North Korea: nothing to fear?

Top cyber-warfare expert Professor Andrew Jones is casting doubt on North Korea’s ability to mount deadly attacks Matt Warren reports …

Professor Jones, an expert in military intelligence and author of ‘Global Information Warfare’, believes the Koreans ‘ are a threat’ but that the level of the threat posed is ‘poorly understood.’

Jones believes that the capability of the North Koreans has been overstated and that their strength in A North Korean missile unit takes part in a military parade to celebrate the 75th anniversary of the founding of the Korean People's Army in Pyongyang in this picture taken April 25, 2007. North Korea fired several short-range missiles towards the Sea of Japan on Friday morning, Kyodo news agency said, quoting Japanese and U.S. Officials. REUTERS/Korea News Service (NORTH KOREA) JAPAN OUTcyber-space is no greater than ‘organisations like Anonymous or Lulzsec’ who also have far greater access to the internet than the isolated communist state, which according to the New York Times has just ‘1,024 official Internet protocol addresses… fewer than many city blocks in New York.’

The North Koreans have long been aware of the importance of developing cyber-warfare capabilities. This lead to the creation of Unit 121 in the late 1990’s.

According to Duk-Ki Kim, a South Korean naval officer who has researched the subject, Unit 121 is made up of approximately 300 persons, organized into 10 combat teams and 110 research teams though the exact size of the operation is unknown.  

The notorious Unit 121 is not the only cyber espionage and warfare unit at the disposal of the North Koreans however Unit 110 – also known as the Technology Reconnaissance Team – carries out cyber-attacks on military and other strategic organizations and is thought to have been responsible for the July 2009 Distributed Denial of Service  (DDoS) {link to glossary} attacks against the United States and South Korea.

Kim Heung-Kwang (600 x 450) (152 x 158)The North Korean defector Professor Kim Heung-Kwang has claimed in media reports that the regime of Kim Jong Un is now spending around 10-20% of its military budget on cyber operations and that their goal is to produce a piece of malware as powerful as the Stuxnet virus that temporarily disabled Iran’s nuclear centrifuges. Prof Kim, though he has been out of the country since 2004, during which time it is clear that NK’s cyber capability has improved, claims that he has regular contact with high level officials linked to Unit 121. 

It is thought by some experts to have been behind the hack attack on Sony Pictures, in which the American movie giant’s systems were breached and films were stolen and released online before their scheduled premiere dates in cinemas. This had the effect of killing the market for the stolen films – one of which was  ‘The Interview’, a comedy telling the fictitious story of a pair of American TV journalists who are recruited by the CIA to assassinate North Korea’s Supreme Leader Kim Jong Un. The hackers who stole the films also broke into staff email accounts, releasing details of their identities. They included Princess Beatrice, the grand-daughter of Queen Elizabeth II, who was employed at the Sony Pictures London branch at the time.  

The warning from the "Guardians Of Peace' a hacking group the FBI claimed was sponsored by North Korea

The warning from the “Guardians Of Peace’ a hacking group the FBI claimed was sponsored by North Korea

Many observers, including the US, attributed the Sony Pictures hack to the North Koreans. However Professor Jones says that even though it is ‘strongly thought’ that the North Koreans were responsible “attributing cyber-attacks is very difficult. Conclusively attributing them is almost impossible.”

Were the North Koreans to attempt such an attack, they would almost certainly need the permission of their close allies, the Chinese. It is unlikely that the Chinese would allow them to do this, given the immense international backlash that would probably follow.

However, Prof Jones says, the endorsement and collusion of the Chinese would not be the only way for the North Koreans to launch an attack. He says we are seeing the emergence of cyber special forces which could be embedded in other countries around the globe and would make placing the blame on any one country or group – let alone the North Koreans — very difficult.   

At the moment, it is likely that any attacks instigated by the North Koreans are being orchestrated from outside the country, most likely from China as this provides them with not only the necessary bandwidth to launch an operation but also as Prof Jones puts it ‘security through obscurity’. 

There is considerable evidence that the North Koreans were responsible for a series of cyber-attacks on South Korean infrastructure from 2009 to 2013, in what was dubbed ‘Operation Troy’ by a McAfee report. These attacks reached their peak in 2013, where the activities of banks and news agencies were crippled when the hard drives of thousands of computers were wiped.

The activity was initially considered to be separate attacks by two groups, the New Romantic Cyber Army Team and the Who is Hacking Team, research by Symantec and McAfee indicated that the attacks were linked. The McAfee report indicates that the activity included MBR wiping, which resulted in the loss of data, cyber vandalism, and a covert espionage campaign.

As such, Prof Kim’s claim that North Korean cyber-attacks ‘could kill’ is not too far-fetched, as in the event of an attack taking out communications systems within a country and therefore impeding the ability of emergency services to react to accidents then clearly this could indirectly lead to deaths.

Disabling communications such as television and locking our customers from cash machines (ATMs) could also trigger mass panic in our increasingly technology reliant world. Now that individual components of our Critical National Infrastructure are online, each with their own IP address, all our services such as water supplies, electricity, transport systems, phone networks and banking are vulnerable to cyber attack.. Take those down and the theory is that you will create mayhem and inevitably death. Over the last ten years there has been increasing concern about the fact that some unknown countries have been stealing the settings of all of these networks in a series of attacks that have been dubbed APTs (Advanced Persistent Threat attacks). The attacks have been widely attributed to the Chinese and it is suspected that the purpose is to gather up all of the information needed to disable the infrastructure.

To prevent this, in 2011, the UK Government, together with a number of private firms, jointly established a Cybersecurity Information Sharing Partnership (“CISP”). Over 1000 organisations have signed up to the so called ‘Fusion Cell’ including Virgin Media, Babcock, BT and the Lloyds Banking Group. 

In addition, the UK government set up the Centre for the Protection of National Infrastructure (CPNI). The role of the CPNI is to protect national security by providing advice and assistance to the organisations that make up the UK’s national infrastructure. The advice covers all aspects of security including the physical, personnel and cyber areas. The CPNI answers to the Security Service and GCHQ.

The critical national infrastructure (CNI) of a country is defined by the U.K. government as: “those facilities, systems, sites and networks necessary for the functioning of the country and the delivery of the essential services upon which daily life in the UK depends” and includes communications, water, energy and financial services. Significant disruption to any of these sectors would likely cause mayhem and deaths. If water supplies were to be knocked out for an extended period of time the consequences would be devastating, while energy supply malfunctions during winter would almost certainly lead to an increase in deaths particularly among the elderly.

As Professor Jones points out, the North Korean cyber warfare force is small in numbers. Yet it may be capable of hitting the critical national infrastructure, where a minor disruption can quckly escalate into a major panic.



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.