Concerns Mount over North Korean Cyber Warfare Capabilities

Monday, June 11, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

According to news published by the Korean JoongAng Daily website, North Korean operatives have been detected launching cyber attacks on Incheon International Airport systems and spreading a virus planted in gaming programs.

The information was provided by the Seoul Metropolitan Police Agency, noting that a 39 year-old South Korean man was arrested for his involvement and charged with violating National Security Law.

The man, a game distributor, was arrested with the help of The National Intelligence Service as announced by South Korean police.

In September 2009, the man traveled to Shenyang in northeastern China to meet agents of an alleged North Korean trading company to acquire software games to be sold in the South. It's seems that the South Korean man was informed of the real identity of the agents which belonged to the North’s Reconnaissance General Bureau.

The Bureau is responsible for collecting strategic, operational, and tactical intelligence for the Ministry of the People's Armed Forces, and it is also responsible for planting intelligence personnel in South Korea.

The South Korean man acquired dozens of games for a price that was a third the cost of the same kind of software in the South. It was later discovered that the games were infected with malware and that the buyer was informed of its presence.

The units were sold by the South Korean man to operators of online games, and the virus infected the applications and intended to transform user's machines in zombies for a botnet created with the purpose to launch distributed denial-of-service attacks against Incheon International Airport.

In March 2011, at least three times the airport was attacked, fortunately without success thanks to the intelligence response.

South Korean intelligence officials suspect that the attacks were prepared by North’s Reconnaissance General Bureau. In September a similar attack against the flight data processor paralyzed air traffic control at Incheon International Airport for nearly an hour.

The main concern is related to the spread of the virus, a cyber weapon used by North Korean government, to interfere with air traffic control at Incheon International Airport.

Many experts are sure that North Korea is conducing a massive cyber campaign against South Korea in an effort to destroy critical infrastructure such as power plants and water.

According to a source, “the North’s Reconnaissance General Bureau has hired group of hackers, mainly located in China, to conduct attacks against strategic targets such as the the South."

What are the cyber capabilities of North Korea?

North Korea has the highest percentage of military personnel in relation to population than any other nation in the world, with approximately 40 enlisted soldiers per 1000 people. 

North Korea also has capabilities that also include chemical and biological weapons.  A defector also declared that North Korea had increased its cyber warfare unit staff to 3,000 people, and is engaged in training young prodigies to become professional hackers.

A large North Korean cyber force responds directly to the command of the country’s top intelligence agency, the General Reconnaissance Bureau. Last year on the internet was published satellite photos of the area that is suspected to host North Korea’s ‘No. 91 Office’, a unit based in the Mangkyungdae-district of Pyongyang dedicated to computer hacking, and its existence was also revealed in a seminar on cyber terror in Seoul.

(click image to enlarge)

According to the revelation by Army General James Thurman, the commander of US Forces in South Korea, the government of Pyongyang is heavily investing in cyber warfare capabilities, recruiting and forming highly skilled teams of hackers to be engaged in offensive cyber operations against hostile governments and to conduct cyber espionage activities.

On more than one occasion, North Korea has threatened the South promising waves of attacks, and the cyber offensive option is the most plausible considering the advantage in terms of efficiency, detection and political impact.

Professor Lee Dong-hoon of the Korea University Graduate School of Information Security said that North Korea’s electronic warfare capabilities are second only to Russia and the United States.

“North Korea has been preparing for cyber warfare since the late 1980s and is now the third strongest after Russia and the U.S.”

He also stated at the Defense Security Command’s defense information security conference in Seoul:

“In North Korea the state nurtures cyber (warfare) personnel to achieve military aims, and is capable of conducting various cyber attacks including denial of service and hacking.”

He referenced the DDoS attack in July 2009 that is suspected to have been launched by the Pyongyang Computer Technology University.

Recently, from April 28 until May 13, GPS signals were jammed causing difficulties in air and marine traffic controls of South Korea, an the origin of attacks were located on the North Korean boundary, leaving little doubt that it was arranged by North Korean intelligence.

According to the security specialist, South Korea is not prepared to respond to the attacks arranged by the Pyongyang government and this consideration must induce serious concern regarding the critical political situation in the area.

The same opinion and concerns on North Korea’s cyber warfare capabilities are shared by chief of the Defense Security Command Army Lieutenant General Bae Deag-sig, who declared:

“North Korea is attempting to use hackers to infiltrate our military’s information system to steal military secrets and to incapacitate the defense information system. The military is updating the information protection policies and systems as part of the efforts to strengthen its response capabilities.”

The evolution of conflicts and the North's increasing propensity to adopt cyber operations should lead many concerns.

In the short term, to defend against the cyber threat, it is necessary for significant investments to be made by countries in the Asia Pacific region to bolster cyber warfare capabilities, and South Korea most of all.

I am unfortunately convinced that dialogue with North Korea at this time of profound change for the country will prove very difficult.

Cross-posted from Security Affairs

Possibly Related Articles:
8115
Network->General
Information Security
China malware Cyberwar Attacks DDoS Gaming Cyber Espionage North Korea South Korea
Post Rating I Like this!
Default-avatar
Cody Renden This is very scary! The stuxnet virus (if American) begins this question of the consequences of a "cyberwar". Would South Korea be within it's rights to bomb North Korea? What is the appropriate response?

The attack on Iran is different due to it's attack not harming people, and not being clear who orchestrated it. However, North Korea seems to be intentionally aiming to bring down flights and shut down South Korea's infrastructure.

If a cyber response is appropriate, I imagine it very difficult to attack North Korea. The majority of the country is so far behind in technology, there is probably almost nothing connected to the internet to exploit.
1339437730
03b2ceb73723f8b53cd533e4fba898ee
Pierluigi Paganini Hi Cody, I believe that the consequences of a cyberwar could be devastating. Every cyber attack, such as a conventional operation, could kill people...it's just a different way to procede. If I destroy a nuclear plant I can kill people around it. Another point to consider is that engage a cyber war is quite simple ... far from media, during the years, many country have already started to attack their enemies ... in the short term I'm sure we will see the effects. ... Flame is nothing
Regards
Pierluigi
1339483515
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked