This is the second part of a two-part series on North Korea’s cyber crime and cyber warfare capabilities. Part 1 can be read here.
North Korea, home to a population of 25.6 million and an army of over 1.2 million, may be the world’s most militarized nation, per capita.
Its conventional threats are largely aimed at South Korea and Japan, while its nuclear-tipped intercontinental ballistic missiles are believed to have the capability to traverse the Pacific and strike the mainland US. But despite its obvious punch, this formidable force faces odds-against risks.
South Korea and Japan both boast larger populations and vastly larger economies. Both are home to high-tech militaries themselves. And both are allied, separately, to the United States, which wields an armory even North Korea cannot match.
These realities force Pyongyang to keep its physical assets on a tight leash – but that is not the case for its virtual assets. Veiled by a deep-cover cloak of deniability, constantly operational and untrammeled by geographical limits, North Korean cyber commandos have hit targets across the web and across the globe.
Choi Sang-myeon, or Simon Choi, a Seoul-based cyber security expert who monitors North Korea hacking activity as the head of not-for-profit Issues Makers Lab says the North’s online operations have a range of aims.
One, Choi maintains, is to demonstrate its fearsome capabilities by unleashing deniable-but-fingerprinted chaos, such as 2017’s Wannacry attack. A similarly abstract aim is to defend the dignity of the Kims.
But Pyongyang’s hackers also have more concrete goals: Stealing digital money for a cash-strapped regime and accessing military – even nuclear – information from overseas.
Given that North Korea’s leadership – the subject of a vast, nationwide personality cult – is treated as sacred in the state, overseas organizations which mock the Kims face the risk of cyber assault, Choi said. In 2014 Sony Pictures, which had produced a satirical comedy in which Kim Jong Un was a central character, faced exactly that.
The attack dumped confidential and embarrassing Sony information and damaged systems after infiltration of hard drives. Sony reportedly set aside $15 million to repair the damage and halted the film’s screening. Though some experts considered the hack the work of a Sony insider others disagreed. Washington, too, blamed it on North Korea, which denied it, via state media.
Subsequently, a British TV production company, planning a series that was part-set in North Korean also reportedly came under attack. It shelved the series.
Other incidents do not make international news as they are focused on targets in North Korea’s backyard competitor – South Korea.
Choi cites Thae Yong-ho, the former deputy North Korean ambassador to London. A prominent defector, Thae is currently a National Assemblyman with the conservative opposition. Since his arrival in South Korea in 2016 has been a relentless critic of Pyongyang.
“Thae was working with a media outlet writing about North Korea, so they tried to hack that media company,” Choi said.
South Korea is home to a defectors community of over 33,000. This community, which not only shares information within and about itself, also maintains clandestine contact with family members and other sources inside North Korea, so is of obvious interest to Pyongyang’s state security apparatus.