The Koreas

Hacks After Nukes: The Coming of North Korea’s Cyber Threat

Recent Features

The Koreas

Hacks After Nukes: The Coming of North Korea’s Cyber Threat

The upcoming Trump-Kim summit may provide an opportunity to raise questions about North Korea’s cyber attacks.

Hacks After Nukes: The Coming of North Korea’s Cyber Threat
Credit: Flickr / (stephan)

U.S. President Donald Trump’s decision to resume the meeting with North Korea’s Kim Jong-un on June 12 has attracted the world’s attention. Both Kim and Trump’s willingness to set up the historic meeting might signal positive progress towards a nuclear-free Korean peninsula. However, while the world’s eyes are focused on North Korea’s nuclear capabilities, we must not set aside another imminent threat that Kim’s regime possesses, and that is its capabilities in conducting cyber attacks.

In May, the FBI and U.S. Department of Homeland Security (DHS) announced two malicious attacks against the U.S. infrastructure that were attributed to North Korean hacker group, Hidden Cobra (also called Lazarus Group). This was not the first cyber attack allegation against North Korea this year. On March 14 to 18, the very same group was suspected of conducting a global hacking campaign called Operation GhostSecret targeting critical infrastructures in 17 different countries.

North Korea’s persistent behavior conducting malicious attacks in cyberspace is significant because it indicates the growing capabilities of its hacker group. Although it is difficult to quantify, the threat of North Korea’s cyber attacks may be on a par with the threat coming from its nuclear weapons possession. While the Trump-Kim summit raises hopes for progress on denuclearization, it remains difficult to measure North Korea’s capabilities in the ungoverned territory of cyberspace.  

The Problem of a Cybersecurity Threat

The networked character of computer system mean that an attack against an individual object inside the network could also affect other objects in the network or even transgress to objects outside of the network itself. Therefore, when one unit’s security is compromised, other units that are connected to it are also prone to the threat. As the world becomes globalized and becomes interconnected through the use of the Internet, each entity, even to the smallest unit as individuals, is prone to cybersecurity threats.

There is an underlying issue in resolving threats emanating from cybersphere, that is the issue of attribution. The attribution of activities conducted through the Internet is “extremely difficult and requires intelligence sources that are reliable and accurate,” David Kennedy, CEO of the security firm TrustedSec, told Wired. While being seen as a positive thing to protect an individual’s privacy, the Internet characteristics that enable anonymity become a problem when an entity with malicious intent conducts a cyber attack. Hackers could remain undetected because it is difficult to prove the entity’s accountability.

Since it is difficult to prove who the real perpetrators are, the wording that is used by governments and analysts in this case tends to be in terms of “allegations” and or “suspicions.” These allegations are based on the available evidence and known similarity with previous cyber attacks also attributed to North Korea’s hacker group.

Increasing Capability of North Korea’s Hackers

There are numerous allegations toward North Korea regarding cyber attacks and cybercrimes. Many argued that North Korea has been using its cyber capabilities extensively and not exclusively for espionage, but also for financial gain (crime) and destructive purposes (cyber attack). Aside from having the hacker group located in Pyongyang, North Korea has also reportedly sent hundreds of hackers to neighboring countries where Internet access is better, and they can hide their tracks easier. Hackers that are sent abroad are mostly assigned to earn money for the regime by installing ransomware on corporate servers, hacking online games or gambling sites, and stealing credit card numbers and information.

While the Internet infrastructure in North Korea is very limited, one might wonder how sophisticated hacker groups can develop in the country. In general, as access to the Internet can only be enjoyed by people who work for the government, the regime has hand-picked and trained the hacker groups themselves to become a part of a state-supported hacker group. Therefore, it is no surprise that the group’s activities are aligned with North Korean state interests to project power by launching cyber attacks and also to earn cash for the sanctioned government. As the regime felt threatened and pressured by the international community’s sanctions, ungoverned cyberspace allows them to exercise their power to retaliate.

In 2014, North Korea was suspected to be behind a hacking group called Lazarus that was linked to an $81 million cyber heist at the Bangladesh central bank and the attack on Sony’s Hollywood studio. In 2017, the United States government also suspected North Korea’s involvement in a massive ransomware attack, WannaCry, that affected hundreds to thousands of computers globally. The WannaCry attack attracted considerable attention from governments because it affected many major international businesses such as Russia’s Sberbank, carmakers such as Honda and Renault, and also vital civilian infrastructures like hospitals and schools around the world.

The WannaCry ransomware type of attack encrypted data on the computer and demanded payments to restore access. England is reported to have been the most affected country, as the ransomware hit more than 80 National Health Service (NHS) organizations, resulting in almost 20,000 cancelled appointments and five hospitals diverting ambulances because they were unable to handle any more emergency cases. Given the massive scale of the damage, it was called the biggest ransomware attack in history. According to McAfee 2018’s Operation GhostSecret had spread, by April, to 17 countries and the targets expanded beyond the military and financial sectors. It has impacted industries such as telecommunication, health, entertainment, and critical infrastructure.

Drawing from this evidence, it appears that the capabilities of North Korea’s hacker group has grown. We may expect North Korea’s continuing threat in cyberspace in the future.

A Real and Imminent Threat

While we have not seen any actual disaster caused by North Korea’s nuclear arsenals, the regime’s threat to cyberspace has created a significant loss for many. As the threat of nuclear weapons may (or may not) disappear in the near future, North Korea’s growing capabilities in conducting cyber attacks are already very alarming. The upcoming Trump-Kim meeting may provide the opportunity to bring this issue to the table.

Treviliana Putri is a postgraduate student at the University of Sydney.