Daily Times

International observers were misled in their assessment of the potential of the nuclear threat from North Korea. Now they appear to underestimate the clear and present danger emanating from the destructive cyber-weapons in the hands of Kim Jong-un.

North Korean hackers have learned how to skilfully disguise themselves. In certain cases, countries affected by North Korean cyber-attacks are unable to identify the source of the threat and attribute the attack to hackers from Iran, Russia or China.

According to the February 26 issue of The Daily Guardian, in a story titled “North Korea is a bigger cyber-attack threat than Russia, says expert”, the Democratic People’s Republic of Korea (DPRK) poses a bigger threat of large-scale cyber-attacks than Russia, according to the co-founder of the information security firm that investigated the 2016 Democratic National Committee hacks.

Speaking to the Guardian, Crowdstrike’s Dmitri Alperovitch said: “In 2018, my biggest worry is actually about North Korea. I worry a great deal that they may do a destructive attack, perhaps against our financial sector, in an attempt to deter a potential US strike against either their nuclear facilities or even the regime itself.”

In certain cases, countries affected by North Korean cyber-attacks are unable to identify the source of the threat and attribute the attack to hackers from Iran, Russia or China

“Regardless of whether a military strike is actually on the cards or not, what matters is whether they think one might happen. And given all the rhetoric over the last year or so, it wouldn’t be irrational for them to assume that.”

North Korea has been implicated in a number of major cyber-attacks over the past few years, primarily against South Korea. They came to a head in 2017, when the “Lazarus group”, an elite North Korean hacking unit, is believed to have created and deployed the WannaCry ransomworm. The malware spread rapidly, taking down IT systems worldwide and forcing a number of National Health Service (NHS) trusts in the UK to close temporarily, before it was defused by British security researchers.

According to the report, in 2018, “DPRK-based adversaries are likely to continue malicious cyber activity against entities in South Korea, Japan and the US. Network access obtained via remote access tools … may be used to deploy wiper malware. “This specific targeting may represent DPRK posturing … that could deliver destructive effects against the US critical infrastructure, should a military conflict occur.”

The former Deputy Director of the US National Security Agency and now a professor at the US Naval Academy, Chris Inglis openly admits the effectiveness and high proficiency of the technologies used by North Korean hackers. According to Inglis, Pyongyang’s hacking capabilities are distinguished by low cost, the possibility of asymmetrical action as well as a certain degree of anonymity and secrecy. Inglis opines that this tool is able to threaten large sectors of public and private infrastructure. The security specialist believes that North Korean cyber programs are one of the most successful on the planet.

British daily, Financial Times reported last October that Pyongyang has been able to steal secret documents belonging to the US administration and the government of South Korea by means of cyber-attacks. By virtue of their successful hacking, North Korean authorities learned from their heist about Washington and Seoul’s joint plans to eliminate Kim Jong-un and the military invasion into North Korea.

Simultaneously, the analysts of the American company Fire Eye, engaged in research of the sphere of cyber-threat, suspects hackers from North Korea in attacks on crypto-currency exchanges for the abduction of bitcoins. The specialists from the international IT Company, Alien Vault also shared the alarm and concern of their colleagues. The Alien Vault experts conclude that the North Korean hackers have launched a virus that installed scum ware on computers to mine cryptocurrency Monero, which was subsequently transferred to the accounts of the Pyongyang University.

North Korea has rejected accusations that it has been involved in hacking. South Korea’s intelligence service reported that some 7.6 billion won ($7 million) worth of cryptocurrencies were stolen in those previous attacks on multiple exchanges, according to South Korea’s Chosun Ilbo newspaper.

But that amount could now be worth about 90 billion Korean won ($82 million), Moonbeom Park, a researcher at the Korea Internet and Security Agency, told Reuters. Malicious code used in attacks over the summer was “virtually identical” to previous attacks connected to North Korea, he said.

The attacks this year began by targeting the companies themselves, stealing customers’ personal information, including names and E-mail addresses, Park held. Some of those customers were then targeted with so-called spear phishing emails – infected emails, designed to look as if they were from South Korea’s taxation agency, the Korean National Tax Service, he stressed.

In the context of the growing North Korean cyber-threat to the United States and other countries, it is important not only to focus on its reflection, but also on the development and implementation of internationally recognized rules of responsible conduct in cyberspace.

The writer is a retired Group Captain of PAF. He is a columnist, analyst and TV talk show host, who has authored six books on current affairs, including three on China

Published in Daily Times, March 31^st2018.