Information Warfare: North Korea Hackers Get Caught

Archives

April 18, 2013: The evidence is piling up that North Korean, not Chinese, hackers have been responsible for several recent attacks on South Korean networks. The most compelling bit of evidence comes from a March 20th technical problem that left a North Korean hacker’s activity exposed for a few minutes, making it possible to trace back to where he was operating from. The location was in the North Korean capital and at an IP address belonging to the North Korean government. Actually, very few North Korean IP addresses belong to private individuals and fewer still have access to anything outside North Korea.

Long believed to be nonexistent, North Korean cyberwarriors do exist and are not the creation of South Korean intelligence agencies trying to obtain more money to upgrade government Information War defenses. North Korea has had personnel working on Internet issues for over 20 years, and their Mirim College program trained over a thousand Internet engineers and hackers. North Korea has a unit devoted to Internet based warfare, and this unit is increasingly active.

Since the late 1980s, Mirim College has been known of as a facility that specialized in training electronic warfare specialists. But by the late 1990s, it became known as the school where students learned to hack the Internet and other types of networks. Originally named after the district of Pyongyang it was in, the college eventually moved and was expanded. It had several name changes, but its official name was always Military Camp 144 of the Korean People's Army. Students wore military uniforms, and security on the school grounds was strict. Each year 120 students were accepted (from the elite high schools or as transfers from the best universities). Students stayed for five years. The school contained five departments: electronic engineering, command automation (hacking), programming, technical reconnaissance (electronic warfare), and computer science. There's also a graduate school, with a three year course (resulting in the equivalent of a Masters Degree) for a hundred or so students.

It was long thought that those Mirim College grads were hard at work maintaining the government intranet, not plotting Cyber War against the south. Moreover, North Korea has been providing programming services to South Korean firms. Not a lot but the work was competent and cheap. So it was known that there was some software engineering capability north of the DMZ. It was believed that this was being used to raise money for the government up there, not form a major Internet crime operation. But now there is the growing evidence of North Korean hackers at work in several areas of illegal activity. The Cyber War attacks apparently began about seven years ago, quietly and nothing too ambitious. But year-by-year, the attacks increased in frequency, intensity, and boldness. Now the North Korean hackers are apparently preparing for a major assault on South Korea's extensive Internet infrastructure, as well as systems (utilities, especially) that are kept off the Internet.

The recently deceased North Korean leader Kim Jong Il has always been a big fan of PCs and electronic gadgets in general. He not only founded Mirim but backed it consistently. The only form of displeasure from Kim was suspicions that those who graduated from 1986 through the early 1990s had been tainted by visits (until 1991) by Russian electronic warfare experts. Some Mirim students also went to Russia to study for a semester or two. All these students were suspected of having become spies for the Russians, and most, if not all, were purged from the Internet hacking program. Thus it wasn't until the end of the 1990s that there were a sufficient number of trusted Internet experts that could be used to begin building a Cyber War organization.

South Korea has to be wary because they have become more dependent on the web than any other on the planet, with exception of the United States. As in the past, if the north is to start any new kind of mischief, they will work it on South Korea first. So whatever the skill level of the North Korean hackers, they will attack South Korea first. While many of the recent attacks were more annoying than anything else, they revealed that there's a new threat out there and one that is probably going to get worse.