Cybersecurity
How North Korea, one
of the world's poorest countries, got so good at hacking
Even before a US government investigation confirmed
suspicions that North Korea was behind the massive cyberattack on Sony
Pictures, everybody has seemed to be asking the same question about even the
possibility of North Korean responsibility. Can one of the poorest countries in
the world, a country that has isolated itself into technological backwardness,
where personal computers are banned and the Internet does not officially exist,
possibly be that good at hacking?
The answer is that, yes, North Korea really
is that good at hacking, and the country has a substantial record of
sophisticated cyberattacks. The answer as to how North Korea is so good at
hacking is more complex, but gets at some of the most important — and most
misunderstood — elements of how the Hermit Kingdom really works.
North Korean government hackers have
launched a number of successful, high-profile attacks, and who knows how many
lower-profile ones. The attacks have grown in scale and sophistication in the
last few years, apparently as North Korea ratchets up the largely offensive and
military-run program.
In July 2009, for example, US and South
Korean government web sites were hit by what US officials called a
"massive" and "powerful" wave of cyber attacks
eventually traced back to North Korea. While the attacks
did little more than symbolic damage, they were bad enough that US officials
cited it as a moment when they realized the urgency of preparing to defend
against state-based hackers generally.
Most of the attacks have focused on
South Korea, in some cases doing real-world damage. A wave of 2011 attacks against South Korean banks shut
down a number of their systems, disrupting the heavily wired South Korean
economy. In 2013, North Korean state-sponsored hackers shut down even more
South Korean banking systems, as well as computer systems at South Korean TV broadcasters.
In one stunning series of 2014 attacks,
North Korea designed a free-to-use mobile phone game, not unlike Angry Birds,
which it seeded into the South Korean game market. The game spread organically
until it was on tens of thousands of South Korean phones. Months later, North
Korean hackers remotely activated a piece of malware installed within the game,
gaining them access to at least 20,000 South Korean cell phones.
The real reason North Korea launches
cyber attacks
Those earlier attacks are, tellingly, in
line with the more recent Sony Pictures attack: meant both to cause real-world
damage to North Korea's targets, whether it was the South Korean economy or
Sony, as well as to be a flamboyant and intimidating show of strength. The
South Korean TV station attacks, like the very public takedown of Sony, is
meant to humiliate the target and draw attention to North Korea's power.
That latter goal, a show of strength, is
especially important for understanding the Sony hack: North Korea is too
rational to expend precious resources taking down a massive corporation just
because it offended Kim Jong Un. These attacks, like so much of North Korea's
bluster, and like its acts of physical aggression, are really done out of
insecurity and fear. They are deterrents meant to scare away the much stronger
US and South Korea from doing anything to harm North Korea.
The North Korean government routinely
kicks up international incidents for exactly this reason. Conflict is a
deterrent; it also brings the international attention that Pyongyang craves for
domestic propaganda purposes, as well as occasional diplomatic concessions.
How North Korea runs its cyberwar
program
North Korea's offensive hacking program
is surprisingly well documented by defector
accounts and by efforts to trace back previous hacks to their source. By all
accounts, despite the fact that the vast majority of North Koreans are kept
offline and unaware of the internet for their entire lives, the military still
maintains a large and highly professionalized cyberwarfare division.
This is how it works, according to defector accounts:
promising young talent is recruited out of school. They study at a special
school in Pyongyang for five years and are then sent to train in China or
Russia, both of which run sophisticated state run cyberwar divisions. These
assignments are considered some of the most prestigious in the country and
are rewarded with special privileges, housing, and higher status. This is
an earnest reflection of how seriously North Korea takes cyberwar, but it's
also meant to reduce the risk that their internet access, which gives them
knowledge of the outside world, will tempt them into defecting.
Some reports contradict as to whether
the hacking divisions are based out of China, tacitly tolerated by the Chinese
government, where they would have reliable internet access, or whether they
work from North Korea, out of the secretive Bureau 121. Rumors have circulated
in recent years of a clandestine, subterranean T1 line connecting Pyongyang
with Chinese internet infrastructure.
The program has been such a success,
according to defector accounts, that it has grown from 500 to 3,000 members in
recent years. Defectors who spoke to Al Jazeera for a 2011 storyon the program listed
five reasons why North Korea is investing so heavily in cyberwarfare. Here are
those points, paraphrased. With the exception of the second, they are quite
astute and strategically correct:
1. Training hackers is
more cost-effective than building tanks or fighter jets.
2. North Korea sees its
citizens as racially superior at math (the country's attitudes toward race are,
shall we say, complex) and other hacking-related skills.
3. North Korea can't use
its conventional forces without risking war, but it can launch cyberattacks
more safely.
4. Cyberwar is
"asymmetrically advantageous" for the militarily weak North Korea.
5. The internet allows
North Korea a way to launch external attacks without actually crossing the
border.
This tells you something crucial about
how North Korea works
Like so much of North Korea's behavior, its
cyberwarfare program is another sign that, despite its popular portrayal
(including in The Interview) as a wingnut state run by delusional madmen, the
country is coldly rational and brutally strategic in its actions.
North Korea's decision to hack Sony is
being widely misconstrued as an expression of either the country's insanity or
of its outrage over The Interview. But that sort of cartoonish mischaracterization
is exactly how Americans came to believe that North Korea was a bunch of
buffoons who probably couldn't dial up to the internet, much less launch one of
the most successful cyber attacks against the US in history.
In fact, this hack, like many of North
Korea's international cyberattacks, is consistent with the country's long-held
military strategy, in which North Korea has launched seemingly random acts of
military hostility, for example by sinking a South Korean submarine in 2010 and
shelling a South Korean island in 2011. This is belligerence meant to deter the
much stronger South Korea and US, and to draw international attention that
North Korea can use to bolster domestic propaganda portraying Kim Jong Un as a
fearless leader showing up the evil foreign imperialists. It is meant to foment
the isolation and tension that has allowed the Kim family to hold onto rule,
impossibly, for decades.
And it is remarkably effective at
securing North Korea's strategic goals. But it is also quite dangerous. By
design, the risk of escalation is high, so as to make the situation just
dangerous enough that foreign leaders will want to deescalate. And it puts
pressure on American, South Korean, and Japanese leaders to decide how to
respond — knowing that any punishment will only serve to bolster North Korean
propaganda and encourage further belligerence. In this sense, the attacks are
calibrated to be just severe enough to demand our attention, but not so bad as
to lead to all-out war.
People will often say that North Korea
launches these attacks because they're crazy or irrational. If only it were
that simple, the Kim Jong Un regime would have driven itself into extinction
decades ago.
No comments:
Post a Comment