Why cyberattacks are the logical North Korean weapon

Suspicion for yesterday's cyberattack quickly fell on North Korea. Cyberwarfare gives North Korea the chance to inflict damages on a militarily superior foe, without having to own the responsibility.

After an apparent cyberattack disrupted operations at a number of South Korean broadcasters and banks yesterday, officials here are trying to figure out whether North Korea is responsible. If so, it would show that despite the stark contrast in development between the two countries, the North is capable of striking its southern rival in an unconventional, but harmful, manner.  

For all its bombast, North Korea may actually be reluctant to enter into a military conflict with the South and its US allies because of the alliance’s superior military strength. But cyberattacks can be harmful, create a climate of fear, and avoid any direct consequences.   

This type of attack suits North Korea.

“Cyberwar is right up their street. It’s cheap and deniable,” says Aidan Foster Carter, a Korea expert at the University of Leeds. 

Cyberattacks on South Korean government agencies and financial institutions in 2009 and 2011 were attributed to North Korea. And the North has issued threats specifically targeting South Korean conservative media outlets (including some of the networks that reported disturbances yesterday), which tend to be harshly critical of Pyongyang.  

The attacks come amid high tensions on the Korean Peninsula, with the North issuing unusually hostile threats in retaliation for US-South Korea military exercises, as well as increased United Nations sanctions following the North's third nuclear test.

The watchdog Korea Communications Commission announced today that part of the damaging code came from an Internet Protocol (IP) address in China. While this can’t be traced directly to North Korea, the North is believed to have a large network of hackers, some of whom operate in China, according to defector reports.

China denied any responsibility for the hacking attack, saying such anonymous cross-border incidents were a global problem. "Hackers often use the IP addresses of other countries to carry out their attacks," Foreign Ministry spokesman Hong Lei told reporters in Beijing on Thursday.  

A high-ranking official in the Blue House, South Korea’s presidential office, told Yonhap News Agency, “[The government] is closely analyzing the incident with all possibilities open, while bearing a strong suspicion that North Korea conducted the attack."  

Since they signed a truce – effectively ending the Korean War – in 1953, South and North Korea have gone in very different directions, and the differences between them are vividly illustrated in their technological capabilities. 

According to data released in July 2012 by the Organization for Economic Cooperation and Development, there are more Internet connections than there are people in South Korea.  Many daily tasks here are performed online, from banking and the purchasing of movie or train tickets to social interactions. As such, South Koreans have a lot to lose from a malicious attack on the country’s IT infrastructure. 

By stark contrast, in North Korea, which regularly experiences power outages, only a fraction of privileged elite can get online, and even then would just have access to a state-controlled intranet that only permits approved sites. 

Though North Korea is generally undeveloped, it does have a corps of hackers who are trained by the state and apparently able to carry out cyberattacks. “North Korean hackers are obviously quite capable technically,” says Moon Young-woo, president of IT Bank, a company that provides consulting on how to safeguard information and prevent hacking. 

“Their skills are good. If they were behind this attack, it was probably meant to put pressure on the new [South Korean] government. If it was done by Chinese hackers, it was probably just some people who wanted to show off their skills,” says Mr. Moon.

And even though South Korea is the far more developed country, it is still at least somewhat vulnerable to hacking. After Wednesday’s disturbance, the banks and broadcasters were able to get most operations running again without too much of a delay, but a more effective malicious code could perhaps one day do more damage.

After the 2011 attack, which targeted government and banking websites, South Korea announced a beefed-up cybersecurity strategy that involved more than a dozen government ministries. The stronger system has apparently been more successful at preventing network intrusions.

“South Korea’s defenses are strong enough to deal with the kinds of attacks we’ve seen in the past. But if a group of hackers were to execute a targeted attack, meaning they develop a virus specifically tailored to one target, it would be very hard to defend because the virus could be new and unfamiliar,” says Hong Min-pyo, president of SEWorks and one of Korea’s top IT experts. Mr. Hong is what Koreans call a "good" hacker, working to stifle the efforts of malicious hackers and stop the spread of harmful code. 

While online freedoms in North Korea are still exceptionally limited, over the past few months Pyongyang has made some cautious efforts to open up technologically. Starting in late February, foreign visitors to the North were able to use mobile phones and Internet. This service is only available to foreigners, but is noteworthy as it allows access to social media such as Twitter and Instagram.