(Adds context on reference to Iran; detail of possible response to attack)
By David Brunnstrom and Jim Finkle
WASHINGTON, Dec 18 (Reuters) - The United States said on Thursday a cyber attack on Sony Pictures was a serious national security matter and the Obama administration was considering a proportional response, although the White House stopped short of blaming North Korea.
U.S. government sources said on Wednesday that investigators had determined the attack was “state sponsored” and that North Korea was the government involved.
White House spokesman Josh Earnest said he was not in a position to say that North Korea was responsible, but the investigation was “progressing.” He said the attack was an example of “destructive activity with malicious intent that was initiated by a sophisticated actor.”
Earnest said U.S. national security leaders “would be mindful of the fact that we need a proportional response.” They were also aware that people carrying out such attacks are “often seeking to provoke a response,” he said.
“They may believe that a response from us in one fashion or another would be advantageous to them” by enhancing their standing either among their cohorts or on the international stage, Earnest said.
He said the United States viewed the attack as “a serious national security matter” that President Barack Obama was monitoring very closely.
Hackers who said they were incensed by a film on the fictional assassination of North Korea’s leader attacked Sony Corp last month, leaking documents that drew global headlines and distributing unreleased films on the Internet.
On Wednesday, Sony said it was canceling the Dec. 25 release of the offending movie, “The Interview,” handing what appeared to be an unprecedented victory to Pyongyang and its abilities to wage cyber warfare.
A U.S. government official familiar with the investigation, but not authorized to speak publicly, said on Thursday investigators were looking into similarities between the attack and others in the past blamed on Iran.
Cybersecurity experts have previously noted similarities in code used to attack the studio and malicious software known as “Shamoon” that was used against Middle Eastern energy companies in 2012.
Shamoon damaged tens of thousands of computers at Saudi Arabia’s national oil firm, Saudi Aramco, in one of the most destructive cyber campaigns to date. Some U.S. officials blamed Iran.
Kurt Baumgartner, a researcher with Russian security software maker Kaspersky Lab, told Reuters on Dec. 4 that there were “unusually striking similarities” related to the malicious software and techniques in the Sony incident, the Shamoon campaign and a third set of attacks last year in South Korea in which more than 30,000 computers at banks and broadcasting companies were hit with destructive malware.
The 2013 attacks on South Korean companies were widely believed to have been carried out by North Korea.
Cybersecurity experts say that one possibility is that Iran and North Korea both bought the malware from the same source: a cyber arms dealer in a third country with more advanced cyber capabilities.
North Korea has denied that it was behind the Sony hacking. In New York on Thursday, a senior North Korean diplomat at the United Nations declined comment on accusations that Pyongyang was responsible and on the film’s cancellation.
The hacker group that broke into Sony’s computer systems had threatened attacks on theaters that planned to show it. Sony, in canceling release of the $44 million comedy, cited decisions by several theater chains to hold off showing the film.
U.S. experts say options for the Obama administration could include cyber retaliation, financial sanctions and even a boost in U.S. military support to South Korea to send a stern message to North Korea. Another could be to return North Korea to a U.S. list of State Sponsors of Terrorism from which it was removed in 2008, but the effect of any response could be limited given North Korea’s isolation.
Political analysts, including Joel Wit of 38 North, a North Korea project at Johns Hopkins University in Washington, questioned the effectiveness of any new sanctions and stressed the need to ensure the support of China, which is North Korea’s biggest economic partner, its neighbor and long-time ally.
The United States has a deep economic relationship with China but is at odds with Beijing over Washington’s allegations of cyber spying by Chinese state units on U.S. concerns.
The Republican chairman of the House of Representatives Foreign Affairs Committee, Ed Royce, said the United States should impose new penalties on the already heavily sanctioned North Korea that would “wall off” the country from the international banking system. (Additional reporting by Jim Finkle in Boston, Roberta Rampton, Steve Holland, Mark Hosenball, Matt Spetalnick and Andrea Shalal in Washington and Michelle Nichols at the United Nations; Editing by David Storey, Grant McCool and Christian Plumb)