November 13, 2014:
In late October South Korean intelligence reported that between May and September North Korea managed to distribute to over 20,000 South Korean smart phone users games containing spy software. The North Korean “spyware” was seeking information from banks as well as documents relating to reunification plans and defense matters. The spyware allowed the North Koreans to transfer data from the infected smart phone and secretly turn on the camera. The government reported that this effort has since been blocked. North Korea denied any involvement in this, as it usually does. But over the past few year the evidence has been piling up of increasing North Korean Internet based espionage via the Internet.
In late 2013 South Korea came up with a number (over $800 million) for the cost of dealing with North Korean cyber attacks since 2007. The list was quite detailed. The attacks in March and June of 2013 accounted for 93 percent of the total damages. South Korea has been subjected to a growing number of Cyber War attacks since 2009, and the high cost of the latest ones shows that the North Koreans are getting better and that South Korea is not keeping up. The most recent one against smart phones was first North Korean effort against smart phones and indicates there will be more.
Long believed to be nonexistent, North Korean cyberwarriors apparently do exist and are not the creation of South Korean intelligence agencies trying to obtain more money to upgrade government Information War defenses. North Korea has had personnel working on Internet issues for over 20 years, and their Mirim College program trained over a thousand Internet engineers and hackers. North Korea has a unit devoted to Internet based warfare and this unit is increasingly active.
Since the late 1980s, Mirim College in North Korea has been known as a facility that specialized in training electronic warfare specialists. But by the late 1990s, the school was found to be teaching students how to hack the Internet and other types of networks. Originally named after the district of Pyongyang it was in, the college eventually moved and expanded. It had several name changes but its official name was always “Military Camp 144 of the Korean People's Army.” Students wore military uniforms and security on the school grounds was strict. Each year 120 students were accepted (from the elite high schools or as transfers from the best universities). Students stayed for 5 years. The school contained 5 departments: electronic engineering, command automation (hacking), programming, technical reconnaissance (electronic warfare), and computer science. There's also a graduate school, with a 3 year course (resulting in the equivalent of a Master’s Degree) for a hundred or so students.
It was long thought that those Mirim College grads were hard at work maintaining the government intranet, not plotting Cyber War against the south. Moreover, for a few years North Korea was allowed to sell programming services to South Korean firms. Not a lot, but the work was competent and cheap. So it was known that there was some software engineering capability north of the DMZ. It was believed that this was being used to raise money for the government up there, not form a major Internet crime operation. But now there is the growing evidence of North Korean hackers at work in several areas of illegal activity. The Cyber War attacks apparently began around 2005, quietly and nothing too ambitious. But year-by-year, the attacks increased in frequency, intensity, and boldness. By 2009, the North Korean hackers were apparently ready for making major assaults on South Korea's extensive Internet infrastructure, as well as systems (utilities, especially) that are kept off the Internet.
Deceased (since 2011) North Korean leader Kim Jong Il had always been a big fan of PCs and electronic gadgets in general. He not only founded Mirim but backed it consistently. The only form of displeasure from Kim was suspicions that those who graduated from 1986 through the early 1990s had been tainted by visits (until 1991) by Russian electronic warfare experts. Some Mirim students also went to Russia to study for a semester or two. All these students were suspected of having become spies for the Russians, and most, if not all, were purged from the Internet hacking program. Thus, it wasn't until the end of the 1990s that there were a sufficient number of trusted Internet experts that could be used to begin building a Cyber War organization.
South Korea has to be wary because they have become more dependent on the web than any other on the planet, with the exception of the United States. As in the past, if the north is to start any new kind of mischief, they try it out on South Korea first. While many of the first serious attacks in 2009 were more annoying than anything else, they revealed a new threat out there, and one that not only got worse but turned out to be from the usual suspects. Now the threat is very real and growing rapidly.