Skip to: Content
Skip to: Site Navigation
Skip to: Search


In cyberarms race, North Korea emerging as a power, not a pushover

A 4-year cyberattack-and-espionage campaign targeting key South Korean institutions suggests North Korean cyberwarfare capabilities are far more potent than previously believed.

By Staff writer / October 19, 2013

A Digital Forensic Investigation team entered the Cyber Terror Response Center in Seoul, South Korea in March. The team was responding to a cyberattack linked to North Korea.

Lee Jin-man/AP


Often dismissed as a laggard in the global cyberarms race, North Korea has long been seen as a chronic cyber-superpower wannabe. Its poverty, minimal Internet access, and paucity of malicious software to its credit together have indicated that the "hermit kingdom" has just not yet arrived.

Skip to next paragraph

But that equation is changing. While the North's nuclear ambitions and maltreatment of its citizens absorb diplomatic bandwidth, a four-year cyberattack-and-espionage campaign targeting South Korean banks, news media, telecoms, and military think tanks has revealed North Korean cyberwarfare capabilities to be far more potent than previously believed, US experts say and new analyses show.

What's more, say American cyberwarfare and North Korea experts, the North's advancing capabilities show a dangerous potential to slide into real-world conflict.

"Over the past four years the North has seriously intensified its cyberwarfare development efforts at South Korea's expense," says Alexandre Mansourov, a visiting scholar at the US-Korea Institute at Johns Hopkins University in Baltimore. "The [Korean People's Army] is basically planning for a future cyberwar and has been hacking to collect intelligence and prepare to disrupt information and communications, surveillance, and reconnaissance systems of its enemies: South Korea, the US, and Japan."

Analyses of these attacks, while falling short of "smoking gun" proof, leave little doubt North Korea is not only behind major attacks against the South – but that its capabilities are much broader than previously believed, Dr. Mansourov and others say. As a result, these experts are boosting their estimates of the sophistication and pace of the North's cybermilitary development – and of its threat to the United States.

Most revealing is the new linkage between the North and four years of increasingly threatening attacks on South Korea, analyzed by leading cybersecurity firms in the past five months. The attacks have cost the South more than $750 million, South Korean lawmakers said this month, citing Defense Ministry data.

The first major attack, on July 4, 2009, began with a modest distributed denial-of-service (DDoS) bombardment – with millions of requests per second (tiny compared with today's attacks) clogging Korean and US government and financial websites for days. The attacks appeared to emanate from 435 different servers in 61 countries around the world – including in South Korea itself.

But a second attack on March 4, 2011, went beyond basic DDoS by launching malicious software that wiped hard drives on systems at one of the South's biggest banks, leaving 30 million customers without ATM services for days.

The picture clears

Initial investigations suggested that the North was responsible, but were ultimately inconclusive.


  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer


Editors' picks:

Doing Good


What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

Become a fan! Follow us! Google+ YouTube See our feeds!