Return to Transcripts main page
Legal View with Ashleigh Banfield
FBI Says North Korea is Responsible for Sony Hack; President Obama to Hold News Conference
Aired December 19, 2014 - 12:00 ET
THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.
(COMMERCIAL BREAK)
DEBORAH FEYERICK, CNN ANCHOR: Hello, everyone. I'm Deborah Feyerick, in for Ashleigh Banfield. Welcome, everyone, to LEGAL VIEW.
We continue our breaking news at this hour. The FBI has officially named North Korea as the Sony hacker. We're also learning that the hackers sent a new message to Sony executives last night saying their decision to cancel the Christmas D-Day release of "The Interview" is, quote, "very wise." A source close to Sony tells CNN the hackers are demanding that the movie never be released in any shape or form.
I want to bring in justice reporter Evan Perez, senior media correspondent Brian Stelter, host of "Reliable Sources," as well as CNN Money's Laurie Segall.
First of all, Evan, this is major because this had to be done, not just with the FBI, but with every intelligence agency looking at the evidence, looking at the data, and determining not just by signal intelligence, but also by human intelligence, where this came from. So tell me what the FBI is now saying?
EVAN PEREZ, CNN JUSTICE CORRESPONDENT: That's right, Deborah. This has been an intensive investigation involving all those agencies you're talking about, the FBI, the NSA, the Justice Department's National Security Division, the White House has been on top of this because they do believe this is a national security matter now. And, you know, you and I have been covering this stuff for many years and you know how unusual it is for something, just a few months after this hack occurred, for the FBI to be issuing a statement like this.
So, this is what they say. They says they have concluded that the North Korean government is responsible for these actions against Sony Pictures. And they say that they detected -- they detected evidence that shows the Internet traffic that was used to carry out the hack came from North Korea. It also showed signs that were similar to other hacks that have been attributed to North Korea, including one earlier this year that was carried out against South Korean banks and South Korean media companies.
FEYERICK: And it's interesting because that attack by the North Koreans effectively shut down South Korea.
PEREZ: Right.
FEYERICK: Imagine if we were to go to a bank and couldn't withdraw our money.
PEREZ: Right.
FEYERICK: That's as significant as it was.
Now, we talk about the national security threat and I'm going to get you in one second, but we talk about the national security threat. So what is the response? Look, North Korea now hit an entertainment company.
PEREZ: Right.
FEYERICK: But what if this had been a major financial institution? What if this had been transportation, the electrical grid, anything like that? It would have immediately escalated to a much higher level much faster than it actually did.
PEREZ: Right. And that's exactly what - you know, I've talked to a senior administration official a couple of days ago and one of the things they said to me was this. Imagine -- imagine if this was, for example, one of the big financial institutions in the country. This is what's scaring them so much because much of the way the U.S. handles protection of our Internet, of our Internet traffic and our data is really by company, right? Companies are responsible for protecting themselves.
FEYERICK: Right.
PEREZ: And the NSA is involved with helping protect military websites and the Homeland Security Department is involved in protecting other government websites.
FEYERICK: Right.
PEREZ: But, you know, companies have to protect themselves and the government can only do so much.
FEYERICK: And that's a big factor and that is that ultimately all of these companies are private companies. They are responsible for knowing who is in their system. Many of them pay tens of millions of dollars a year just to make sure they've got the right security, not just on the perimeter but inside monitoring to see who is in the system.
Brian, still, North Korea able to send an in your face message to Sony, not only -- basically saying, hey, now we're going to raise the stakes. Tell me what they're saying now.
BRIAN STELTER, CNN SENIOR MEDIA CORRESPONDENT: Basically celebrating the fact that this interview was pulled from movie theaters across the country. The message is interesting. It doesn't mention North Korea, but it does mention "The Interview," the film, explicitly. And it says, you did the right thing. It was a wise decision to do that. Then it goes on to say, we want everything related to the movie, including its trailers, as well as its full version down from any website posting them immediately. Now, I believe Sony, in some cases, already took the trailer we're
seeing now down from YouTube. But there are lots of other copies out there and it's interesting that they are now basically ratcheting this up one more level and saying, now we have a new demand. It goes from ugly to uglier.
FEYERICK: And, Laurie, you are an expert in all things sort of dark world, cyber. The threat that is now out there, the continued threat of what we may likely see, how significant is it? Because one of the big issues is now the hackers have everyone's Social Security Number from that particular company.
LAURIE SEGALL, CNN MONEY TECH CORRESPONDENT: Right.
FEYERICK: So how much more -- how much worse could this ultimately get?
SEGALL: You know, I think it's safe to say this could always get worse. What's interesting to me, I just got off the phone with a security analyst who was talking to me about these dark web forums where these like dark corners of the Internet where this information is sold. But beyond this information that could be sold, your personal information on the dark web, there's also the idea that a -- a hack, similar to what happened to Sony, could be sold online in these dark web forums. So anybody could just click --
STELTER: You mean the ability to do it?
SEGALL: The ability to do this could be sold online. So anyone could go and click "buy" and be able to actually carry out this attack, and they don't have to be as sophisticated. And that's something that's also very, very scary.
FEYERICK: Right.
SEGALL: He said that much of the material you could have -- that went into this could have been bought for about $500 online, which is pretty unreal.
FEYERICK: Remarkable.
Brian.
STELTER: I just want to share one other thing because I was speaking to an executive at Sony who just wants everybody to know, we are still operating. You know, they are still making movies, still able to produce shows.
SEGALL: Yes.
STELTER: I don't want to - it's, you know, pretty hard to overstate how bad this has been for them.
FEYERICK: Right.
STELTER: But I do want to say, they have been able to get mostly back online.
FEYERICK: Right.
STELTER: And the possibility of further leaks now seems to be in doubt because these hackers are saying, as long as you never share this movie, we won't reveal any more of your information.
FEYERICK: Right.
PEREZ: They are -
FEYERICK: Well, let's be clear, they've been compromised.
PEREZ: Right.
FEYERICK: They are completely compromised.
STELTER: Well, for sure.
FEYERICK: Whatever they do -
PEREZ: They're back up and running, but -
FEYERICK: They're back up and running.
PEREZ: But they're not -- apparently they're going to be censored by North Korea.
FEYERICK: Well, you know what, it's like basically changing the front door of your house after you have a burglar inside and you don't know where that burglar is.
PEREZ: Right. Right.
FEYERICK: So you have to keep finding - you can change the doors, you can change the windows, not going to make a difference.
I want to bring in CNN investigator correspondent Chris Frates, along with chief national security correspondent Jim Sciutto.
Jim, tell us about the Department of Justice statement that you just received.
JIM SCIUTTO, CNN CHIEF NATIONAL SECURITY CORRESPONDENT: This is from the assistant attorney general for national security, John Karl (ph), and he says, "we follow the facts and evidence wherever they lead to identify the fingers at the keyboards that threaten our people." He does on, and a key part of this statement, "we will continue to do our part to protect and defend our nation from the asymmetric threats posed through cyberspace." That's a very important statement because that's really, in addition to the response decided by the administration, the proportional response as they described it, you know, the real question here is, how do American companies, like Sony and others, protect themselves against attacks like this going forward and, arguably, more importantly, what does the U.S. government, what do U.S. intelligent agencies do to help those companies protect themselves? That's one point.
Just another point. We don't have to do a lot of imagining as to the danger of what happens next if North Korea or other hackers attack other American companies or government institutions because it's already happening. It's happened for a number of years.
FEYERICK: Absolutely.
SCIUTTO: Most of those attacks emanating from China. Hundreds of American companies affected by this. Hundreds - you know, many hundreds and billions of dollars' worth of American proprietary business information stolen by Chinese companies, as well as -
FEYERICK: Right.
SCIUTTO: Sensitive information, U.S. government institutions, military contractors, et cetera. This is something that is happening today and has been happening for years. And the fact is, the U.S. government, the U.S. business community, has not figured out a way to protect themselves adequately from this. They're still - they're still working on that. So, you know --
FEYERICK: Well, it's very interesting. And it's not - and it's not for lack of trying because cyber information, cyber security is now a huge industry. You've got major companies that are out there that are working with financial institutions, working with private companies. You have the Targets, the eBays, the Googles, all of that, to make sure their systems are safe and secure.
But even just a couple of weeks ago, the head of the NSA, Admiral Mike Rogers, basically said, there was no doubt that a cyber-attack - it wasn't a question of if there would be a major one that attacked critical infrastructure - I'm talking financial institutions, but it wasn't a matter of it, it was a matter of when.
And, Chris, you've been looking into this as well and the scope of penetration is actually pretty remarkable in terms of how many different countries and rogue individuals are inside U.S. systems. What have you learned?
CHRIS FRATES, CNN INVESTIGATIONS: Well, Deb, there were 34,000 cyber incidents involving government agencies in 2010. Fast forward three years, to 2013, that number jumped 35 percent to 46,000. So, cyber spying is happening at a clip we've never seen before, according to all the experts I'm talking to.
And hackers are trying to get inside the government all day, every day. For instance, in January, hackers hit the Army Corps of Engineers. They took sensitive information about the country's dams, including the potential for fatalities if those dams were breached. And it's not just spies who are looking to crack the government computers, Deb. You know, hackers are often going after personal information. Last year, for instance, Energy Department, 100,000 Social Security, birthdays and bank account numbers were taken, Deb.
FEYERICK: You know, and that's exactly what people have to realize is that anything that is now on the Internet -- the Internet is wonderful because it gives you great flexibility, great access to information. But, you know, people - I think the saying is, you can either have access, security or freedom. You can't have all three. You've got to pick and you've got to choose.
Evan, what's interesting now, so law enforcement has done its due diligence. They've found out where potentially this is looking - is coming from. So the question is, how does the administration, based on law enforcement's evidence, make a measured response?
PEREZ: Right.
FEYERICK: Because North Korea has drawn a line in the sand. And if the U.S. does not react, then every single business out there, make no mistake about it, is vulnerable. And it's not just the gossipy stuff. It is your entire identity now at risk, Evan.
PEREZ: That's right. And, you know, the thing is, you have to calibrate the response as well because, in the end, this is about the censorship of a silly movie, really?
FEYERICK: Right.
PEREZ: A Seth Rogen movie. So you don't want to do anything that escalates this to the point where perhaps, you know, the North Koreans do a lot of irrational things whenever they're provoked. So you don't want to start something where this ends up perhaps in a shooting war. And again, over a movie, right?
SCIUTTO: (INAUDIBLE).
FEYERICK: But that's the risk. On some level, that's the risk.
Brian, it's interesting, so many people were focused on the fact that people in Hollywood were behaving badly.
STELTER: Yes, the e-mails, yes.
FEYERICK: But it really is such a much bigger story in terms of what is going on.
SCIUTTO: Guys, I've got something to add on North Korea.
FEYERICK: Do you think maybe the collective response was not as fast because it was an entertainment company and not something more critical? Though entertainment is hugely critical to the economy.
STELTER: It is. It's big business, but it is also entertaining. And do think there's something to what you're saying. We've heard George Clooney and Aaron Sorkin this week both say the media and Hollywood types were too focused on this. George Clooney was saying, they were fiddling while Rome was burning, instead of pursuing these issues about the hack.
FEYERICK: Right.
STELTER: And understand just how serious the hacking was.
FEYERICK: Right.
STELTER: It wasn't just Social Security Numbers, like you're saying, it was private identities. It was people's medical records even that were leaked.
FEYERICK: And we're going to have a lot more -- talk about that in the next block.
But, Laurie, I want to bring you in as well because you have tracked this community, this sort of dark community. You've seen what they are capable of doing. I think perhaps the same way America became focused on Ebola when the first case came to the United States. Now that we've had this particular attack, people are saying, whoa, we are so much worse off than we really thought.
SEGALL: Yes.
FEYERICK: How bad is it? Because it's not just state actors.
SEGALL: You know, this is - this, for some reason, was so deeply personal. I mean we here, it's another day, another hack. We're on the phone talking to different people because there literally have been so many hacks in the last year. You almost get hack fatigue. You don't realize how bad it is.
What happened with Sony, we are now looking at Sony as a victim on a whole new level. And I think we talk about the dark web and these forums and now we're really beginning to turn our attention and say, wait, there's this rick cyber underground happening and we have to pay attention to this because there's information being bought and sold because there are the ability to attack. That is being bought and sold. And how are we going to fight that? And to fight that, we have to know about it. And I think, you know, now, this is -- what's happened with Sony is really -- for some reason is struck all of us because it wasn't just the Credit Card information or numbers, it was then hacking to change a message.
FEYERICK: Right.
SEGALL: And that's unprecedented.
FEYERICK: Hacking and holding hostage and then blackmailing essential is what they did.
SEGALL: Yes.
STELTER: That's right. It's - and -
FEYERICK: And one other point, you know, that's so interesting to look at all this, the movie industry is so relatable.
SEGALL: Sure.
STELTER: Yes. FEYERICK: The fact that somebody would go almost to war over a movie that perhaps may not have even done that well at the box office?
STELTER: I don't think it was going to.
FEYERICK: Is rather remarkable that this was North Korea's issue. The question now, there simply aren't enough people who are -- this is the growth industry.
PEREZ: Right.
FEYERICK: This is the growth industry. How do you protect?
PEREZ: And it's American's - it's American's - it's American's freedom of speech that we're talking about.
FEYERICK: That's exactly right.
OK, Evan Perez, Brian Stelter, Laurie Segall, Chris Frates and Jim Sciutto, thank you all so very much for adding to this incredibly important conversation.
Well, Sony's decision not to release "The Interview" is angering much of Hollywood, but can actors or anyone else do anything about it? We're going to get the "Legal View" coming up ahead.
(COMMERCIAL BREAK)
FEYERICK: And we are now getting a statement from the Motion Picture Association of America about the Sony hack. This comes from Senator Chris Dodd, chairman and CEO of the Motion Picture Association of America. He says, among other things, that this is confirmation North Korea of what we suspected to be the case. This is about the fact that criminals were able to hack in and steal what has now been identified as many times the volume of all the printed material in the Library of Congress. That's all the printed material in the Library of Congress, and threaten the livelihoods of thousands of Americans who work in the film and television industry, as well as the millions who simply choose to go to the movies.
Brian, how significant is this? Because this puts it in context. Everybody who works at that company has now become even more vulnerable in this Internet age.
STELTER: I'm struck by this, Deb, because it just came in during the commercial break and it's the first time the MPAA has really spoken out forcefully. People like me have been wondering, why hasn't Hollywood spoken out more loudly in support of Sony? Why haven't the other studios come to Sony's defense and said, we stand with Sony? Well, now they are, because the MPAA represents all of the big studios. Until now all we had heard was a rather tepid statement a few days ago saying that, you know, they're our colleagues and we're thinking of them. But now this statement ends by saying, we cannot allow this cyberterrorism - we cannot allow that front to be opened again on American corporations or the America people. So they are calling for action. FEYERICK: It's multiple corporations, it's multiple people and this is
also what is so crucial, there may be a lot of bruised egos right now in Hollywood with who saying what about who.
STELTER: There are.
FEYERICK: But in the end, everybody became vulnerable and everybody who wasn't targeted now becomes also at risk.
STELTER: I think Dodd is saying what we were talking about a few minutes ago, that a lot of the media coverage initially was about embarrassing e-mails, scandalous details about celebrities, but this is about a lot more than that.
FEYERICK: Yes, absolutely.
So, Paul Callan and Danny Cevallos also joining us on this panel. I'm sorry, I just got right into Brian without introducing you, but everybody knows who you are, so it's all good.
But the question here, now there are employees who are basically saying that they're looking to sue Sony saying that Sony did not do enough to protect their personal information. Do they have a case here? Could they argue negligence, for example?
DANNY CEVALLOS, CNN LEGAL ANALYST: They could absolutely argue negligence. Negligence requires that someone's standard -- they fell below the standard of care in securing this information. And one of the best ways to show that someone's behavior was negligent was to show that at some point before this happened, the company was aware that there was a problem. And in lawsuits we've already seen filed, there is documented evidence that Sony had prior attacks and that possibly Sony didn't do enough to fix it the first time around.
PAUL CALLAN, CNN LEGAL ANALYST: I think, you know -
FEYERICK: But let's be clear - let's be - I want you to follow up on this issue.
CALLAN: Yes.
FEYERICK: And that is, you're assuming, Danny, that, in fact, Sony didn't have security in place. But if they did have security in place through some big company that's charged with either defending the perimeter or looking for bugs inside the company, couldn't Sony argue that we did what we could do but a determined hacker is almost unbeatable?
CALLAN: Well, I think you're absolutely right about that. In a negligence case, the standard is, what's the rest of the industry doing and are we in accordance with that standard? It's not an absolute standard where, if they get into the system, the company's responsible.
We're dealing with sophisticated hackers coming out of North Korea maybe with Chinese help. The U.S. government can't figure out how to stop this. So to say that employees of Sony will have a case here, I think we've got to look at it more closely but it's unlikely.
CEVALLOS: You know -
FEYERICK: And that is the issue about whether -- the government can't do it, so private companies -- and they are - they're trying to do a partnership. But, Brian, (INAUDIBLE).
STELTER: You know, the one interesting thing to keep in mind here is that North Korea came out, not in November or October or September against this movie, but in June. In June is when they called this film an act of war and said they would retaliate. Now, they didn't' say how, but they said there would be repercussions, consequences for this film. So if that happened six months ago, does that put Sony at more risk because it was out there on the record -
CALLAN: Well, there's certainly - there's -- certainly they were on notice that they might be subject to an attack. But the question is, do they have the technology to stop an attack of this sophistication? And I think we come back to the government. This is what the government is here for, to protect us from attacks from abroad.
FEYERICK: OK, now I took a tour of DHS' facility where government officials from all different intelligence agencies sit side by side with the private companies and the government cannot tell these private companies what to do. What they can say is, when they see there's been a breach, the private company can say, you know, Sony can say, oh my God, FBI, we've got something going on here. And the FBI can say, OK, we're going to go look into it. I mean it's almost communications. But they can't do anything unless the private company goes to them and brings them in to try to get help. Would it have been different if Sony went to the FBI or to DOD - well, it wouldn't be DOD, it would be FBI, and said, we are under attack. What can you do to help us safeguard our company?
CALLAN: You know, I think that would have helped, but this cell phone that I have now has more computer power than the lunar module that landed on the moon, OK. So, technology is getting so advanced and so sophisticated that some kid in a basement in the Ukraine or Russia has capacity that scientists didn't even have 15 years ago and we can't keep up. I don't think the FBI's keeping up with it either because it's moving too fast.
FEYERICK: And, Danny, the smaller issue is, look, this movie was supposed to be released. Could Sony potentially be a breach of contract, because the actors, everybody who signed on to that, will effectively say, look, it was promised a cut. What happens then?
CEVALLOS: Well, with any breach of contract, first you look at the contract. And in similar contracts that I've looked at, often the producer or other party holds the company, the original corporation, free of liability in case they decide not to release a film. But, of course, every contract is different in this industry and more so because films are so speculative. It's like oil drilling. You might either become a billionaire or you might be out of a lot of money.
STELTER: Right. CEVALLOS: And it's really difficult in damages cases in the entertainment law world, which is really interesting, because in many other contracts for buying widgets, you can ascertain damages. But when it comes to entertainment, it seems that they are often very speculative, very hard to prove.
FEYERICK: Right. All right.
STELTER: We have not heard from Seth Rogen or James Franco. That's what I'm waiting for.
FEYERICK: And we probably will. That will be interesting.
CALLAN: Yes, but -
FEYERICK: Paul Callan, Danny Cevallos, Brian Stelter, thank you so much. We really appreciate your shedding insight on this. This is such a serious topic right now and certainly a Rubicon has been crossed.
Well, in other news, American contractor Alan Gross was accused of being a spy and held prisoner in Cuba. This week, he is a free man. Now we're learning more about another man who did spy for the United States in Cuba. Details on him, coming up.
(COMMERCIAL BREAK)
FEYERICK: This week, the relationship between Cuba and the United States changed from "it's over" to "it's complicated." And yesterday at the White House, somebody handed President Obama what they said was the finest Cuban cigar. Well, the president gave it a whiff and declared it pretty good. Plenty of the president's critics are hammering him for making, in their opinion, a bad deal with Cuba, negotiating a prisoner swap and preparing for much more free trade and travel between the long-time adversaries. But at least one Republican senator is on board.
Kentucky's Rand Paul is catching heat from his own party for supporting President Obama's moves to normalizing relations between the two countries. Former President Jimmy Carter calls the move long overdue and the joint decision wise and courageous. He says people in both countries will benefit if the long embargo is finally lifted.
However, a Cuban-American congressman from Florida, Republican Mario Diaz-Balart, is firmly against any change in American policy. He accuses the president of giving in to, quote, "a terrorist dictatorship," exactly what it wants.
Well, about one hour from now, President Obama will take questions at the White House. It's his end of year news conference. And his surprise Cuban announcement, well that caps a very eventful 2014. Jim Acosta is our senior White House correspondent.
And, Jim, you've got ISIS, you've got Cuba, you've got corporate hacking of North Korea.
JIM ACOSTA, CNN SENIOR WHITE HOUSE CORRESPONDENT: Yes. FEYERICK: Who asks the first question?
ACOSTA: Yes. This press conference could go all day, Deb. But we have some time constraints. The president is supposed to take off for his family vacation in Hawaii later on this afternoon. So we might have to keep those questions tight.
But you summed it up nicely, Deb. The president has a lot of question to answer at this news conference and I suspect that the number one question out of the gate will be about the Sony hacking and the FBI allegation that the North Korean government is behind it. That is a stunning announcement, although not unexpected. And I suspect that the president will be asked about that.
And also Sony's decision to pull the movie "The Interview" from theaters. You know, the White House was saying yesterday, I talked to a senior administration official who said that they absolutely did not pressure Sony to pull that movie and that it was Sony's decision. But there are people inside this administration privately, Deb, who are very concerned about the message that this sends to the rest of the world just when these cyber attackers have weakened a company and forced the company's hand when it comes to a theatrical release. You know this administration doesn't want to see more of that. They don't want to have these hackers thinking that they have some kind of leverage over American corporations. And so I think the president will be asked about that as well.
The other thing, obviously, you mentioned Cuba, which is the blockbuster diplomatic deal that was reached by this president and Cuban Leader Raul Castro earlier this week. There's some unfinished business, some unfinished questions, unanswered questions that we have not heard from the president on this week when it comes to that - that deal. So I think we're going to hear a lot about that as well.
You know, the whole notion of the president potentially traveling to Cuba, I asked the question yesterday, might Raul Castro come to the United States, come to the White House? The White House is not ruling these things out and it's just sort of stunning to hear that kind of news coming out of the administration. And so a lot to chew on and we'll see what the president has to say in about an hour from now.
FEYERICK: Yes. And I think it was -- your question was answered by Josh Earnest who said, look, we've had the leaders from China and Myanmar, so why not Cuba.
ACOSTA: Yes.
FEYERICK: All right, Jim Acosta, thanks so much.
We are going to be bring you President Obama's news conference live at 1:30 p.m. Eastern, and Jim Acosta will be there with the full analysis.
