North Korean tactics in cyberwarfare exposed
An HP report suggests the reclusive country's cyberwarfare capabilities are rapidly making it a threat to Western systems.
North Korea's cyberwarfare capabilities are on the rise despite being entrenched in aging infrastructure and dampened by a lack of foreign technology.
According to a report released by Hewlett-Packard researchers, the so-called "Hermit Kingdom" may keep Internet access from the masses and maintain an iron grip on information exchange, but this hasn't stopped the country from training up the next generation of cybersecurity and cyberwarfare experts.
A number of countries, including the United States, have imposed restrictions on North Korea which prevents the open trade of technologies which would enhance cyber tools and capabilities -- due to the regime's treatment of citizens and closed-border policy. However, according to HP, the country is "remarkably committed" to improving its cyberwarfare capabilities.
South Korea views the regime's cyber capabilities as a terroristic threat, and has prepared for a multifaceted attack in the future -- although it is important to note no such attack has yet occurred. According to a report written by Captain Duk-Ki Kim, a Republic of Korea Navy officer, "the North Korean regime will first conduct a simultaneous and multifarious cyber offensive on the Republic of Korea's society and basic infrastructure, government agencies, and major military command centers while at the same time suppressing the ROK government and its domestic allies and supporters with nuclear weapons." South Korea also claims that North Korea's "premier" hacking unit, Unit 121, is behind the US and Russia as the "world's third largest cyber unit."
In 2012, South Korea estimated that North Korea's hacking team comprises of roughly 3000 staff, while a report released by South Korean publication Yonhap upgraded this figure to 5900.
According to the PC maker, it is difficult to gather intelligence on the isolated North Korea's hacking teams. Reports not only often come from the US and South Korea, but reports coming from the latter may be biased due to the political tension between the two regions. Another problem is North Korea's heavy restriction on Internet use, which is censored by the state and only used by the social elite. However, this means that any attacks originating from the country are highly likely to be state-sponsored, and rogue actors are unlikely to exist.
As cyberattacks will therefore be attributed to the country's governing body, HP says that many attacks sponsored by the regime originate from other countries, including China, the US, Europe, and even South Korea.
North Korea's Reconnaissance General Bureau (RGB) is in charge of both traditional and cyber operations, and is known for sending agents abroad for training in cyberwarfare. The RGB reportedly oversees six bureaus that specialize in operations, reconnaissance, technology, and cyber matters -- and two of which have been identified as the No. 91 Office and Unit 121. The two bureaus in question comprise of intelligence operations and are based in China.
The RGB also reportedly oversees state-run espionage businesses located in 30 to 40 countries, often hosted in unsuspecting places such as cafes. Members of this espionage network reportedly "send more than $100 million in cash per year to the regime and provide cover for spies," the report says.
In addition, the country's Worker's Party oversees a faction of ethnic North Koreans living in Japan. Established in 1955, the group -- dubbed the Chosen Soren -- refuse to assimilate in to Japanese culture and live in the country in order to covertly raise funds via weapons trafficking, drug trafficking, and other black market activities. The group also gathers intelligence for the country and attempts to procure advanced technologies.
Despite aging infrastructure and power supply problems, North Korea reportedly was able to gain access to 33 of 80 South Korean military wireless communication networks in 2004, and an attack on the US State Department believed to be approved by North Korean officials coincided with US-North Korea talks over nuclear missile testing in the same time period. In addition, a month later, South Korea claimed that Unit 121 was responsible for hacking into South Korean and US defense department networks.
North Korea also tested a logic bomb in 2007 -- malicious code programmed to execute based on a predefined triggering event -- which led to a UN sanction banning the sale of particular hardware to the country.
According to the report, the regime regularly exploits computer games in order to gain financially and orchestrate cyberattacks. In 2011, South Korean law enforcement arrested five men for allegedly collaborating with North Korea to steal money via online games, specifically the massive multiplayer online role-playing game (MMORPG) "Lineage." The games were believed to act as conduits for North Korea to infect PCs and launch distributed denial of service (DDoS) attacks against its southern neighbor.
However, it is worth noting that North Korea's DDoS capabilities are lacking as there are few outgoing connections due to heavy censorship and Internet restriction. This is why researchers believe the country uses the networks of other nations and botnets instead.
The full HP report is available here (.PDF). The analysis is based on open source intelligence gathered HP's security team.
This story originally appeared as "North Korea cyber warfare capabilities exposed" on ZDNet.