AMU Asia Homeland Security Intelligence Opinion

North Korea’s Cyber Warfare Capabilities

By William Tucker

“The newest addition to the North Korean asymmetric arsenal is a growing cyber warfare capability. North Korea employs sophisticated computer hackers trained to launch cyberinfiltration and cyber-attacks against the ROK and U.S. Such attacks are ideal for North Korea, providing the regime a means to attack ROK and U.S. interests without attribution, and have been increasingly employed against a variety of targets including military, governmental, educational, and commercial institutions.” – General James D. Thurman, Commander, United States-Republic Of Korea Combined Forces, Testimony to Congress, March 29, 2012

It is certainly no surprise that the concept of cyber warfare has taken on such importance to a nation such as North Korea. While many nations have taken to creating offensive capabilities in cyberspace, there is still a widespread lack of proper computer security or a workable policy to deal with the phenomenon from a defensive perspective. For North Korea, however, this presents an opportunity to supplement its time tested foreign policy with a low cost and low risk approach to striking at its adversaries. In the past, Pyongyang has carried out low level denial of service attacks against South Korean and U.S. websites, but it is the criminal enterprise that seems to be the most alluring. As was discussed in the AMU webcast that I conducted in December 2011, North Korea’s economy depends heavily on illicit activity. One of the more notorious cyber operations conducted by North Korea was the targeting of the South Korean Nonghyup bank which disrupted the accounts of over 30 million customers. If North Korea made any money from the attack is unknown, but it does show what Pyongyang’s hacker’s are capable of. Furthermore, North Korea siphons money off online gambling sites as a way of earning extra revenue.

According to North Korean defectors, the recruitment for the cyber army starts young where top performing students are sent to local, prestigious universities such as Kim Il-Sung University and Kim Chaek University of Technology. If the students perform well at these universities, they are then given the opportunity to study abroad where new techniques can be learned. The ability to study both public and private infrastructure of other nations helps to build understanding of how to best attack it as well. The attacks that have taken place are widely believed to have been carried out by the Reconnaissance Bureau – North Korea’s military intelligence apparatus. It is here that reports from defectors diverge as the actual number of employed hackers varies from 3000 to 30,000. The latter number seems rather high given the capabilities needed to train those people, but North Korea has consistently managed to maintain a large military in spite of sanctions and poor economic performance making this possible. South Korean intelligence does suggest that the North launches some 15,000 attacks a day, but doesn’t give specifics on the target or attack type. How Seoul tracks these attacks, or even defines them, isn’t publicly available, either. Regardless, North Korea has found another way to raise tensions with its neighbors as a way to force negotiations for foreign assistance. When striking a South Korean naval vessel or testing a nuclear device seems too provocative, cyberspace offers Pyongyang another, less risky avenue to demonstrate its continued relevance in the Pacific rim.

Comments are closed.