X

In North Korea, hackers are the new elite

In the country dubbed the "Hermit Kingdom," just how do the cyberelite operate?

Charlie Osborne Contributing Writer
Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B.
Charlie Osborne
4 min read

Pyongyang, North Korea
Candidates for a North Korean hacking cell called Bureau 121 reportedly study for five years at a school in Pyongyang. Feng Li/Getty Images

North Korea, a country well known for economic problems, poverty, starvation, lofty nuclear goals and a scathing hatred of the United States, is also a land where social class often dictates a person's position in life.

The idea of "songbun" describes a person's social value depending on family connections. In order to attend top universities such as the Kim il-sung university, a student not only needs top grades and a flawless record but also the right background. Should a student succeed, the songbun of the student's family may be raised.

North Korea, despite its self-imposed isolation, desperately requires technology and knowledge from the West, especially regarding science, agriculture and manufacturing. Though international leaders have criticized the country for its nuclear programs and alleged human rights abuses, Pyongyang University of Science and Technology remains funded by the West and is one of few institutions that allow Western teachers.

The leader of the country, Kim Jong-un, has poured resources into nuclear programs while much of the population goes hungry, and now investment is heavy in the next-generation weapons of warfare: skills in hacking and computer science.

While access to the Internet is strictly controlled for the masses, for some, specialization in the Web and computer networks has created an elite class, set apart.

In an interesting feature published Friday, Reuters reveals the existence of a North Korean cell called Bureau 121. The most talented computer experts in the country are recruited into the unit, which is part of the General Bureau of Reconnaissance, Reuters reported, citing defectors from the state. The bureau focuses on spying -- going far beyond reliance on human snitching to maintain control -- and dedicates itself to the surveillance of foreign powers.

The agency is also involved in state-sponsored hacking, ordered by the Pyongyang government to sabotage enemies, according to Reuters' sources.

One only has to scan the website of the DPRK, the state-run official news agency of North Korea, to see potential targets.

Technically still in a state of war with the north, South Korea is often a target of the country's attacks. However, North Korea has also made no secret of its hatred of the United States, and so the country has come under suspicion for the recent attack on Sony's networks.

Sony's internal systems were hacked last month, which resulted in sensitive data belonging to employees and contractors being leaked online. From passport photocopies to passwords and internal audit documents, more and more damage is being revealed every day.

A hacking group called Guardians of Peace is believed to be to blame, but North Korea is under scrutiny in particular.

Why? A film called "The Interview" may be the culprit. The film, which follows two journalists hired by the CIA to assassinate Kim Jong-un, received complaints from North Korean officials, which were ignored by the United Nations. North Korea later described the film as an "act of war."

However, it is worth noting this phrase is used often by the state against South Korea and the United States, and as of yet, it's never been acted on.

When North Korean officials were asked whether the country was the source of the cyberattack, the ambiguous phrase "wait and see" was given in response.

Jang Se-yul, a former student of North Korea's military college for computer science, told Reuters that candidates for Bureau 121 are handpicked at as young as 17 years of age. The destination for chosen students is the University of Automation. After five years of study at the Pyongyang-based campus, the students graduate to join Bureau 121. Places are highly sought after, with 100 people accepted for every 2,500 applicants.

Approximately 1,800 hackers are employed at the unit, conducting campaigns under the umbrella of what's known as the "Secret War" in the state, Jang told Reuters.

The unit also has overseas teams, one of which a friend of Jang Se-yul's works within, earning him and his family a large apartment in upscale Pyongyang, reported Reuters. Because it's the only city seen by foreign visitors -- and bedecked as a result -- entry into Pyongyang is highly sought after and rarely granted by the ruling party.

Officially, the hacker is an employee of a trade firm. Jang told Reuters:

No one knows...His company runs business as usual. That's why what he does is scarier. My friend, who belongs to a rural area, could bring all of his family to Pyongyang. Incentives for North Korea's cyberexperts are very strong...They are rich people in Pyongyang.

According to Kaspersky Labs and other researchers, malware launched against Sony is similar to attacks levied against South Korea. Last year, more than 30,000 PCs at South Korean banks and broadcasting firms were hit, and the malware in question, "DarkSeoul," has striking similarities to the software used in the breach of Sony's security.

This story originally posted as "A glimpse into the world of North Korea's hacking elite" on ZDNet.