On the eve of the Winter Olympics held in PyeongChang, South Korea, the media reported that hackers attacked South Korean sites trying to obtain passwords and confidential information related to the competitions. Employees at McAfee’s security software company reported attempts to break accounts and e-mails related to the organization of the event. According to experts, the attacks would have come from neighboring North Korea.
It is no longer a secret that Pyongyang is strengthening its cyber force. The computer operations led by Kim Jong-un became a powerful war weapon that began to be exploited in operations of espionage, cryptocoin theft, extortion and political purposes in intimidation of opponents.
In 2013, the network infrastructure of South Korea’s three largest radio stations and of two financial institutions suffered massive attacks. As a result, the KBS, MEU, and YTN computers were suspended and not restarted. Representatives of Shinhan Bank and Nonghyup Bank said that around 32,000 computers had been infected, affecting internet banking and ATM operations.
International sanctions have forced the North Korean government to seek alternative, albeit illegal sources of funding. In 2015, a number of cyber attacks were reported to banks in the Philippines, Vietnam and Bangladesh. A malicious program was also found on computers of bank employees in Poland, Brazil, Chile, Estonia, Mexico, Venezuela and the United States.
In 2016, North Korean hackers performed what could have been the biggest bank heist ever. They were close to stealing US$ 1 billion from the US Federal Reserve, and the only thing that prevented them from doing so was the lack of precision in the word ‘foundation’.
Not long ago, North Korean hackers also attacked South Korea’s cryptocurrency and propagated the ransomware WannaCry, what forced the suspension of work of many organizations and hundreds of thousands of computers worldwide. Given the amounts “earned”, Pyongyang’s indifference to external, economic and political pressure becomes clear.
According to the former director of the UK Government Communications Headquarters, Robert Hannigan, in June last year, North Korea mantained about 1,700 state-sponsored hackers and more than 5,000 just for support. Experts from several countries have no doubt that all of them operate in the Reconnaissance General Bureau (RGB), known as “586th Army Unit”. Of the seven RGB offices, the main unit of international cyberwarfare is called “Bureau 121”.
The US Department of Homeland Security classifies this unit as HIDDEN COBRA, while private companies refer to it as LAZARUS. Hackers involved exclusively in financial operations are known as Biuenoroffs. No one knows for sure how many factions the North Korean cyber force is divided into.
According to the Commander of the US military contingent in South Korea, General Vincent Brooks, the North Korean war potential is capable of delivering the most effective cyber attacks in the world.
Pyongyang’s cybernetic subunits quickly absorbed the knowledge of cybercriminals and copied their main methods, achieving a level of excellence that allows them to perform attacks to the highest strategic objectives and critical global infrastructures.
However, the talks started between Pyongyang and Seoul do not fool anyone. It is a strategy of Kim Jong-un, who needs to gain time and distract the attention of the world to prepare active actions, including cybernetic ones. The outcome of this dialogue will largely depend on what South Korea is willing to grant to North Korea.
Despite the softening in the rhetoric of the North Korean leader, Pyongyang will never abandon the development of nuclear weapons, as well as its abundant cybernetic ammunition.
Marcelo Rech is a journalist, director of InfoRel, specialist in International Relations, Strategies and Policies of Defense, Terrorism and Counterinsurgence and the Impact of Human Rights in Armed Conflicts. E-mail: firstname.lastname@example.org.