Information Warfare: No Shortage Of Paranoia

Archives

April 18, 2021: Since the 1990s North Korea has been training more and more Internet software engineers and hackers, even though North Korea has limited access to the Internet. They made the best of their situation by having North Korean Internet engineers build an intranet. This is an Internet type network for North Korea that has no access to the rest of the Internet. By 2010 this intranet program included a locally created own operating system, based on Unix, for North Korean PCs. Called Red Star, it features a front end that makes it look identical to Microsoft Windows. One difference was a custom browser called "My Country" that, for example, can only use a local search engine called "My Country BBS." North Korean computer users can only search the North Korean Internet, with only a few people allowed access to the international Internet. Most of the world wide web users belong to North Korean Cyber War organizations, or Internet security personnel who decide what to import for use on the isolated North Korean Internet.

Details of how this unique North Korea “Internet” and hacker development were scarce until 2015, when South Korea struck an intelligence goldmine when a North Korean colonel defected. This colonel worked for military intelligence, more specifically the RGB (Reconnaissance General Bureau), which runs the hacking operations and espionage operates agents in South Korea and China. The RGB colonel was able to provide details of major changes North Korea hacking operations since 2009. The RGB was formed in 2009 by combining several other intel agencies and that required a lot of data to get reorganized and combined. RGB handles a lot of Cyber War operations and provides information for attacks on South Korea. This includes the 2010 North Korea artillery and torpedo attacks that almost revived the Korean War. South Korea realized that getting an RGB insider was a big deal as it not only provided more details on who is doing what in North Korea, but what exactly is going on between China and North Korea and what role China was playing in the expanding North Korean hacking efforts.

The 2015 defector also made it possible to more quickly detect and analyze new North Korean hacking campaigns. For example, the defector explained how the RGB had different bureaus for the various intelligence specialties. Bureau 121 handled Cyber Warfare research and hacking teams operating in North Korea and China. With the leads provided by the 2015 defector South Korea was better prepared to track North Korea hacking and intelligence operations.

In late 2020 this led to the discovery that North Korean leader Kim Jong Un had created another RGB hacking organization, Bureau 325, that handled special assignments and reported directly to Kim and not the head of the RGB. Before the end of 2020 Kim ordered Bureau 121 transferred to the control of Bureau 325. Kim Jong Un was making hacking operations his own personal project. This was really no surprise because Kim Jong Un's father, the late (since 2011) Kim Jong Il ) had always been a big fan of PCs and electronic gadgets in general. While Kim Jong Il ruled he founded Mirim College to train hackers and backed this new school consistently. The only instance of Kim Jong Il's displeasure was suspicions about those who graduated from Mirim between 1986 through the early 1990s. These graduates had been tainted by visits (until 1991) by Russian electronic warfare experts. Some Mirim students also went to Russia to study for a semester or two. All these students were suspected of having become spies for the Russians, and most, if not all, were purged from the Internet hacking program. Thus, it wasn't until the late 1990s that there were a sufficient number of trusted Internet experts that could be used to begin building a Cyber War organization.

Kim Jong Un spent many years in the West getting an education and keeping up to date on new tech, especially computers. This was one thing that made him, the youngest son, the favorite and ultimately the successor to Kim Jong Il. The current “Great Leader” Kim was still in his 20s when he took over from his father.

Kim Jong Un put a lot more money and resources into high-tech areas like nuclear weapons, ballistic missiles and hacking as a major source of hard currency income. When covid19 arrived in early 2020, Kim ordered Bureau 121 to monitor Western progress in developing a vaccine. Kim knew China and Russia were also developing covid19 vaccines but were dependent on Western advances in that area. Soon Western pharma (pharmaceutical) firms developing covid19 vaccines noted more hacking attacks on them and the hackers seemed to be after covid19 related work. This was anticipated and precautions were taken. It was noted by Internet security firms that a disproportionate number of the hacking efforts were coming from North Korea. By the end of 2020 it was noted that North Korea hacking efforts were up more than 30 percent for the year. North Korea had shifted a lot of its hacking teams from money raising hacks to ones that concentrated on covid19, especially what was needed to make one of the several successful Western covid19 vaccines. Not only that, but more hackers were seeking any health-related tech that could help North Korea cope with covid19. North Korea has no nationwide health care capability. The spread of covid19 in North Korea could have disastrous impact because most of the population was suffering more than a decade of less food, medical care, heat and much else. That was the result of Kim Jong Un diverting scarce cash to tech projects. The only place in North Korea you can get any modern treatment for covid19 is a few hospitals in the capital.

Kim Jong Un also spent a lot of money on trying to keep details of these disasters from getting out of the country. A recent example of this was when another specialized college for intelligence operations was established in 2019. This took place at the Mangyongdae Revolutionary Academy, which now offers a three-year course for international IW (information warfare) specialists. Students in this course also study the detection and monitoring of radio traffic, including location of radio signals. These tech elements are already taught at Mangyongdae but not as intensively as was the case with the new IW major. Another important area of study is how to block certain types of wireless communications at the North Korean border. This will includes unwanted cell phone signals.

Prime candidates for the new course are younger (under 30) officers who demonstrate technical skills on the entry exam. Those who get into the course and graduate will have much improved career and promotion prospects. This new specialty is the latest of several new programs at Mangyongdae that are only available to the most loyal and capable upper-class North Koreans.

This new IW course is part of a trend that began in 2014 when North Korea established a program for foreign agents that was only open to members of the elite North Korea families. The children of these families are eligible to attend the Mangyongdae Revolutionary Academy, but many courses of study are only open to applicants with special aptitudes. Graduates of Mangyongdae are likely to get the most senior government and military jobs and there are only about a hundred graduates a year. A growing number of those graduates have gained some very special skills. There is a computer science program for Mangyongdae students seeking to become foreign agents in “enemy” countries, especially South Korea. These agents are trained to hunt down high-level defectors in foreign countries and either arrange to kill the defector or at least find out how the defector is doing, how many secrets they have divulged and, if possible, persuade the defector to shut up or even return to North Korea.

To accomplish this “defector remediation” task the Mangyongdae students are taught the latest hacking techniques, what tools and mercenary hackers are available in the hacker underground, and how to deal with the tools, nd the mercs to put together specialized efforts to track down defectors and monitor them. This means the Mangyongdae must be able to pass as a South Korean, as in speak with a South Korea accent, as well as use the customs and slang. This makes it possible to assume a false identity convincingly and play the role of an Internet criminal. There are a lot of those in both Koreas.

As important as all these skills are, the most important item is loyalty to North Korea. The Mangyongdae agents go after the growing number of high-level North Koreans who are illegally leaving the country. The agents are trained to use social media to seek out known or suspected defectors, make contact and obtain more information about them.

Since 2005 North Korea has been increasingly concerned about key people defecting to South Korea, or simply getting into China and making asylum deals with the Chinese government. The Chinese have always been receptive to such arrangements and there has been more of this as the hundreds of families at the top of the social pyramid in North Korea get out. This is a risky endeavor although there are more and more people smugglers who, for enough money, can get anyone out of the country. Worse, many senior officials became defectors while already outside North Korea on official business. There they can arrange to disappear and defect. Some of these defectors have been diplomats and some of them were senior enough to be noticed when they disappeared.

These high-caste North Koreans report that there is a sense in the ruling families that the system isn’t working and is doomed. The top people in North Korea are easy to identify. When North Korea was founded in the late 1940s, a caste system was established to ensure that the most loyal and capable North Korean communists were recognized and rewarded for their efforts to maintain the new communist government for generations to come. The newly established secret police and communist party reported on everyone, making it possible to create an official list of every family assigned to one of 51 social classes. From the beginning, most (29) of these classes were composed of people considered either hostile to the government or leaning that way. These new lower classes are where most of the new (and often quite wealthy) donju (entrepreneurs) are coming from. Most of the population falls into these 29 social classes, and many of them are now getting increasingly hostile to a government that seems to do nothing but create one disaster after another.

Members of higher-caste families are catching on as well and younger members are increasingly abandoning promising careers to flee the country. All that bribe money making its way to the higher caste North Koreans doesn’t just go to buy an easier life in North Korea because that is already assured if you are high caste. The bribe money often goes to buy an escape. To deal with this problem among the most trusted classes, another special program at the Mangyongdae Revolutionary Academy created elite counter-intelligence (spy catcher) agents who often operate in China and South Korea. Apparently, some of the Mangyongdae agents have been identified or even caught and this program is no longer as secret as it once was. Meanwhile, the Mangyongdae Revolutionary Academy and its ultra-loyal students get a lot more publicity inside (and outside) North Korea.

In addition to tracking down high-caste defectors, some Mangyongdae graduates are also assigned to monitor the loyalty of North Korea hackers working outside North Korea. This became known as escapees from North Korean revealed much about how North Korea has managed to establish and maintain hacking operations outside North Korea, an operation whose main purpose is to make a lot of money for the cash hungry North Korea government. This became a higher priority operation in the last few years because of the growing list of economic sanctions imposed, while at the same time there were more opportunities for Internet-based misbehavior. Some of these defectors were associated with the North Korean hackers who are, it turns out, mostly based outside North Korea because Internet access is better and operating outside North Korea makes it easier to deny that North Korean hackers are engaged in illegal activity. South Korea has obtained a lot of details about the North Korean hacker operations and even allowed some defectors familiar with those operations to speak openly about it. Obviously many of these North Korean hackers are not as loyal as they are supposed to be, so North Korea became determined to identify and punish the ones that defect and expose how the hacker program works. Each time that happens North Korea has to revise the way its hackers operate. This is time-consuming and expensive.

The Mangyongdae agents are also trained in the usual methods of secretly contacting “the center”, usually via North Korea operatives based outside of North Korea who  relay messages to and from North Korea itself. The skills North Korea hackers have developed are world-class and increasingly difficult to counter or even detect. But this edge in skills and techniques depends on having loyal operatives in key positions, thus the importance of the Mangyongdae agents.

South Korea is particularly vulnerable to North Korean Cyber War capabilities because South Korea has become more dependent on the Internet than any other on the planet, with the exception of the United States. As in the past, if the north is to start any new kind of Internet mischief, they try it out on South Korea first. While many of the first serious attacks in 2009 were more annoying than anything else, they revealed a new threat out there, and one that not only got worse but turned out to be from the usual suspects. Now the threat is very real and growing rapidly. North Korea is seeing its Internet-based capabilities damaged by the growing number of high-level defectors with valuable secrets to sell to China, South Korea or whoever will pay the most. Given the worldwide depredations of North Korean hackers, this provides defectors with a lot of potential hiding places. This led to the Mangyongdae Academy programs for specialized agents. Now some of the Mangyongdae grads are suspected of wavering loyalty and reliability. North Korea may lack food, electrical power, freedom and much more but there is no shortage of paranoia.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close