While the US and others have been focused on North Korea’s nuclear capabilities, the rogue regime has quietly developed an arsenal of cyber weapons.
This arsenal is quite impressive.
In 2013, North Korean hackers stole massive amounts of US and South Korean military documents – including plans to assassinate Kim Jong-un.
In 2014, they launched an attack on Sony to prevent the release of The Interview, a comedy involving the fictional assassination of Kim Jong-un.
In 2015, North Korea hacked into South Korea’s Defense Integrated Data Center and found documents outlining just how South Korea would respond if attacked from the North.
That last attack wasn’t discovered until nearly a year later, and was largely blamed on a contractor who forgot to unplug a cable that connected South Korean military computers to the Internet.
North Korea has also been blamed for the WannaCry ransomware attack in May, which crippled Britain’s National Helath Service (NHS) and infiltrated an estimated 200,000 computers in 150 countries.
“I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the NSA in the United States,” says Microsoft President Brad Smith.
Smith is the first Microsoft executive to blame North Korea for the attack. “I think over the last six months we’ve seen threats come to life, unfortunately, in new and more serious ways. The problem has become bigger.”
North Korea’s increasing cyber capabilities are alarming given that they could increase the regime’s asymmetrical advantage and provide alternative ways to escalate a crisis. While the regime’s weapons tests have garnered international criticism and crippling sanctions, its cyber strikes have earned little recognition or punishment.
How did North Korea develop such advanced hacking?
Many have called into question how a country with the GDP of Vermont can afford to fund the development of cyberweapons. The answer is threefold: reverse engineering, command economy, and a steady stream of income.
It takes skilled computer scientists to create and maintain cyberweapons, but there is also a lot of copying and pasting going on. In other words, countries and organizations regularly use hacking methods developed by other countries and organizations.
“Once your code gets out on the Internet, it’s possible that someone else can intercept and modify for their own use,” says Bob Gourley, founder of the security consultancy firm Cognito. “North Koreans might be borrowing code they saw in a Russian attack…or they may be modifying code of some hacker or some criminal groups.”
The second factor at work here is North Korea’s “command economy,” which means the government has complete control over the production and distribution of goods and services. This means the central government can direct as many resources as its wants towards military programs – even in the face of sanctions.
The third reason North Korea has been able to develop advanced hacking technology is that its cyber division makes tons of money on its own. This is largely due to the fact that the central government allows its military programmers to engage in criminal activities.
“There are remarkable similarities between North Korea and an organized crime group,” explains William Carter, deputy director of a Washington think tank on technology policy. For example, the regime’s cyber division “used a pretty sophisticated scheme to send false payment orders through the Swiss network and got hundreds of millions of dollars transferred out of the banks of Bangladesh, the Philippines, Vietnam, Ecuador, and others and into accounts controlled by the North Korean government.”
One former British intelligence chief believes North Korea makes up to $1 billion per year through cyberheists. That’s more than enough to employ the regime’s army of 6,000 hackers.
We would do well to pay attention to North Korea’s growing cyber capabilities. Think about it: hacking is the perfect weapon for a country that is isolated and has little to lose.
North Korea’s primitive infrastructure means that the country is less vulnerable to cyberattacks. And most of the government’s hackers do their work outside the country anyway.
“Cyber is a tailor-made instrument of power for them,” says Chris Inglis, a former deputy director for the NSA. “There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use. It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.”
The big question now is whether Kim Jong-un, fearful that his nuclear program is becoming too much of a burden, will focus instead on how to use technology to shut down the US without firing a missile. There is no doubt in my mind that a massive cyberattack could be just as devastating as an ICBM.