Conventional wisdom says North Korea is an arsenal-craving backwater under the rule of despots. The regime, however, is driving toward a modern version of authoritarianism, with cyberwar capabilities complementing hydrogen bombs. While the nukes purposefully grab the world's attention, the regime is taking unprecedented steps in the cyber domain. And it's targeting more than just its critics. (1) North Korea's hacking competence has become as dreaded as its nuclear arsenal. While 2017 saw the headlines dominated by its missile and nuclear proliferation, its hackers quietly improved their cyber capabilities and expanded ways in which to conduct cyber-attacks. Although instituted in the 1990s, North Korean cyber-attacks did not proliferate until the late 2000s when their hackers started conducting cyber-espionage attacks against South Korea. There does not appear to be a push for specific cyber programmes, but a general shift towards including cyber power. In March 2013 North Korea compromised much of South Korea's banking system. In 2016 the Lazarus group linked to North Korean hacking teams was accused of stealing US$81 million from the central bank of Bangladesh in a heist run through the Federal Reserve Bank in New York City. Last year the world came to a temporary standstill when WannaCry infected hundreds of thousands of computers.
The story of North Korean cyber capability began in 1994 when Kim Jong II inherited the leadership from Kim II Sung. North Korea was in dire straits, and desperately needed hard currency after flooding and the cutting off of trade after the Cold War. The younger Kim sought a new method to do this in the cyber world. This was achieved by instituting cyber training at prestigious universities in Pyongyang and sending these trainees overseas to make money for a state embattled by famine and sanctions.
Starting in the 2000s many more were posted overseas, mainly in China and South-east Asia, and were tasked with making $100,000 each per year. Ninety per cent of this was syphoned off to the totalitarian regime. Bloomberg commentator Sam Kim has noted that money was raised by pirating software and selling it online to Chinese or Korean customers. (2) China was likely complicit in aiding North Korean activities, if not helping them develop some cyber capability. This also included gaining money illicitly through hacking gambling, gaming and other websites. Experts in the South Korean government suggest that over many years North Korea has sent hundreds of hackers into neighbouring countries where hundreds of millions of dollars have been raised for the Kim regime.
The early stages of cyber capabilities were ad hoc and conducted by many different groups within the intelligence apparatus and military. The US Department of Defense states that
North Korean intelligence and security services collect political, military, economic, and technical information through open-source, human intelligence, cyber, and signals intelligence capabilities. North Korea's primary intelligence collection targets remain South Korea, the United States, and Japan. (3) However, capabilities were streamlined in 2009 when the Reconnaissance General Bureau was inaugurated by consolidating many foreign collection and analysis groups. The bureau is North Korea's primary foreign intelligence service, and is responsible for collection and clandestine operations. The US Defense Department reports that the 'RGB is comprised of six bureaus with compartmented functions including operations, reconnaissance, technology and cyber, overseas intelligence, inter-Korean talks, and service support'. (4) Thus, it is the bureau that is responsible for cyber-attacks and cyber-espionage. Much like everything in North Korea, it is tightly controlled by the state. There appears to be a lack of free-range mode of action, and cyber-attack areas are prescribed by the state.
North Korea will never be able to match the United States, China or even South Korea or Japan for absolute military or technology spending. To combat this reality Pyongyang has diverted its resources to developing areas that are low cost, asymmetric and spaces where they can easily educate a citizenry that have little choice in their futures.
North Korea has thus attempted to gain parity in the cyber world. It has developed a hacking ability that allows it to distribute denial of service attacks; steal from banks; shut down financial institutions; force media conglomerates to acquiesce and steal crypto-currency from third parties. Cyber intrusion is low cost, as all you need are internet connections and training.
However, North Korea is likely the least wired country in Asia with very few IP addresses, and the amount of traffic is small. Nonetheless, MacAfee has reported that next to Russia, we believe North Korea is the next most important nation for cybercrime', (5) and that the Reconnaissance General Bureau has stolen tens of millions of dollars from banks in developing countries, which has provided a lucrative way to supplement the North Korean government's access to...