Why Did a US Cyber Attack on North Korea Fail?


Reuters investigative reporter Joseph Menn reported Friday that in 2010, the United States tried to attack North Korea’s nuclear weapons program using a version of the Stuxnet virus it deployed in the same time frame against the Iranian nuclear program.

Menn reports that according to at least one U.S. intelligence source, the developers of Stuxnet made a related computer virus “that would be activated when it encountered Korean-language settings on an infected machine.” But the virus and the attack, which originated with the National Security Agency, was ultimately unsuccessful because it could not gain access to North Korean networks.

North Korea’s communications networks are notoriously isolated and this is, in many ways, a barrier to infecting them. While North Korea may be able to engage in its own cyberattacks, such as the suspected Sony hack, it is not as vulnerable to them:

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

NSA Director Keith Alexander said North Korea’s strict limitations on Internet access and human travel make it one of a few nations “who can race out and do damage with relative impunity” since reprisals in cyberspace are so challenging.

When asked about Stuxnet, Alexander said he could not comment on any offensive actions taken during his time at the spy agency.

Iran, on the other hand, has a much more connected online culture and global business engagement, despite sanctions. North Korea is protected, in a way, by its isolation. Very few have access to the open Internet and the country’s only access to the Internet runs through China.

Suki Kim, a journalist who spent six months in 2011 teaching English at Pyongyang University of Science and Technology (PUST), North Korea’s only privately funded university, noted in her memoir that even her students, who were technically computer science majors, were unaware that the intranet they used was not the global Internet.

Iranian and North Korean nuclear programs are similar–they both use P-2 centrifuges, for example–so NSA developers would not have needed to change the virus very much to have a similar impact on either country’s nuclear infrastructure. In Iran, the Stuxnet virus was reportedly responsible for destroying nearly one fifth of Iran’s centrifuges.

The Stuxnet worm was designed to target program logic controllers (PLCs) which allow the automation of industrial processes–essentially, the virus compromised these systems causing “the fast-spinning centrifuges to tear themselves apart.

The similarities of systems and differences in digital connectivity aside, it may have been the limited human connectivity that caused the program to fail. Olympic Games, the code-name for the Stuxnet attack on Iran, impacted centrifuges at a nuclear facility in Natanz, which Menn says was not connected to the Internet:

As for how Stuxnet got there, a leading theory is that it was deposited by a sophisticated espionage program developed by a team closely allied to Stuxnet’s authors, dubbed the Equation Group by researchers at Kaspersky Lab.

The U.S. effort got that far in North Korea as well. Though no versions of Stuxnet have been reported as being discovered in local computers, Kaspersky Lab analyst Costin Raiu said that a piece of software related to Stuxnet had turned up in North Korea.

Menn ends his report with a line from Jim Lewis, an adviser to the U.S. government on cybersecurity issues and a senior fellow at the Center for Strategic and International Studies (CSIS), who said that a cyber attack “is not something you can release and be sure of the results.”

Sign up for our weekly newsletter
The Diplomat Brief