Inside the early days of North Korea's cyberwar factory

North Korea is a bizarre country that almost seems frozen in time -- a bizarre, frozen-in-time, armed-to-the-teeth, crazy-dangerous country. We take a deep look at the early cyberwar efforts of an increasingly aggressive cyberwar player.
Written by David Gewirtz, Senior Contributing Editor

Cyberwar: Nation-state cyber attacks threaten every company

Author's note: This article was originally published in Counterterrorism Magazine in 2012, reprinted here with permission. Although Kim Jung-Un's leadership has solidified since that time, our knowledge of the rogue nation's cyberwar operations remain quite similar to what was explored in this briefing, except that, if anything, Kim Jung-Un's cyber efforts have increased dramatically.

Unfortunately, because this was originally written for a print publication, I don't have good link citations for the items in this document. Even so, given the activities currently going on with the summit, it's good background information.

The Korean peninsula was one of the many spoils of war taken from the Japanese at the end of World War II. Korea had been occupied by the Japanese since 1910. In 1945, the Allies found themselves in possession of a country both war-torn and leaderless.

Since the U.S. and the Soviets (still sort of allies at the time) couldn't quite figure out what to do about Korea they decided to split it in two, letting the U.S. deal with the southern part of the country and handing over the northern part to Soviet control.

In a bizarre country filled with bizarre stories, one of the weirdest stories is the one that tells how the two countries came to be divided at the 38th Parallel. Two then-young officers, General Charles Bonesteel and Colonel Dean Rusk (who would eventually become U.S. Secretary of State under both Kennedy and Johnson) were tasked with determining the American occupation zone for Korea. As the story is told, they were completely unprepared, knew very little about Korean history, and simply used an available National Geographic Magazine map to draft the dividing line between the two nations.

Koreans (you know, the actual people living there) were none too thrilled with this division, but they were once again living under the rule of foreign leaders. Although both the Soviets and the U.S. claimed an intention for a united Korea shortly after the end of World War II, that never happened. Instead, North Korea was to begin its long slide into isolationism, and South Korea was to begin the process of becoming the economic giant it is today.

Faced with the problem of governing North Korea, Stalin needed to find a leader to run the country. As it turned out, there was a young Soviet Army officer of Korean descent born as Kim Song-ju, but who now called himself Kim Il-sung, which means "become the sun".

There are disputed reports here, but some academics believe there was another man named Kim Il-Sung who had been a prominent leader in the Korean resistance and Kim Song-ju co-opted the name to increase his own personal legend. Another story by Russian scholar Andrei Nikolaevich Lankov has it that the original "Kim Il-Sung" was "switched" with Kim Song-Ju when Stalin needed a compliant puppet to run Korea.

This all led to some more silliness. On the one hand, the North claimed that its new leader almost single-handedly defeated the Japanese. On the other hand, the South Koreans claimed that Kim was an imposter who'd stolen the good name of a true patriot.

Go figure.

The man Stalin picked, the man now known as Kim Il-Sung, spoke mostly Chinese, spoke no Korean at all, but had been a fighter and anti-Japanese dissident most of his life. After a lengthy vetting process personally conducted by infamous Soviet secret police head Lavrentiy Pavlovich Beria, Stalin decided to appoint Kim as leader of North Korea, sending the young officer back to a country he hadn't seen since childhood.

Also: Trump Kim summit: Whatever happens, North Korea-US cyberwar will rage on

Even though Kim spoke barely any Korean, the legend he'd built for himself as a fighter against the Japanese helped him establish early support in the new nation. He quickly moved to consolidate power by building up the military with Soviet military gear left in the country after the war.

Apparently, Stalin wasn't particularly excited about Kim attempting to reunify Korea three years later by starting the Korean War. Neither was China. Even so, Kim Il-Sung rolled over the 38th parallel, straight into the waiting arms of American troops.

The Korean War didn't go well for Kim. He eventually had to leave the nation, as Americans moved deep into the north. It was only after the Chinese essentially took over the war from Kim and pushed the Americans back down to the South that Kim was able to return.

By this time, Kim had somewhat strained relations with China and the Soviets. He had shown himself to be something of a loose cannon. His country had been pretty much blasted into oblivion, and his economy was in a shambles.

He decided that the best approach was a hard-core command economy, centralizing everything and building up the military. He'd seen what cult-of-personality had done for his early support as leader and decided to go all out, creating a massive personality cult around himself as "Great Leader".

Kim Il-Sung also inculcated in his population the philosophy of Juche (which means "self-reliance", but could just as easily mean "us against the world"). Kim essentially cut his country off from the world economy, plunged his populace into poverty, and channeled all his country's resources into building up his military might.

This was pretty much North Korea's story until 1994, when Kim's son, Yuri Irsenovich Kim, became leader of North Korea. Oh, what? You're not familiar with Yuri Irsenovich Kim, the Soviet Union-born child of Kim Il-Sung. Perhaps you know him by his adopted name, Kim Jong-Il, the man more popularly known as "Dear Leader".

Stories of young Kim Jong-Il's life are as bizarre as those of his father. Shortly after the elder Kim moved back to Korea into the former home of a Japanese officer with a pool, the boy still known as Yuri was suspected of pushing his brother Kim Pyong-Il into a pool, causing him to drown.

Dear Leader has always been a strange character. He apparently had a fascination with Elvis, and even wore Elvis glasses and an Elvis jump suit. He is said to have amassed a huge collection of western DVDS, and at one point kidnapped South Korean movie stars, putting them to work creating a North Korean film "industry".

As nutty as Kim Jong-Il may have seemed to Western eyes, there was one thing deadly serious about the man: his "military first" program. He continued his father's Juche program, even further isolating North Korea from the world. Kim Jong-Il also continued the country's military build-up, making it one of the most dangerous militaries on the planet.

According to the U.S. Department of State, North Korea has the fourth largest military in the world, with more than 1.2 million active troops, and the largest military per-capita of any nation. North Korea is also a nuclear-capable state and is reputed to have the ability to place vehicles into Earth orbit.

TechRepublic: Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas

So, now you have a nation that's not just broke and crazy, but broke, crazy and armed to the teeth. To say North Korea is dangerous would be a massive understatement.

It gets worse. Up until last year [2011], North Korea (and its approximately 1.2 million troops, 4,060 tanks, 2,500 APCs, 17,900 artillery pieces, 11,000 air defense guns, 10,000 man-portable air-defense and anti-tank guided missiles, 915-ship Navy, 1,748-aircraft Air Force, the world's largest submarine fleet, and a pile of nukes) were controlled by a crazed fanboy Elvis impersonator.

But last year [2011], Kim Jong-Il died and, reportedly, North Korea is now being led by his youngest son, Kim Jung-Un. But here, again, reports are hazy. In fact, it's not even clear that Kim Jong-Il lived all the way to 2011. There are other reports that Kim Jung-Il died as far back as 2003, and body-doubles were used by other North Korean leaders to convinced the outside world that Kim Jong-Il was still in power.

Although that theory has been largely discredited, there still remains the question of Kim Jung-Un and his hold on North Korean power. The youngest Kim was reportedly chosen as the "Great Successor" after his older brother, Kim Jong-nam, was caught in 2001 using a fake passport trying to sneak into Tokyo Disneyland. His father later declared Kim Jong-nam "too effeminate" to be his successor. Seriously. You can't make this stuff up.

Very little is known of North Korea's new, 28-year-old [now 34] dictator, except that he has apparently been willing to carry on his father's practice of killing off his detractors and political enemies.

Of interest to our discussion of cyberwar, though, Kim Jung-Un was educated at the International School of Bern, Switzerland and is reported to have studied computer science. That said, it's hard to tell his level of technical expertise. After all, his father was once known in 2007 to proclaim himself an "Internet expert" in a country with barely any Internet connections.

That conveniently leads us to the question of North Korea and the cyberthreat. The nation has barely any Internet presence, and barely any of its citizens have access to the Internet (or phones or TV, for that matter).

Even so, it appears that cash-strapped North Korea has figured out there's money to be made in them-thar Internet hills, and is reported to be running a number of rather serious Internet hacking operations -- many of them focussed on extracting cash from South Koreans.

As far back as 2009, Pyongyang was suspected of being involved in DDoS (Distributed Denial of Service) attacks aimed at the U.S. and South Korea. CBS News reported that the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all attacked and bogged down over the July 4, 2009 holiday. South Korean sites including the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, Korea Exchange Bank and Internet portal Naver were also pummelled in the attack.

Since 2009, it appears North Korea may have been refining its game. In June 2011, two North Korean educators defected to South Korea. In an interview with Aljazeera, North Korean computer science professor Kim Heung-kwang and hacker Jang Se-yul warned of North Korea's cyberwar infrastructure.

Kim Heung-kwang claims North Korea operates cyberwarfare training units at Hamheung Computer College and Hamheung Communist College. He says that North Korea recruits promising students from high school, trains them locally, and then ships them out for advanced hacking training in China and Russia.

"After the overseas training, they are placed in various warfare units to serve as cyberwarriors", Kim Heung-kwang said. As of the interview, he reported that North Korea had nearly 3,000 cyberwarriors. Because of North Korea's practice of compartmentalization, though, this number is probably inaccurate. It's highly unlikely that the professor had access to the full extent of North Korea's activities. Since he has been out of North Korea for years, it's also likely the program has grown.

CNET: North Korea is using Microsoft, Apple, Samsung tech in cyberattacks

At this point, it is highly likely that Pyongyang's investment in cyberwar is far greater than the 3,000 trained hackers he spoke of to Aljazeera or even the 10,000 hackers I'll discuss later in this article.

If you think about it, cyberwar provides the same asymmetrical warfare benefits to North Korea as it does for other players. Building a cybermilitary force can be incredibly cost effective. It's far less expensive to house thousands of high-school students and keep them in the Korean equivalent of pizza and Cheetos than it is to continue to build and maintain convential military forces.

It must have been frustrating for Kim Jong-Il. For all those years, he had this enormous military force, but nowhere to really use it. Sure, he could dream of attacking South Korea like his father did, but history had already shown he wouldn't be able to stand against Western forces. More recently, Saddam had tried invading Kuwait, and Kim had the opportunity to see how well that worked out for the Iraqi leader.

On the other hand, cyberstrength is a stealthy force. It can be deployed without generating a literally incendiary response. While Kim Jong-Il was never able to deploy jets and submarines, he was able, in his last years, to utilize North Korea's cyberforces with some degree of regularity -- and see a result that far outstripped the cost.

"Finally, North Korea has recognised the Internet's inherent weakness from its very inception in the mid-1990s. It realised that, as long as it maintained an attack network, it could easily hack into strategic targets with considerable speed. That's why they were driven to aggressively engage China in military exchanges to quickly build up a cyberforce of 500 hackers.

North Korea's history of bold cyber attacks

"Cyberforce is structured around human capital, technology and systemisation of the two, and of these three elements North Korea has focused intensely on nurturing computer whizzes," Kim Heung-kwang said.

Of course, there is one other reason why North Korea is interested in cyberwarfare: it can be insanely profitable.

The Economist reports that, according to South Korean police, the North operates at least 10,000 trained hackers, many of which are breaking into gamers accounts in the south and stealing money, which they return back to their northern masters.

So what's the bottom line with North Korea?

There are a number of key factors, but the most important is uncertainty. North Korea has long been a desperately impoverished, anti-social nation that invests almost exclusively in warfighting.

Because we don't know much about Kim Jung-Un, including how strongly he holds onto power, we can't really be sure exactly how North Korea will behave. However, if the country continues to follow both Juche and military-first policies, it's probable that the country will be putting most of its assets into warfare.

Combine that with a proven warfighting modality like cyberwarfare that's so incredibly inexpensive and demonstrably effective, and it becomes abundantly clear that North Korea will not only continue its cyberwarfare efforts, but also is likely to be stepping it up considerably over the coming years.

[And, as we now know, it very much did.]

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

Editorial standards