South Korea’s government experiences more than 1.5 million cyberattacks every day. Sometimes, it’s malicious, password-seeking malware attached to text messages or emails. Other times, it’s messages that try to persuade South Korean youth to side with the North. At its so-far worst, it’s hacking that manages to steal U.S.-South Korea war plans, including a “decapitation” operation to take out North Korean leader Kim Jong Un in the event of a war.
Contrary to Trump’s jabbing “little rocket man” moniker for Kim, the North Korean regime has long been dabbling in far more than nuclear warheads. In the 21st century, we’re forced to imagine war that’s far different than those of the past — one in which lines of code can actually kill.
Experts such as Simon Choi, a security expert Hauri Inc., speculate that North Korean hackers could someday “accelerate trains or make breaks malfunction” to cause crashes — or down entire airplanes.
“North Korea has been making attempts to cause such accidents and those attempts have been detected,” he said through an interpreter at the Nov. 23 “North Korea’s Cyberattacks: Current Capabilities and Countermeasures” conference in Seoul. “Until now, the damages were all in cyberspace. But in the future, there will be cases where actual casualties occur.”
A politically complicated push for legislation
South Korea is known for its overt futurism, with the fastest internet connection and the highest smartphone ownership rate in the world. But its government is failing to act quickly on the 1.5 million cyberattacks a day — a number that’s actually closer to 2 million when attacks against private companies or citizens are added, according to Yu Dong Yeol, director of the Korea Institute of Liberal Democracy.
“That means, every second, there’s about 10 to 18 cyberattacks taking place either from North Korea or other foreign [countries] in South Korea,” Yu said through an interpreter at the conference. “We need a legal basis to counter the cyberattacks, but Korea has not enacted a basic act on cybersecurity.”
Part of the problem is that cyberwarfare protections have previously been rolled into an overarching anti-terrorism bill proposed to the South Korean national assembly. That bill would give greater power to the nation’s scandal-ridden National Intelligence Service, which has admitted to leveraging cyberwarfare to elect President Park Geun Hye in 2012; Park has since been impeached and in prison for corruption.
Park Chun Sik, a professor in the Department of Information Security at Seoul Women’s University, said some form of cybersecurity law must be passed — and soon. He cited a 2016 incident in which North Korea allegedly targeted Samsung’s companywide messaging application with a phishing attack as an example. Phishing is a type of attack sent through emails or messages that appear to be from someone the recipient knows, generally with the goal of obtaining our personal information, like passwords.
“If Samsung opens the door, the government agency can actually go in and look at what actually happened,” Park said through an interpreter. “But Samsung denies that they were attacked [by North Korea] at all because they fear any damage to their reputation. So, right now, unless it’s the public agencies that have been a subject of such attacks, you cannot actually go in and investigate because it’s a private sector company.”
The five types of North Korean cyberwarfare
According to Yu, North Korean cyberwarfare takes on five forms: the spread of propaganda (often called “psychological warfare”), the destruction of physical property, hacking, earning foreign currency and communication between North Korean spies.
North Korea’s cyberwarfare operations mainly come from the nation’s Reconnaissance General Bureau, which some believe was established around 2009. But even before that, Kim Jong Il — father of now-leader Kim Jong Un — was highly interested in the power of technology for his regime’s political goals. In 2003, he allegedly said “if warfare was about bullets and oil until now … warfare in the 21st century is about information.”
How true that turned out to be — 14 years later.
As it stands, North Korea’s roughly 6,000 cyberattackers — Yu estimates 7,000 — have a long list of alleged offenses — perhaps too long to even name in a single paragraph. They include theft of about 10 million customers’ personal data from a South Korean online shopping site called Interpark and planting malicious code into 140,000 computers owned by the South Korean government and private agencies.
North Korea tends to deny responsibility for any such attacks, though cyberwarfare experts can often see signs of their presence in the suspicious code. North Korean hackers, for example, tend to phonetically spell out English words in their script differently than South Koreans coders do. The difference would be like rendering, say, the current North Korean leader’s name as “Kim Jong Eun” instead of “Kim Jong Un.”
But cyberattacks are sometimes obvious, and highly personal: Prominent individuals are regularly targeted in “spear phishing” attacks (phishing targeted at a specific person).
“An attachment is added to an email and sent,” Choi said. “This is remotely controlled to get login information.” Then, the information is used “to monitor North Korean defectors and also to monitor key figures in South Korea.”
But cyberwarfare is far more important to North Korea’s overall strategy than espionage and intimidation. North Korea has historically struggled financially — the CIA estimates that the gross domestic product from 2013 to 2015 remained around $40 billion each year, a mere fraction compared with South Korea’s $1.86 trillion in 2015, up from $1.79 trillion in 2014.
So, in an era of growing international sanctions against North Korea, hacking is both a scrappy and resourceful way to come up with cash — though the amount raked in is nominal, in the grand scheme of things.
One of the largest thefts was roughly $81 million taken from a Bangladeshi bank in 2016 by manipulating the international money transfer system called Society for Worldwide Interbank Financial Telecommunication, or SWIFT, but it was just 10% of what hackers attempted to steal. Other known cases are much smaller amounts, such as $90,000 taken from South Korean ATMs or the $140,000 in bitcoins extorted in June in what’s known as the WannaCry attack.
“We estimate that North Korea earns about 1 trillion won [around $923.24 million] per year through cyber foreign currency [attacks],” Yu said.
North Korea is all too often painted as an unpredictable, rogue nation. But as the Kim regime continues to invest in the Reconnaissance General Bureau and the next generation of hackers, the world can only expect its sophisticated cyber arsenal to become an even threat. Already, its attacks have the potential to hurt the market economy and the free flow of information — which should be enough to keep our attention, according to Sam Kim, an Asia tech reporter at Bloomberg who spoke at the conference on North Korea cyberattacks.
“Nuclear missiles threaten a certain handful of countries, but hacking is a threat against an entire civilization,” he said.