In cyberarms race, North Korea emerging as a power, not a pushover
A 4-year cyberattack-and-espionage campaign targeting key South Korean institutions suggests North Korean cyberwarfare capabilities are far more potent than previously believed.
Often dismissed as a laggard in the global cyberarms race, North Korea has long been seen as a chronic cyber-superpower wannabe. Its poverty, minimal Internet access, and paucity of malicious software to its credit together have indicated that the "hermit kingdom" has just not yet arrived.Skip to next paragraph
In Pictures North Korea: A credible threat?
Subscribe Today to the Monitor
But that equation is changing. While the North's nuclear ambitions and maltreatment of its citizens absorb diplomatic bandwidth, a four-year cyberattack-and-espionage campaign targeting South Korean banks, news media, telecoms, and military think tanks has revealed North Korean cyberwarfare capabilities to be far more potent than previously believed, US experts say and new analyses show.
What's more, say American cyberwarfare and North Korea experts, the North's advancing capabilities show a dangerous potential to slide into real-world conflict.
"Over the past four years the North has seriously intensified its cyberwarfare development efforts at South Korea's expense," says Alexandre Mansourov, a visiting scholar at the US-Korea Institute at Johns Hopkins University in Baltimore. "The [Korean People's Army] is basically planning for a future cyberwar and has been hacking to collect intelligence and prepare to disrupt information and communications, surveillance, and reconnaissance systems of its enemies: South Korea, the US, and Japan."
Analyses of these attacks, while falling short of "smoking gun" proof, leave little doubt North Korea is not only behind major attacks against the South – but that its capabilities are much broader than previously believed, Dr. Mansourov and others say. As a result, these experts are boosting their estimates of the sophistication and pace of the North's cybermilitary development – and of its threat to the United States.
Most revealing is the new linkage between the North and four years of increasingly threatening attacks on South Korea, analyzed by leading cybersecurity firms in the past five months. The attacks have cost the South more than $750 million, South Korean lawmakers said this month, citing Defense Ministry data.
The first major attack, on July 4, 2009, began with a modest distributed denial-of-service (DDoS) bombardment – with millions of requests per second (tiny compared with today's attacks) clogging Korean and US government and financial websites for days. The attacks appeared to emanate from 435 different servers in 61 countries around the world – including in South Korea itself.
But a second attack on March 4, 2011, went beyond basic DDoS by launching malicious software that wiped hard drives on systems at one of the South's biggest banks, leaving 30 million customers without ATM services for days.
The picture clears
Initial investigations suggested that the North was responsible, but were ultimately inconclusive.