Information Warfare: The Paper Lions Of The North


January 27, 2011:  After two decades of rumors and not much else, the North Korean hackers are now definitely active. Apparently. Recently, a South Korean radio station got it website shut down by a DDOS attack traced back to North Korea. Several other attacks on anti-North Korea media in South Korea are believed the work of North Korea hackers. And back in the Summer of 2009, there were what appeared to be 25 similar attacks on South Korean and American web sites. Until two years ago, most computer security people were mystified at what, if anything the "elite North Korean hackers" were up to, or if they even existed. For nearly two decades, the South Korean media has been reporting on the cyberwar capabilities of North Korea. All of this revolved around activity at Mirim College, a North Korean school that, since the early 1990s, has been training, for want of a better term, computer hackers. The story, as leaked by South Korean intelligence organizations, was that a hundred cyberwar experts were graduated from Mirim College each year. North Korea is supposed to have, at present, a cyberwar unit of nearly a thousand skilled hackers and Internet technicians. South Korean intelligence believes the North Koreans have a ordered at least a hundred very good hackers to scout out the South Korean government and military networks.

But there's more. In 1997, North Korea established Moranbong University, to produce even more elite Internet espionage experts. This school is small, accepting only 30 students each year, for a five year program of computer and military subjects. It was long thought that it was more likely that those Mirim College grads were hard at work maintaining the government intranet, not plotting cyberwar against the south. Moreover, North Korea has been providing programming services to South Korean firms. Not a lot, but the work is competent, and cheap. So there is some software engineering capability north of the DMZ. But now there is the growing evidence of North Korean hackers at work.

The mystery angle shows up when you try to find any incidents of North Korean hackers actually, until recently, doing anything. That could be construed as particularly ominous. Only the most elite hackers do their work without leaving behind any tracks, or evidence. Some have maintained that, because North Korea's Internet connections come from China, the North Korean cyberwarriors could be cleverly masquerading as Chinese hackers. However, after a decade, there are now some visible signs of North Korean hacking. The North Korean hackers have not been able to wander around the net without leaving some signs. While North Korea has produced some competent engineers, we know from decades of examining their work, that they don't produce super-scientists, or people capable of the kind of innovation that would enable North Korean cyberwarriors to remain undetected all these years.

The North Korean cyberwarriors apparently do exist, and are not the creation of South Korean intelligence agencies trying to obtain more money to upgrade government Information War defenses. North Korea has some personnel working on Internet issues, and Mirim College does train Internet engineers. North Korea has a unit devoted to Internet based warfare.

There is also a growing Internet community in North Korea, but one that is strictly regulated. To help control the Internet up there, North Korea has developed its own operating system, based on Unix. Called Red Star, it features a front end that makes it look identical to Microsoft Windows XP. One difference is a custom browser called "My Country" that, for example, can only use a local search engine called "My Country BBS." The North Korean computer users can only search the North Korean Internet, with only a few people allowed access to the international Internet. Most of those belong to North Korean Cyber War organizations, or Internet security personnel who decide what to import for use on the isolated North Korean Internet.

South Korean Internet users have had some contact with North Korean web users, most of it bad. Attacks on South Korean data networks were up 20 percent a year in each of the last two years, with hundreds of serious attempts each day, to hack in and steal defense secrets. More North Korean locations are showing up as the source of these attacks. This appears to solve the growing mystery about what the mysterious North Korean Cyber War units were up to.

We know that North Korea has a lot of military units that are competent, in the same way robots are. The North Koreans picked this technique up from their Soviet teachers back in the 1950s. North Korea is something of a museum of Stalinist techniques. But it's doubtful that their Internet experts are flexible and innovative enough to be a major threat. South Korea has to be wary because they have become more dependent on the web than any other country on the planet, with exception of the United States. As in the past, if the north is to start any new kind of mischief, they will work it on South Korea first. So whatever the skill level of the North Korean hackers, they will attack South Korea first. While many of the recent attacks were more annoying than anything else, they revealed that there's a new threat out there, and one that will go to extremes, like creating its own operating system, to prepare for Cyber War.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close