This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.

Asia

The World Once Laughed at North Korean Cyberpower. No More.

  1. Home
  2. Asia
  3. The World Once Laughed at North Korean Cyberpower. No More.

Protecting Kim’s Image

A chief political objective of the cyberprogram is to preserve the image of the North’s 33-year-old leader, Kim Jong-un. In August 2014, North Korean hackers went after a British broadcaster, Channel Four, which had announced plans for a television series about a British nuclear scientist kidnapped in Pyongyang.

First, the North Koreans protested to the British government. “A scandalous farce,” North Korea called the series. When that was ignored, British authorities found that the North had hacked into the television network’s computer system. The attack was stopped before inflicting any damage, and David Abraham, the chief executive of Channel Four, initially vowed to continue the production.

 

That attack, however, was just a prelude. When Sony Pictures Entertainment released a trailer for “The Interview,” a comedy about two journalists dispatched to Pyongyang to assassinate North Korea’s young new dictator, Pyongyang wrote a letter of complaint to the secretary general of the United Nations to stop the production. Then came threats to Sony.

Michael Lynton, then Sony’s chief executive, said when Sony officials called the State Department, they were told it was just more “bluster,” he said.

“At that point in time, Kim Jong-un was relatively new in the job, and I don’t think it was clear yet how he was different from his father,” Mr. Lynton said in an interview. “Nobody ever mentioned anything about their cyber capabilities.”

In September 2014, while still attempting to crack Channel 4, North Korean hackers buried deep into Sony’s networks, lurking patiently for the next three months, as both Sony and American intelligence completely missed their presence.

The director of national intelligence, James Clapper, was even in Pyongyang at the time, trying to win the release of a detained American, and had dinner with the then-chief of the Reconnaissance General Bureau.

On Nov. 24, the attack on Sony began: Employees arriving at work that day found their computer screens take over by picture of a red skeleton with a message signed “GOP,” for “Guardians of Peace.”

“We’ve obtained all your internal data including your secrets and top secrets,” the message said. “If you don’t obey us, we’ll release data shown below to the world.”

That was actually a diversion: The code destroyed 70 percent of Sony Pictures’ laptops and computers. Sony employees were reduced to communicating via pen, paper and phone.

Mr. Lynton said the F.B.I. told him that nothing could have been done to prevent the attack, since it was waged by a sovereign state. “We learned that you really have no way of protecting yourself in any meaningful way,” he said of such nation-state attacks.

Sony struggled to distribute the film as theaters were intimidated. (Ultimately it was distributed for download, and may have done better than it would have.) In London, outside investors in Channel Four’s North Korea project suddenly dried up, and the project effectively died.

The Obama White House responded to the Sony hack with sanctions that the North barely noticed, but with no other retaliation. “A cyberbattle would be a lot more risky for the United States and its allies than for North Korea,” said Mr. Silvers.

Robbing Banks, Pyongyang Style

Beyond respect, and retribution, the North wanted hard currency from its cyberprogram.

So soon the digital bank heists began — an attack in the Philippines in October 2015; then the Tien Phong Bank in Vietnam at the end of the same year; and then the Bangladesh Central Bank. Researchers at Symantec said it was the first time a state had used a cyberattack not for espionage or war, but to finance the country’s operations.

Now, the attacks are increasingly cunning. Security experts noticed in February that the website of Poland’s financial regulator was unintentionally infecting visitors with malware.

It turned out that visitors to the Polish regulator’s website — employees from Polish banks, from the central banks of Brazil, Chile, Estonia, Mexico, Venezuela, and even from prominent Western banks like Bank of America — had been targeted with a so-called watering hole attack, in which North Korean hackers waited for their victims to visit the site, then installed malware in their machines. Forensics showed that the hackers had put together a list of internet addresses from 103 organizations, most of them banks, and designed their malware to specifically infect visitors from those banks, in what researchers said appeared to be an effort to move around stolen currency.

More recently, North Koreans seemed to have changed tack once again. North Korean hackers’ fingerprints showed up in a series of attempted attacks on so-called cryptocurrency exchanges in South Korea, and were successful in at least one case, according to researchers at FireEye.

The attacks on Bitcoin exchanges, which see hundreds of millions of dollars worth of Bitcoin exchanged a day, offered Pyongyang a potentially very lucrative source of new funds. And, researchers say, there is evidence they have been exchanging Bitcoin gathered from their heists for Monero, a highly anonymous version of cryptocurrency that is far harder for global authorities to trace.

The most widespread hack was WannaCry, a global ransomware attack that used a program that cripples a computer and demands a ransom payment in exchange for unlocking the computer, or its data. In a twist the North Koreans surely enjoyed, their hackers based the attack on a secret tool, called “Eternal Blue,” stolen from the National Security Agency.

In the late afternoon of May 12, panicked phone calls flooded in from around Britain and the world. The computer systems of several major British hospital systems were shut down, forcing diversions of ambulances and the deferral of nonemergency surgeries. Banks and transportation systems across dozens of countries were affected.

Britain’s National Cyber Security Center had picked up no warning of the attack, said Paul Chichester, its director of operations. Investigators now think the WannaCry attack may have been an early misfire of a weapon that was still under development — or a test of tactics and vulnerabilities.

“This was part of an evolving effort to find ways to disable key industries,” said Brian Lord, a former deputy director for intelligence and cyber operations at the Government Communications Headquarters in Britain. “All I have to do is create a moderately disabling attack on a key part of the social infrastructure, and then watch the media sensationalize it and panic the public.”

It ended thanks to Marcus Hutchins, a college dropout and self-taught hacker living with his parents in the southwest of England. He spotted a web address somewhere in the software and, on a lark, paid $10.69 to register it as a domain name. The activation of the domain name turned out to act as a kill switch causing the malware to stop spreading.

British officials privately acknowledge that they know North Korea perpetrated the attack, but the government has taken no retaliatory action, uncertain what they can do.

A Cyber Arms Race

While American and South Korean officials often express outrage about North Korea’s cyberactivities, they rarely talk about their own — and whether that helps fuel the cyber arms race.

Yet both Seoul and Washington target the North’s Reconnaissance General Bureau, its nuclear program and its missile program. Hundreds, if not thousands, of American cyberwarriors spend each day mapping the North’s few networks, looking for vulnerabilities that could be activated in time of crisis.

At a recent meeting of American strategists to evaluate North Korea’s capabilities, some participants expressed concerns that the escalating cyberwar could actually tempt the North to use its weapons — both nuclear and cyber — very quickly in any conflict, for fear that the United States has secret ways to shut the country down.

The director of the Central Intelligence Agency, Mike Pompeo, said last week that the United States is trying to compile a better picture of the leadership around Kim Jong-un, for a report to President Trump. Figuring out who oversees cyber and special operations is a central mystery. The Japanese press recently speculated it could be an official named Jang Kil-su. Others are curious about Gen. No Kwang-chol, who was elevated to the Central Committee of the North’s ruling party in May 2016, and is one of the only members whose portfolio is undisclosed.

The big question is whether Mr. Kim, fearful that his nuclear program is becoming too large and obvious a target, is focusing instead on how to shut down the United States without ever lighting off a missile. “Everyone is focused on mushroom clouds,” Mr. Silvers said, “but there is far more potential for another kind of disastrous escalation.”

Share This Post

post tags

News Asia The World Once Laughed at North Korean Cyberpower. No More

related posts

North Korea releases space...

India reports smallest rise...

Myanmar junta-appointed...

Cyclone Tauktae: Seventy...

Taiwan orders toughest curbs...

See More

 

The World Around Us
  [email protected]
© Copyright 2024 All Rights Reserved by www.the-wau.com
On Top