Cyberwar: Nation-state cyber attacks threaten every company
The leaders of the US and North Korea, President Donald Trump and Kim Jong Un, are due to meet tomorrow.
Whether the summit succeeds or fails, both players will still indulge themselves in a disturbing trend: a free-for-all assault on other countries, businesses, and individuals alike through state-sponsored cyberattacks.
The United States and North Korea have never been the best of friends, to put it lightly. However, both countries have enough firepower -- both in the physical and digital realms -- to cause serious damage.
Cyberattacks may not be on the summit's agenda, but digital weaponry can still be debilitating, and both countries have invested in training up the next generation of hackers, for good or ill.
We hear more about North Korea's generally brazen cyberattacks, but the US has, potentially, a more diverse talent pool to draw from and a cache of tools which -- until recently -- gave US law enforcement quiet dominance in covert cyberespionage operations.
As the time for the summit approaches, let's take a look at the US and North Korea's past relationship, hacking history, and virtual weapons of choice.
A history of relations between the US and DPRK
Once unified under the Joseon Dynasty, for over six decades North and South Korea have been split, with territories clearly marked by a demilitarized zone which separates the peninsula.
Following the end of the second world war, US forces cleaved the two down the 38th parallel of latitude, with American influence heavy in the South, whilst the USSR dominated the North.
Unification through nationwide elections was proposed in 1948 but a lack of trust on both sides meant this never took place.
South Korea declared its independence in 1948, and an incentivized push into industrialism has created the high-tech country we know today, which is home to some of the most advanced technology companies in the world.
In comparison, after the Soviets appointed Kim Il-Sung to a dynastic throne in the North, officially known as the Democratic People's Republic of Korea (DPRK), the country has gained the uncomplimentary nickname of the "Hermit Kingdom."
Defectors bring with them stories of a lack of freedom of movement, tales of human rights violations, gulags, starvation, and a strict "Juche" class system.
Human Rights Watch has described North Korea as "one of the most repressive authoritarian states in the world." The agency's 2018 World Report suggests that the country "restricts all basic civil and political liberties for its citizens, including freedom of expression, religion and conscience, assembly, and association."
It was only in April that after 65 years, leaders between the North and South, Kim and Moon Jae-in, agreed to work together to establish a "peace zone" on the militarized border and formally declare the end of the war.
However, relations between the US and DPRK have been, in the past, almost unwaveringly hostile. There has been almost no diplomacy between the two countries for decades, since the physical end of the Korean War.
Tensions reach boiling point
North Korea has operated a nuclear program and performed tests for years. In 2002, the Bush Administration reportedly uncovered evidence of a uranium enrichment program in North Korea -- an allegation repeatedly denied by the country -- which led to the former US president branding DPRK as an "axis of evil."
Repeated attempts at diplomacy between the US, China, North Korea, and other countries failed. DPRK moved forward with nuclear testing, much to the dismay of the international community.
In 2017, the country fired over 20 missiles and conducted its sixth nuclear test, and one ballistic missile, fired towards Japan, heightened diplomatic tensions further.
In the past, Trump has called Kim a "very bad dude" and promised "fire and fury" should threats be made from North Korea to the United States.
In turn, DPRK threatened to assault Guam, claiming the action would "send a serious warning signal to the US."
Back in September, US President Trump dubbed his North Korean counterpart as "little rocket man" in reference to the country's rocket testing.
In turn, Kim called Trump a "mentally deranged US dotard."
At this point in time, with many of us collectively holding our heads in our hands in disbelief at the childish behavior of country representatives with nuclear power in their grasp, the idea of the mudslingers shaking hands for a photo opportunity seemed impossible.
However, in a surprising move, Kim and Trump agreed to meet, leading to the formation of the anticipated Trump-Kim summit.
The pair will have a one-on-one meeting with the help of translators, but not aides, in Singapore on Tuesday. Reports suggest that the US will offer security assurances not to attack the DPRK with nuclear or conventional weapons, should the North agree to begin to dismantle its nuclear program.
An agreement between the two military powers not to launch us all into nuclear war can only be considered positive, but when it comes to cybersecurity and cyberwarfare, there are yet to be any guarantees on the table.
After all, cyberespionage and cyberattacks can be lucrative, destabilizing to rivals, a boon to intelligence gathering, and can -- in many ways -- help ruling powers achieve their aims covertly and quietly.
SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | download the PDF version
Objectively speaking, you wouldn't necessarily link North Korea to advanced hacking groups.
The country's resources are limited, the core services we take for granted -- such as electricity -- are scarce unless you live in the country's capital, Pyongyang, and even then, the lights are often out, showing little more than darkness through satellite images.
There are only two main internet lines, through China and Russia, which connect North Korea to the rest of the world. Internet usage is heavily censored and controlled through the state's Red Star operating system and firewalls. Only the elite and trusted members of the ruling class generally have access.
So how is it that the country is able to support advanced cyberespionage activities?
Warfare is not only won these days through rockets, diplomatic and economic muscle, or infantry stocks. Instead, in a digital world, information can hold the key to competitive advantage on the global platform.
According to Ross Rustici, senior director for intelligence research at Cybereason, as reported by the South China Morning Post, it is to the world's "detriment" to brush off the Hermit Kingdom when it comes to cyber warfare.
"[North Koreans] have proven time and again that they are very, very capable," the researcher said.
Priscilla Moriuchi, director of strategic threat development at Recorded Future, told the publication that the country runs a "cyber training pipeline" designed to crank out hackers.
"They would identify kids with promise in math, or science and technology in middle school, send them to one or two particular middle schools, that filter into one or two universities," the security expert said.
Pyongyang's Kim Il-sung University and Kim Chaek University of Technology are believed to be the training grounds for the country's hacking teams. Once qualified, many go on to join what is known as Bureau 121, part of North Korea's Reconnaissance General Bureau.
Many of the best and brightest end up overseas, such as in China, India, and Cambodia.
A defector and former hacker for DPRK told Bloomberg that in his line of work hackers were expected to bring in $100,000 a year through cyberattacks and fraud, but are only allowed to keep a fraction of their ill-gained profits.
Wherever they may be, North Korean hackers, backed by the state and behaving based on the DPRK ruling party's wishes, are believed to be responsible for a vast array of bold attacks in the name of money, or the reputation of the regime.
Some of these include, but are not limited to:
- Nonghyup, 2011: An attack against South Korean farm co-op Nonghyup paralyzed the bank, leaving customers unable to access funds for over a week.
- South Korean banks, 2013: The operations of three major banks and two broadcasters collapsed at the same time as North Korean news agency KNCA relayed a message from North Korean's leadership, pledging to destroy the South's government.
- Sony, 2014: The FBI blamed North Korea for a brutal cyberattack on Sony which compromised the tech company's networks and led to the leak of terabytes of information online. It is believed the attack was launched in response to Sony's planned release of "The Interview," a film which tells the satirical story of journalists recruited to assassinate Kim Jong Un.
- The Central Bank of Bangladesh, 2016: The notorious bank heist which targeted the Central Bank of Bangladesh's Federal Reserve account lead to the theft of $81 million, and was connected to the Sony breach -- and therefore North Korea -- through the malware utilized in the compromise of the SWIFT bank communications system.
- WannaCry, 2017: The release of NSA tools including EternalBlue by the Shadow Brokers hacking group ultimately led to the global WannaCry ransomware attack, which debilitated companies worldwide without prejudice. It is believed that North Korea threat actors implemented the exploit in distributing the ransomware.
- US utilities, 2017: Cybersecurity firm FireEye believes that the rogue state is behind a number of attacks aimed at US electricity companies.
- Energy services, 2017: A group known as Covellite, connected to North Korea, has been linked to attacks against US, European and East Asian organizations involved in consumer energy. However, in recent months, attacks against US targets appear to have been abandoned.
- Cryptocurrency exchanges, South Korea: South Korea is a common target for DPRK hackers, and cryptocurrency exchanges -- containing millions of dollars' worth of virtual assets -- are lucrative. According to South Korean officials, North Korea is responsible for the theft of "billions of won" from exchanges over the past 12 months.
- Cryptojacking, worldwide: Cybersecurity professionals have suggested that the regime's hackers have created cryptojacking malware designed to steal victim CPU power to mine cryptocurrency. Proceeds are allegedly finding their way to North Korea's Kim Il Sung University.
- Journalists and defectors, worldwide: Malware-laden Android apps, aimed at North Korean defectors and journalists covering the regime, keep slipping through the net and appearing on Google Play.
- Ontario's rail system, 2018: Metrolink, Ontario's transportation agency, claims that North Korea attempted to derail IT systems, without success.
North Korean threat actors, believed to number in the thousands, often create their own malware tools through modular designs but have also been known to rip software source code apart in order to rebuild it in North Korea's image.
Versions of the apparent antivirus in the wild which contain hidden Trojans for cyberespionage purposes have been recorded.
North Korean threat actors, such as the Reaper APT (APT37), also utilize zero-day vulnerabilities to attack government targets with malware wipers, surveillance systems, backdoors, and exfiltration tools.
Read on: North Korean defectors, journalists targeted through Google Play | North Korean hacking group Covellite abandons US targets | North Korea stole 'billions of won' in cryptocurrency last year | North Korean Reaper APT uses zero-day vulnerabilities to spy on governments | Android trojan targets North Korean defectors and their supporters
The US is no angel, either, when it comes to cyberespionage. The country has a long history of covert and clandestine activity -- against not only rival countries but its own citizens -- which has simply spread to embrace cyber warfare.
The US may not have to hide its operations so fiercely, especially if such actions are deemed to be in the interest of "national security," but there are many incidents -- such as those listed below -- which may be dubious when considered in the balance between national security and individual rights to privacy.
- Keyloggers, 1999: In one of the first known cases of US law enforcement hacking, the FBI installed a keylogger on the PC of a suspected member (.PDF) of the Italian-American mafia.
- Bomb threats, 2007: The FBI posed as a reporter and sent a fake news article to a 15-year-old believed to be responsible for bomb hoaxes sent to a school in Washington, DC. The article included a spyware payload eventually used to track down the teen, who pleaded guilty.
- Stuxnet, Iran: Stuxnet is widely accepted as a worm created between the US and Israeli governments which targeted centrifuges in Iranian uranium plants. The worm spread through Microsoft Windows zero-day vulnerabilities.
- Tor, 2017: The "Playpen" case, in which the FBI used an exploit against the Tor network to charge a man for viewing images of child pornography, failed and charges were dropped after US law enforcement refused to reveal the details of the exploit. However, the operators of the website were arrested, charged, and jailed.
- Russia, current: Remarks made by government officials suggest that the US may be quietly retaliating against Russia in response to the country's meddling with the US election.
- Apple iPhones, 2015 to the current date: Encrypted mobile devices are a thorn in the side of the FBI. The agency attempted to force Apple to unlock an iPhone belonging to one of the perpetrators involved in the 2015 San Bernardino shooting, without success. The FBI then paid roughly a million dollars for outside assistance.
- Banks, NSA: The NSA has targeted the SWIFT banking system in the past by using zero-day exploits, according to leaked documents.
The skills of US law enforcement to hack computer systems have evolved beyond the use of keyloggers to compromising Tor, which is no mean feat. However, in the same breath, technological advances -- such as the use of encryption -- has made life difficult for US teams.
Likely to the US government's chagrin, its own mass data collection activities, implemented through the US National Security Agency (NSA) and leaked by former NSA contractor Edward Snowden, even five years on, continue to make us more aware of our own privacy -- and ways to prevent surveillance.
Nonetheless, the US government pours vast resources into strengthening its cyber warfare capabilities.
Nothing is off the table. Keyloggers, covert spyware and data collection, and the use of zero-day vulnerabilities for the US government's own purposes are all fair game.
See also: Oracle's cloud business in the time of Trump | Trump White House promises not to stifle AI research with regulation | Trump-linked data firm Cambridge Analytica harvested data on 50 million Facebook profiles to help target voters | Trump rejects TPP hopes | In Trump's first year, FISA court denied record number of surveillance orders
We have seen a glimpse of what the country is capable of through the treasure trove of surveillance tools, documents, and exploit notes leaked by the Shadow Brokers, belonging to the NSA's Equation Group.
The leak included Windows zero-days such as EternalBlue, tools to compromise and siphon information from servers, the DoublePulsar backdoor, Cisco and Fortinet zero-day bugs, as well as Linux and Unix tools and exploits.
While North Korea appears to rely on ripping source code from software to create its own versions of modular software, the US relies on finding -- and keeping quiet about -- vulnerabilities in popular software in order to compromise systems.
These same vulnerabilities can be used against its own citizens by homegrown hackers and criminals.
Both groups develop their own malware strains and covert tools, and both are dangerous to the overall concept of security and privacy.
What does this mean?
We will have to see the result of the summit to ascertain whether or not this is the case. Either way, should a rapport be established between these two unlikely characters, discussions, one day, will likely also include the pressing matter of cyberespionage and cyberattacks as a whole.
No country is innocent of such tactics, and state-sponsored attacks from every corner have the capability to take down our core services, our financial systems, and devastate our economies.
Governments may overstep the mark, but these are the same individuals which choose whether or not they have -- and what the consequences may be.
Previous and related
The deal with ZTE was a 'personal favour' to the Chinese president, White House trade adviser Peter Navarro has said, and it boosted 'goodwill' for the North Korea summit.
North Korea is a bizarre country that almost seems frozen in time -- a bizarre, frozen-in-time, armed-to-the-teeth, crazy-dangerous country. We take a deep look at the early cyberwar efforts of an increasingly aggressive cyberwar player.
Unlike nuclear weapons, cyberweapons can be proliferated more quickly and the threat from accidentally setting them off is even greater.