May 9, 2011: South Korea has obtained first-hand information about the North Korea Cyber War efforts from North Korean Cyber Warriors who have fled south. The defectors report that, in the last few years, there have been a lot of changes in the North Korean Cyber War community. There are now two "hacker brigades" in the North Korean electronic warfare section of the armed forces. Each brigade contains about 600 Internet experts. These hackers have been trained at Pyongyang Automation University, Amrokgang College of Military Engineering, the National Defense University, the Air Force Academy and the Naval Academy. But the Pyongyang Automation University has been the main source of expert hackers. Until recently this place was known as Mirim University (and, not long ago, Mirim College). But the success of Mirim kept the money, expansions and name changes coming.
The North Korean hackers have been increasingly busy, and effective. Earlier this year, South Korean network security and intelligence officials revealed that North Korea has been seeking details of how computer systems in key South Korean industries work. Particularly alarming was the effort to find out about the systems that run South Korea's nuclear power plants (which produce over a third of the nation's electricity). These systems are not connected to the Internet, but the North Koreans are apparently planning to get an agent working inside a plant, and use a USB stick to plant a damaging bit of software. The North Koreans have also been seeking details about software that runs the stock markets, high-speed rail trains, air traffic control and natural gas distribution systems. Air traffic control is also not connected to the Internet, but its software and facilities are also getting scrutinized by North Korean agents. Defectors have revealed that North Korean officials are obsessed with making a network attack on the South Korean stock markets, to create financial chaos. If that doesn't work, they are also trying to get into banks and other financial institutions, but these commercial operations tend to be much better protected than government or quasi-government organizations.
All this North Korean espionage activity in the south is nothing new. But South Korean Cyber War officials have put all the current pieces together and realized that the northerners are concentrating on hitting key economic targets via the Internet or just software (carried in by an agent armed with a USB stick.) Same old goals, some of the same old targets, but new tactics and weapons.
Long believed to be nonexistent, North Korean cyberwarriors do exist, and are not the creation of South Korean intelligence agencies trying to obtain more money to upgrade government Information War defenses. We know that North Korea has a lot of military units that are competent, in the same way robots are. The North Koreans picked this technique up from their Soviet teachers back in the 1950s. North Korea is something of a museum of Stalinist techniques. It was long believed that their Internet experts were not flexible and innovative enough to be a major threat. But now the thinking is that North Korea may have hired foreign experts (gangsters, or other outlaw types) to obtain the needed skills. These mercs never had to even visit North Korea (and most preferred not to), all they had to do is what the normally do, and collect their pay.
South Korea has to be wary because they have become more dependent on the web than any other nation on the planet, with exception of the United States. As in the past, if the north is to start any new kind of mischief, they will work it on South Korea first. While many of the recent attacks were more annoying than anything else, they revealed that there's a new threat out there, and one that is probably going to get worse.