when we caught them counterfeiting U.S. currency, it was very effective.
BLITZER: That presumably is on the agenda. We'll hear sooner, rather than later, from the administration. Do you have any idea when they're going to go public and make the announcement?
ROYCE: No. But I would -- I would mention that I have legislation to do that that I passed back in June over in the Senate. So...
BLITZER: You and Mike Rogers are working on this? The outgoing chairman of the House Intelligence Committee.
ROYCE: That is correct.
BLITZER: So why didn't that -- because you've been working on it for a long time, right? What's the problem? Why hasn't it passed?
ROYCE: We had bipartisan support for it, but we weren't able to convince the administration at the time, and so it was held in the Senate. And it didn't come up in the Senate until at the very end when there was discussion of moving it. But when we go back in on January 6, we can certainly pass this legislation immediately and give the president the ability and direction to do this.
BLITZER: But basically, it will allow the U.S. government, federal government to help corporations like Sony deal with this problem, right?
ROYCE: Because we'll have a credible deterrence. Any nation state that would attempt to do this will see what happened in North Korea and, frankly, that economic collapse would have other benefits because, in all probability, the generals around him would say, "OK, that was an error. Let's now engage with the United States."
BLITZER: The most important thing your legislation would do is...
ROYCE: Well, it would -- it would prohibit financial transactions with North Korea. They're totally -- they are dependent upon hard currency coming into the country. And by blocking that, it would collapse their financial system, their ability to have currency, not just to pay their military but also to carry out their nuclear weapons...
BLITZER: So it's basically more sanctions. The administration has this capability to do it on its own if they want to do it.
ROYCE: But my assumption is, dealing with this administration, it will have to be jump-started by legislation from Congress directing it to do it, because we haven't known -- they have shown a real reticence to reacting to this kind of...
BLITZER: So basically, any country that hacks the way North Korea allegedly is doing to the United States, they would pay a severe price if your legislation becomes the law of the land?
ROYCE: Correct.
BLITZER: All right. Stand by, Mr. Chairman. We've got a lot more to discuss. We're watching the breaking news. We'll see when the Obama administration make this is formal announcement saying that North Korea did it, that they were responsible for targeting Sony Pictures. We'll be right back.
(COMMERCIAL BREAK)
BLITZER: We're back with the House Foreign Affairs Committee chairman Ed Royce, following the breaking news on the cyberattack against Sony and a possible U.S. response, which could come soon.
Another story is breaking right now. A senior U.S. military official tells CNN U.S. airstrikes have now killed three ISIS leaders; two of them are described as top-level officials.
Mr. Chairman, what can you tell us about these high-level officials? Big deal, little deal?
ROYCE: Big deal. This is -- they are high level. This is a serious advance. It would be nice to hit al-Baghdadi, but I must say, this is -- this is important.
BLITZER: The top leader, al-Baghdadi, he was -- he's still around?
ROYCE: He's still around, but this is -- this is important. What is equally important is that we expand these -- this air
cover and that we get the weapons to the Kurdish forces, to the Free Syrian Army and so forth so that those who are recruiting into ISIS see that ISIS is actually losing on the battlefield.
They will -- they will replace the senior management in their organization, but for the recruitment purposes, what we really need to see is them rolled back on the ground, and we haven't seen that yet.
BLITZER: Reuters is reporting -- I found this intriguing; you probably know this -- 97 percent, they say -- they did a check -- of all of the December airstrikes against ISIS in Syria and Iraq were done by the United States. The allies did 3 percent.
What's going on here? Because originally, we thought these allies were really going to be major players.
ROYCE: Well, more of the same. It turns out that the U.S. leadership is very, very important, but also it turns out that we've got to keep up the pressure on the allies to do their part of the heavy lift. And so I think it's discouraging, but it's not unlike previous experiences.
BLITZER: Yes, that's what I remember happening early on.
All right. Let's talk a little bit about this other horrific story. A mass grave with 230 bodies were discovered in Syria. It's horrific. I guess the question is these airstrikes that are going -- is it enough? Because it looks like ISIS is still around and very much a player.
ROYCE: There's the possibility of using sort of an Arab League, using those on the ground who could go in in Western Iraq and help tribes such as these. Now, this particular tribe in Syria has lost over 900 of its men in combat.
If you look at the tribes in Anbar province that in the past have fought against Al Qaeda, those particular tribes need to be approached and supported.
Jordanian forces and others could do that, but the United States needs to be more engaged with their power to give the kind of support that would allow not just the Jordanians but, again, the Kurds, Free Syrian Army -- and so far we've been lackluster in encouragement.
BLITZER: So this is going to be a long, drawn-out battle, this war against ISIS?
ROYCE: And unfortunately, the longer it goes on, the longer we wait in terms of turning the tide, the more recruits they're going to get from foreign fighters. And the more expertise those foreign fighters will get in country.
BLITZER: Let me pick your brain on Cuba for a moment. The White House today intriguingly not necessarily ruling out an invitation to invite the Cuban president, Raul Castro, to come to Washington, to meet with the President of the United States.
Yesterday President Obama said he's not ruling out a visit to Havana during his final two years. This is pretty breathtaking what's going on right now, all of a sudden this effort to normalize relations between the United States and Cuba.
Can you imagine Raul Castro coming to the Oval Office, President Obama going to Havana?
ROYCE: Well, here's what I would ask the president to say as part of these negotiations before that happens. I would ask him to say to Raul Castro, "Let's work this out so that your workers, your workers, instead of getting 5 percent of their paycheck and the money going into, you know, the account that your government controls, let's work it out so that -- so that the workers are directly paid by the U.S. firms that go down there."
If you do that, you can, frankly, get not only engagement, but you can get the changes that I think the administration wants in terms of liberalization of trade.
But it should be dependent upon actually empowering the Cuban workers, just as we did in Vietnam to make certain that the money, the checks no longer went to Hanoi but instead went to the workers. This is the next step that should be taken.
BLITZER: All right. Chairman Royce, thanks very much for coming in. Chairman Ed Royce is the chairman of the House Foreign Affairs Committee.
Merry Christmas and Happy New Year to you, as well.
ROYCE: Merry Christmas and Happy New Year.
BLITZER: All right, thank you.
Coming up, North Korea is not the only nation suspected of cyberattacks inside the United States. Up next, we have disturbing details about another U.S. Adversary, Iran in this case, now suspected in an attack on U.S. casinos. And how should the United States respond? We're going to put together a special panel of top national security experts. Much more on the breaking news right after this.
(COMMERCIAL BREAK)
BLITZER: The White House is now labeling the cyber attack on Sony Pictures a national security threat to the United States and promising a, quote, "proportional response." U.S. investigators have concluded that North Korea is behind the attack.
We're also learning today new details about a computer attack earlier this year. The source, another long-time adversary of the United States.
CNN's Brian Todd is looking at this part of the story for us.
Brian, what are you learning?
BRIAN TODD, CNN CORRESPONDENT: You know, Wolf, many people think the attack on Sony was the first time a foreign government tried to destroy the computer network of a major company simply because it didn't like something that company said or did. but tonight we're learning new details on attack on the most lucrative casino operation in the world, an effort, allegedly, to punish that company for comments made by its chairman.
(BEGIN VIDEOTAPE)
TODD (voice-over): A cascading attack, servers shut down, screens go blank, a rush to unplug computers. This wasn't the hack on Sony. This attack hit the world's largest casino operations including the Venetian Hotel in Las Vegas 10 months ago. And this also may have been the work of a rogue nation.
CNN has learned on February 10th of this year, thousands of employees at Sands Casino in Las Vegas and Bethlehem, Pennsylvania, had their computers hit. One former employee says, quote, "Hundreds of people were calling IT." Iran is suspected to be behind the attack. According to reports in Bloomberg Business Week and Slate. Sands won't comment. One expert believes Iran has the capability to do this.
JASON HEALEY, CYBERSECURITY EXPERT, THE ATLANTIC COUNCIL: What the Iranians and now apparently the North Koreans are doing are taking these tactics that Anonymous has used and these other non-state groups and really bringing this now nation state level to the attacks.
TODD: The FBI tells CNN the investigation is ongoing. A Sands official says gambling operations weren't affected but the company was rattled. A former Sands employee says customers couldn't book rooms online for a couple of weeks.
If Iran is the perpetrator, why would they launch a cyberattack on the casinos just months before the hack?
Sheldon Adelson, the billionaire CEO of Sands, suggested hitting Iran with a nuclear missile in an uninhabited desert to force the country to abandon its nuclear program.
SHELDON ADELSON, CEO, LAS VEGAS SANDS CORP.: You want to be wiped out, go ahead and take a tough decision and continue with your nuclear development.
TODD: Iranian officials did not respond to CNN's request for comment.
As chilling as these alleged attacks by Iran and North Korea are, did the U.S. and Israel start the trend with the Stuxnet attack that crippled Iran's nuclear centrifuges? One expert says Stuxnet was different.
HEALEY: This was traditional national security taking down in line with the U.N. Security Council sanctions, some of -- one of the worst regimes on the planet trying to develop some of the world's worst weapons.
TODD: But the Sands and Sony hacks, experts say, could embolden those regimes to take it one very dangerous step further.
FRANK CILLUFFO, SDI CYBER RISK PRACTICE: Other sectors such as our finance and banking community and our power plants and the like that provide life and safety functions for our economy and for our country could be the potential next target.
(END VIDEOTAPE)
TODD: But one expert says what may keep Iran, North Korea or another U.S. enemy from hacking America's power grid or other infrastructure is the knowledge that if Americans start getting hurt or killed by those attacks, the retribution will be severe -- Wolf.
BLITZER: What are you hearing specifically about Iran's capability in these kinds of cyberattacks? We know North Korea has that capability.
TODD: Right.
BLITZER: China has that capability. What about Iran?
TODD: We're hearing that similar to North Korea, experts say that, Iran has really been expanding its capability to hack since those Stuxnet attacks in 2010 that crippled about a fifth of its nuclear centrifuges. One cybersecurity expert says that Iran -- it's got a capability like North Korea's, meaning some hackers work for the government but he says that he believes the Revolutionary Guard also has teams of freelancer hackers on the outside that help it launch attacks but also help it cover its tracks when an attack is launched.
BLITZER: Yes. And I've been told by experts you don't need a lot of hackers. You just need a few --
TODD: That's right.
BLITZER: -- who really know what they are doing.
TODD: Absolutely.
BLITZER: And making -- cause incredible damage, they can go inside that system and it just steals stuff for months at a time and then start releasing it and it's a disaster, obviously.
TODD: Yes.
BLITZER: As we've seen with Sony Pictures and what's happened there. All right.
TODD: And very hard to trace, of course, too.
BLITZER: Obviously. All right. Brian, thanks very much.
Our justice reporter Evan Perez has been working his sources. He's here with breaking news about the Sony computer attack.
What are you learning, Evan?
EVAN PEREZ, CNN JUSTICE CORRESPONDENT: Well, Wolf, we're hearing that U.S. investigators have found evidence that indicates these hackers stole the credentials, the computer credentials for a system administrator at Sony and in that way were able to roam the entire network of the company. One source described it to me as having the keys to the entire building.
And this, Wolf, one reason why there's been speculation that this job was something -- that it was an inside job, that this hacking attack was actually something done from the inside. We're told by sources that the U.S. does not believe that that's the case. They found no indications of this. Instead, we have the FBI, the NSA, we have -- every part of the U.S. National Security apparatus has been working on investigating this hack, Wolf.
And they have found -- they found traces, fingerprints, digital fingerprints that lead this right back to North Korea -- Wolf.
BLITZER: I just want to be precise on the breaking news that you are getting, Evan. They managed to get from somebody on the inside the credentials, if you will, the passwords, whatever they need in order to get into the system, open the door and then start stealing all of this information? Is that what you're saying?
PEREZ: They managed to steal that -- these credentials, Wolf. They managed to steal the credentials of somebody who basically had access to the entire computer network for the company.
Now this is -- this is the typical MO of really good hackers, right? This is what you would do to make sure that you have access to everything. It doesn't help if you just do a pinpointed attack. You have to make sure that you can get to everything and this is what these hackers were able to do.
BLITZER: How do you do that? It makes it sound pretty simple. You steal the credentials of one person who works there on the inside and that opens up the door? It sounds like a pretty simple operation if that's all it needs -- you need.
PEREZ: It sometimes starts really small, Wolf. It starts with receiving a phishing e-mail, an e-mail that you click on which looks like it's from someone that you know but instead installs malware on your computer system and then with that you can steal the key strokes, passwords if you will, to get to the system and that's what the U.S. investigators believe might have happened in this case.
Now they're still working on this. They're still trying to figure out exactly who might have been able to do this. They say, though, that they know this came directly from North Korea.
BLITZER: Yes, we heard the chairman of the House Foreign Affairs Committee say he has received information from the administration, 100 percent convinced North Korea is responsible. Evan, thanks very much.
PEREZ: Thanks, Wolf.
BLITZER: We're standing by. We'll hear from the administration when they make the official announcement blaming North Korea. But let's discuss what's going on.
Joining us, our national security analyst Fran Townsend, our law enforcement analyst Tom Fuentes, the Georgetown University professor Victor Cha, his book, "The Impossible State" is about North Korea, and David Frum, a senior editor at "The Atlantic."
Guys, thanks very much.
Fran, sounds pretty easy to steal an administrator's credentials and then go in there and over a period of months steal everything else. It sounds relatively simple.
FRANCES FRAGOS TOWNSEND, CNN NATIONAL SECURITY CONTRIBUTOR: Well, it's not so simple, Wolf. What the hackers do and we know particularly state sponsors, they get in through a phishing attack. That is some attachment that has malware. The next step there, though, is to map the network. You really want to -- it's sort of like do a wire diagram of who's who.
That way you identify the system administrator. You know, we have -- when you're at work and you have a computer problem, you call IT. The person you get is the system administrator or somebody with administrative privileges who can look throughout the entire network. Once they identify that person or people, they steal those credentials and use it to download.
What that doesn't explain, Wolf, is why over the course of what would have been months to steal this amount of data, no real system administrator asked the question, where is all this data going and why.
BLITZER: It's a -- Tom Fuentes, it's a fascinating situation over there if in fact it's relatively, relatively easy to go in there and steal this information.
TOM FUENTES, CNN LAW ENFORCEMENT ANALYST: Well, it is. And, you know, to continue Fran's point, you know, when the FBI starts an investigation into something like this the first place they go are who are the people the company recently fired, particularly if they were system administrators because oftentimes these companies are lax and don't terminate their password. So they're disgruntled, they're no longer in the company but they have complete access, the keys to the kingdom, and go about getting even with the company that fired them. So you could have that here.
BLITZER: David, you were a speechwriter for the Bush administration. You were one of those guys who helped coin that phrase, axis of evil, right?
DAVID FRUM, FORMER BUSH SPEECHWRITER: I was on the team.
BLITZER: And the axis of evil --
FRUM: North Korea, which is acting more axis-y than ever. You know, your excellence start at -- to introduce this segment you, I think, missed what may be the most relevant precedent of all. In 2007, the Russians did a similar kind of attack on the state of Estonia for similar kind of ideological reason. Estonia taken down some Soviet era war memorials that the Russians regarded -- Estonians regard as a symbol of oppression, the Russians regard as their gift to Estonia along with deporting everybody to Siberia.
To punish them, the Russians shut down the Estonian state in much the same kind of way that we saw at the Sands and that we've seen here. And the point to this is to understand this is not just the kind of thing that is done by rogue states, by outliers in the national system. And maybe the very biggest hack of all was done against the United States by the government of China. This is the future of international great power conflict, not just something done by odd ball nations.
BLITZER: What's going to stop North Korea -- Victor Cha, you've spent your career studying North Korea. What's going to stop them? What would be a proportional U.S. response be that would convince North Korea this is not a good idea?
PROF. VICTOR CHA, DIRECTOR OF ASIAN STUDIES, GEORGETOWN UNIVERSITY: Wolf, the direct proportional response would be some sort of retaliation but we would never know about that. That would not be in the public realm.
You know, I think there'll be an FBI investigation, some sort of criminal indictment against the individuals. I think there'll be a ramping up of the bilateral cooperative discussions we have now with allies and partners in the region on cyber cooperation and cyber defense in particular Korea and Japan. And you know, even potentially China. We don't have a good cyber discussion with China but these sorts of attacks against Sony could happen against Chinese companies as well.
And it might be an opportunity for the United States and China to have a dialogue on cyber with regard to a third party. It might be helpful in some sense.
BLITZER: All right. I want everybody to stand by because we have a lot more to learn about what's going on. The ramifications are enormous. We'll take a quick break. We'll be right back.
(COMMERCIAL BREAK)
BLITZER: Welcome back. We're following the breaking news. Our justice reporter Evan Perez just broke it. U.S. officials now believe hackers stole the credentials -- the credentials of the senior Sony system administrator. Basically that was the equivalent of having the keys to the entire building. The White House now labels the cyberattack on Sony a national
security threat to the United States and they're promising a proportional response. U.S. officials do believe that North Korea is responsible for this operation.
We're back with our panel.
David Frum, what would you call these attacks from Iran and North Korea?
FRUM: I would call them acts of cyber piracy. They are not exactly acts of war. They are not threats against national institutions. They are attempts to abuse private actors. But they are -- they show us what the future of cyber warfare would look like and that is very much the example of the Russians in Estonia in 2007 and the things that Chinese were experimenting with early in the 2000s against the United States.
BLITZER: Sony is basically paralyzed right now, Fran. Their computer system are out. You can't e-mail. I don't even know if they can send checks out, make payroll. Stuff like that. How unprepared are major companies, private companies, in the United States for these kinds of cyberattacks?
TOWNSEND: Well, you know, Wolf, it varies across the -- you know, the sectors of business, the financial services sector, which suffers dedicated to denial of service attacks, is probably among the best secured prepared and spent the most amount of money on it. In fact, you know, CEOs of the major banks say that percentage of their revenue they spend on cybersecurity continues to grow.
And, look, not everyone is equally protected. Sony is a particularly bad example. You know, they had an attack last year that has not been sort of widely reported but this is not the first time. The better known one was the attack against the PlayStation 3. So this is not new to them and it's really inexplicable, going back to 2007, the chief information officer at Sony said, you know, it's a legitimate business decision.
We may decide that it's too expensive to prevent these things, we'll just deal with the aftermaths. And, of course, on days like this that seems like a horribly bad decision.
I would say, following up on Evan's breaking news, I've heard the same thing from sources about the theft of administrative privileges but I am hearing pretty clearly that this was a remote theft. That is, it was not an insider who gave away their privileges. This is something that the FBI and investigators have found was done remotely. They were able to map the network and steal the credentials.
BLITZER: Tom Fuentes, through some sort of phishing operation, they got the credentials, because I know a lot of people who go to North Korea, they're told don't take a cell phone with you, don't take a laptop, because whatever you have on there potentially could be stolen. FUENTES: Right. You know, the FBI has had a program for
decades, the InfraGard program, meeting with the heads of private industry in your territory and explaining the vulnerabilities and that they should do something to prevent it.
Fran is exactly right. When it's the bottom line, a lot of these companies gamble and think, well, we really -- it's like an insurance policy, well, do we really need security? That's almost the first place companies cut is their security department. And it's one thing if it's guards and gates of the physical security, and it's another thing if it's the infrastructure of their network or both. And in this case, you know, Fran is right that when they don't take the basic steps to protect themselves, this is what can happen. And they don't realize it can happen until it happens.
BLITZER: Victor, has the world basically, the U.S. companies, have they basically misjudged North Korea's capabilities? Is their technology a lot more sophisticated than most people gave them credit for?
CHA: Well, Wolf, it's certainly more sophisticated than the previous attacks we've seen against South Korean business and media companies over the past couple of years. I mean, Sony does appear like a very soft target, so one wonders why the North Koreans chose to do such a sophisticated attack against a very soft target.
You know, I think the other thing, Wolf, is that this is part of a broader strategy in North Korea where they are developing every possible asymmetric capability with which to use against big powers like the United States. It starts with obvious things like ballistic missiles and nuclear weapons, chemical and biological weapons, as well. But now they are demonstrating a not insubstantial cyber capability that could potentially do a lot of damage here in the United States.
So we are watching every day the North Koreans grow all of these capabilities to become much stronger than -- you know, by any metric whether it's soldiers or people, by any other metric, they're a very small -- as you said, isolated small power.
BLITZER: You know, one of my suspicions has been, Victor, and you're an expert on North Korea. Why they went after Sony? When I was in North Korea four years ago, you speak to those North Koreans, they hate the Japanese because of what the Japanese did to the Koreans during World War II. They have a long memory. To them it's only yesterday, if you will.
The fact that Sony is based in Japan, it's a Japanese corporation, is that an issue?
CHA: I mean, certainly very plausible theory of just another reason why they might have gone after Sony in particular.
As you know as well, Wolf, I think it's a confluence of things. It's obviously the story line of this particular movie. It's the fact that there is no diplomacy with the United States right now and they're trying to shock the United States into some sort of dialogue. But yes, the "we hate Japan" thesis is also very plausible.
BLITZER: Yes. All right. Victor, thanks very much.
Tom Fuentes, David Frum, Fran Townsend, guys, thanks very much.
Another major story we're following, Pakistan. Tomorrow, Pakistan concludes three days of national mourning for the 145 victims of this week's Taliban attack on a school.
Our senior international correspondent Nic Robertson among the reporters the Pakistan's military allowed in to see the devastation. We must caution you that his report contains many graphic and disturbing images.
(BEGIN VIDEOTAPE)
NIC ROBERTSON, CNN SENIOR INTERNATIONAL CORRESPONDENT (on camera): This is where the Taliban got into the school. They cut the barbed wire at the top of the wall, scaled it using bamboo ladders. Another team got in just down here. And then they took off towards the main buildings. They burst into here, the main auditorium. They split into two teams. It was full of children here, taking classes.
UNIDENTIFIED MALE (Through Translator): They shot me as soon as they came in. We tried to run. I was shot in my shoulder. The people who came, they had no sense of humanity in them.
ROBERTSON: So many of the children afraid, trying to hide underneath these benches. The class was going on. A brigadier was giving a lesson in first aid. The dummy, the operators, left where he fell.
And this is when things get really bad. The army says that the children fled for the door over here and the door here. A hundred of them were gunned down as they were trying to escape. Cold-blooded murder.
Everywhere you walk here, blood splatters are all over the ground. The Taliban, not satisfied with their killing downstairs, come up here to the computer lab. And one look inside this room and you can see immediately what's happened. Children gunned down while they're just typing at their computers.
Classroom after classroom, a pair of glasses sitting here. A child's pencils and pens lying on the floor, torn. Pieces of school work, this child has just been writing in his lessons. And here on the board where the teacher would have been standing, bullet holes. And then the place where the teacher fell.
And this is where the final showdown took place. The administration block, one of the attackers blowing up this suicide vest here. Shrapnel marks the wall, little pock marks from all the little ball bearings inside the suicide vest. And over here, rubble on the floor. Another suicide bomber had blown himself up. Chaos, devastation. The principal's office down here, she's killed. And right at the
end of the corridor, the last suicide bomber blows himself up. The deputy principal hides in there. She survives. And this here is what's left of the last attacker.
Nic Robertson, CNN, Peshawar, Pakistan.
(END VIDEOTAPE)
BLITZER: Hard to believe people can do that.
We'll have much more on the breaking news on North Korea. That's just ahead.
(COMMERCIAL BREAK)
BLITZER: Happening now. National security threat. The cyber terror attack on Sony raising new fears as the White House vows to punish the perpetrator.
How close is the U.S. to publicly blaming North Korea?