The techno soldiers of Kim Jong Un are growing more aggressive in defending North Korea’s supreme leader against threats from Donald Trump and South Korea.
The country’s hackers stole military plans developed by the U.S. and South Korea last year that included a highly classified “decapitation strike” against the North Korean leader, according to a South Korean lawmaker. The plans were devised as the regime in Pyongyang steps up nuclear tests and fired long-range missiles toward the Pacific Ocean.
The episode shows North Korea’s progress in infiltrating computer systems around the world three years after its hackers allegedly pilfered documents from Sony Corp. in retaliation for the film, “The Interview.” If Kim’s cyber warriors have indeed stolen the top-secret intelligence, it raises alarms about the security of U.S.-South Korea information and the effectiveness of potential military options.
“The plan is fundamental to conducting a war operation and leakage of even a small part of it is very critical,” Rhee Cheol-hee, the ruling party lawmaker, said in a telephone interview. “How could we fight against an enemy and win a war if it’s already aware of our strategy?”
North Korea has been developing cyber capabilities as trade sanctions and a debilitated domestic economy make it difficult to invest in conventional military capabilities. While Kim is devoting resources to nuclear missiles, hackers offer a cost-effective way to threaten rivals that are typically reliant on technology systems.
“There is no doubt that they are using their capability in creative ways,” said Fergus Hanson, head of the International Cyber Policy Centre at the Australian Strategic Policy Institute in Canberra. “Stealing battle plans is obviously a good idea from a military point of view and they’re also monetizing their capability to get around sanctions.”
While North Korea allows internet access to only a small portion of its population, it began to train its techno soldiers in the early 1990’s, according to South Korea’s Defense Security Command. The country probably employs 1,700 state-sponsored hackers, backed by more than 5,000 support staff, Hanson said.
The U.S. defended its capabilities despite the alleged hack. In a briefing with reporters, Colonel Robert Manning, a Pentagon spokesman, wouldn’t discuss whether any breach occurred, but said the U.S. has confidence in the security of its intelligence and its ability to deal with North Korean threats.
It wasn’t immediately certain whether the strike plans allegedly stolen by North Korea could have been a decoy in the long-running war of espionage between the two Koreas.
North Korean hackers made international headlines in 2014 when they allegedly broke into Sony’s Hollywood operation as it was preparing to release “The Interview,” a Seth Rogen spy caper about meeting the North Korean leader. Sony Chief Executive Officer Kazuo Hirai called the attack “vicious and malicious” as it led to embarrassing revelations.
Then last year, a group linked to North Korea, called Bluenoroff, allegedly stole money from Bangladesh’s central bank. In May, a group called Lazarus was linked by security researchers to a global ransomware attack that affected more than 300,000 computers.
This year, the country’s hackers appear to have stepped up their efforts to secure bitcoin and other cryptocurrencies that could be used to avoid trade restrictions. They increased attacks on exchanges in South Korea and related sites, according to a report from security researcher FireEye Inc.
“For South Korea, these targeted attacks from North Korea are not new. South Korea has relatively strong cyber security, but it faces an adversary with a significant asymmetric advantage,” says Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye. “North Korea has little connectivity and relatively limited reliance on technology, making it less vulnerable to attacks.”
FireEye said on its website on Wednesday that hackers likely affiliated with North Korea sent phishing emails to U.S. electric companies last month for “reconnaissance” and that the security firm was able to stop them before any disruption occurred in the power supply.
North Korean diplomats and official media have denied that the country played any role in cyberattacks, including the Sony hack. Still the attacks have prompted South Korea to raise an army of its own cyber warriors and increase spending to deal with the threat.
South Korea may have become a target not just due to its proximity to Pyongyang and shared language and the country says North Korea has carried out six major cyber attacks on its institutions since 2009. It includes an attack on one of South Korea’s largest banks, Nonghyup, that left about 30 million account holders unable to withdraw money for days in 2011.
"What’s embarrassing is that this was caused by an absurd mistake by our own military,” said Rhee, who added he confirmed the hack with defense officials. “They’re not supposed to move and save such important files in PCs. This is an incident that could have been prevented if the military abided by the basic security rules.”