North Korea cyber warfare capabilities exposed

North Korea cyber warfare capabilities exposed

Summary: A new HP report suggests the reclusive country's cyber warfare capabilities are rapidly making North Korea a credible threat to Western systems.

SHARE:
Screen Shot 2014-09-02 at 09.29.11
Credit: HP

North Korea's cyber warfare capabilities are on the rise despite being entrenched in ageing infrastructure and dampened by a lack of foreign technology.

According to a report released by Hewlett-Packard researchers, the so-called 'Hermit Kingdom' may keep Internet access from the masses and maintain an iron grip on information exchange, but this hasn't stopped the country from training up the next generation of cybersecurity and cyber warfare experts.

A number of countries, including the United States, have imposed restrictions on North Korea which prevents the open trade of technologies which would enhance cyber tools and capabilities -- due to the regime's treatment of citizens and closed-border policy. However, according to HP, the country is "remarkably committed" to improving its cyber warfare capabilities.

South Korea views the regime's cyber capabilities as a terroristic threat, and has prepared for a multifaceted attack in the future -- although it is important to note no such attack has yet occurred. According to a report written by Captain Duk-Ki Kim, a Republic of Korea Navy officer, "the North Korean regime will first conduct a simultaneous and multifarious cyber offensive on the Republic of Korea's society and basic infrastructure, government agencies, and major military command centers while at the same time suppressing the ROK government and its domestic allies and supporters with nuclear weapons." South Korea also claims that North Korea's "premier" hacking unit, Unit 121, is behind the US and Russia as the "world's third largest cyber unit."

In 2012, South Korea estimated that North Korea's hacking team comprises of roughly 3000 staff, while a report released by South Korean publication Yonhap upgraded this figure to 5900.

According to the PC maker, it is difficult to gather intelligence on the isolated North Korea's hacking teams. Reports not only often come from the US and South Korea, but reports coming from the latter may be biased due to the political tension between the two regions. Another problem is North Korea's heavy restriction on Internet use, which is censored by the state and only used by the social elite. However, this means that any attacks originating from the country are highly likely to be state-sponsored, and rogue actors are unlikely to exist.

As cyberattacks will therefore be attributed to the country's governing body, HP says that many attacks sponsored by the regime originate from other countries, including China, the US, Europe and even South Korea.

North Korea's Reconnaissance General Bureau (RGB) is in charge of both traditional and cyber operations, and is known for sending agents abroad for training in cyber warfare. The RGB reportedly oversees six bureaus that specialize in operations, reconnaissance, technology and cyber matters -- and two of which have been identified as the No. 91 Office and Unit 121. The two bureaus in question comprise of intelligence operations and are based in China.

Screen Shot 2014-09-02 at 09.29.18
Credit: HP

The RGB also reportedly oversees state-run espionage businesses located in 30 to 40 countries, often hosted in unsuspecting places such as cafes. Members of this espionage network reportedly "send more than $100 million in cash per year to the regime and provide cover for spies," the report says.

In addition, the country's Worker's Party oversees a faction of ethnic North Koreans living in Japan. Established in 1955, the group -- dubbed the Chosen Soren -- refuse to assimilate in to Japanese culture and live in the country in order to covertly raise funds via weapons trafficking, drug trafficking and other black market activities. The group also gathers intelligence for the country and attempts to procure advanced technologies.

Despite ageing infrastructure and power supply problems, North Korea reportedly was able to gain access to 33 of 80 South Korean military wireless communication networks in 2004, and an attack on the US State Department believed to be approved by North Korean officials coincided with US-North Korea talks over nuclear missile testing in the same time period. In addition, a month later, South Korea claimed that Unit 121 was responsible for hacking into South Korean and US defense department networks.

North Korea also tested a logic bomb in 2007 -- malicious code programmed to execute based on a pre-defined triggering event -- which led to a UN sanction banning the sale of particular hardware to the country.

According to the report, the regime regularly exploits computer games in order to gain financially and orchestrate cyberattacks. In 2011, South Korean law enforcement arrested five men for allegedly collaborating with North Korea to steal money via online games, specifically the massive multiplayer online role-playing game (MMORPG) "Lineage." The games were believed to act as conduits for North Korea to infect PCs and launch distributed denial of service (DDoS) attacks against its southern neighbor.

However, it is worth noting that North Korea's DDoS capabilities are lacking as there are few outgoing connections due to heavy censorship and Internet restriction. This is why researchers believe the country uses the networks of other nations and botnets instead.

The full HP report is available here (.PDF). The analysis is based on open source intelligence gathered HP's security team.

Topics: Security, Government, Hewlett-Packard

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Some paranoia?

    Some of the report sounds like complete rubbish. In particular about the "faction of ethnic North Koreans living in Japan."

    What is an ethnic North Korean? I thought they are all Korean. And why would they support the North Korean government?

    Furthermore, the Koreans who do live in Japan have not had it easy to integrate because of complicated issues:
    http://en.wikipedia.org/wiki/Koreans_in_Japan
    DAS01
    • Coersion and threats

      North Korea and China both get people to do work for them by letting a person leave the country but keep their relatives in-country and threaten to harm them if the one let go doesn't do as told.
      Apparently it works well to tell junior that he can leave but when he is gone mom/dad/siblings/grandparents are going to die if you don't spy for us and don't tell anyone either.
      sysop-dr
    • Muppet or ringer ?

      DAS01: Why express your opinion with strong words like "complete rubbish" without clear supporting facts? Your credibility just tanked !!!
      Steve__Jobs
      • Some paranoia?

        'Steve_Jobs', I did also say "some" but maybe even so the words were a bit strong. How about "could be nonsense/overwrought"?

        As regards relatives being held hostage, I am well aware of such practices in general, but we are talking mostly of Koreans who have lived in Japan for a long time (even if some of them are sympathetic to the N Korean regime).

        Disclaimer: I only read Charlie Osborne's article, not the full report.
        DAS01
    • "Ethnic North Korean"

      Would be a North Korean citizen resident in Japan, or a person of Korean descent who, regardless of citizenship, considers himself to be under North Korean jurisdiction.

      But, technically speaking, you're correct. Ethnically speaking, any distinction between North and South Koreans is meaningless; they're all Koreans.
      John L. Ries