A New Warfront: North Korea’s Cyber Threats

In November 2011, a group of hackers called Guardians of Peace (GOP) attacked Sony Pictures networks in condemnation of The Interview, a satirical movie which targets Kim Jong Un, the leader of North Korea. Despite the GOP claiming itself to be unaffiliated with the government, an FBI investigation revealed that the North Korean regime financially backed the group. This was one of the several key events that brought North Korea to the forefront of the issue of cyber threats. Given the country’s authoritative regime, it is important to investigate how advanced North Korea’s cyber capability is and the problems it poses.

A recent study by Hyeong-wook Boo in the Journal of East Asian Affairs assesses North Korea’s cyber threats through historical quantitative interviews, analyzing strategy and technology from 2003 onward. The analysis also incorporates interviews from defected high officials to measure how the North Korean regime is strengthening its capacity of cyber-attack operations. According to Boo, North Korea is actively nurturing cyber warriors under the full support of the General Bureau of Reconnaissance (GBR), one of the country’s intelligence agencies. Programs at Mirim College, Moranbong College and other higher educational institutions have been established to build up North Korean cyber capacity. The cyber technology is fed into the GBR’s cyber arm under “Unit 121,” which actively conducts cyber operations in South Korea and elsewhere. Interviews from unit defectors assert Unit 121 has launched more than 30,000 cyber attack operations since 1998.

Why is North Korea so focused on building its cyber capacity? Boo offers two reasons: First, cyber-attacks are strategic, cheap and effective weapons with low likelihood of retaliation. North Korea is one of the most disconnected countries in the world, making incoming cyber-attacks largely inconsequential. In North Korea, cyber-attacks are cheaper and provide greater damage against targets like South Korea, where cutting-edge Information Communications Technology (ICT) infrastructure is ubiquitous. Second, cyber-attacks complement traditional shows of force while strategically elevating military tensions in the Korean Peninsula. Historically, North Korean cyber-attacks have often been used with other military provocations, such as missile launches or nuclear bomb testings. With these synchronized provocations, North Korea can effectively manipulate the geopolitical tensions of the region, providing dramatically increased leverage when necessary.

Over time, North Korean cyber-attacks have increased in efficacy and reach. In 2004, North Korean Distributed Denial of Service (DDoS) attacks aimed at 35 governmental and financial institutions in South Korea infected approximately 275,000 personal computers and paralyzed networks. A significant escalation came in 2016, when North Korean agents attacked the Korea Hydro and Nuclear Power company, which manages the nuclear power plants in South Korea. The attack endangered a significant proportion of the local population, leaked classified information related to nuclear power technologies, and involved both physical infiltration as well as malicious use of open networks. These mixed attack methods have earned North Korea a classification of an Advanced Persistent Threat (APT), which the National Institute of Standards and Technology (NIST) defines as, “an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors.”

Boo concludes that the threat of the North Korean cyberwar is evolving into increasingly malicious forms, such as the hybrid cyber operation, which is a simultaneous physical provocation and cyber-attack. The goals of these cyber-attacks have also begun to evolve. For example, DDoS attacks aim to paralyze the targeted network of computers. However, newer approaches attempt to not only attack the integrity of the network, but also seize critical information that may be useful for future attacks.

At the 2015 Presidential Summit, the U.S. and South Korea committed to increased collaboration on policy and information sharing regarding the cyber industry. Considering the imminent danger North Korea’s cyber technology poses to other countries, especially South Korea, the global community should address this issue immediately; the international community must commit to collaboration in order to deter attacks from North Korea. North Korea’s cyber threat is not a phantom menace, but a clear danger to the world.

Article source: Boo, H. W. “An Assessment of North Korean Cyber Threats.” The Journal of East Asian Affairs, Vol. 31, No. 1 (2017): 197-117.

Featured photo: cc/(Vasyl Dolmatov, photo ID: 879720438, from iStock by Getty Images)