The commander of U.S. forces in Korea last week disclosed new details of North Korea’s cyber warfare capabilities that include destructive cyber attacks and cyber espionage operations.
“I was remiss in not noting cyber as one of the asymmetric threats that North Korea is developing and they are developing a cyber [attack] threat as well,” Army Gen. Curtis M. Scaparrotti, who is also United Nations forces commander in South Korea, told the House Armed Services Committee April 2.
The North Korean cyber warfare capability is “not as advanced as some others globally,” he said.
“But they have demonstrated the ability to do denial of service as well as disruption of web-faces, et cetera,” the four-star general said. “They had an impact on the South Korean banking and media industry here in the spring and summer of 2013, for example. And we know that they’re working hard to develop a greater capability in cyber.”
Cyber warfare is part of Pyongyang’s effort to make up for a large but declining conventional military forces, which for decades have threatened South Korea and the region with large-scale troops deployments, tanks and artillery, most of which deployed close to the demilitarized zone separating the two countries.
The North Koreans have an “active cyber warfare capability,” Scaparrotti said, along with its other asymmetric weapons, such several hundred ballistic missiles, a large chemical weapons stockpile, a biological weapons research program, and the world’s largest special operations forces.
“North Korea employs computer hackers capable of conducting open-source intelligence collection, cyber-espionage, and disruptive cyber-attacks,” he said. “Several attacks on South Korea’s banking institutions over the past few years have been attributed to North Korea. Cyber warfare is an important asymmetric dimension of conflict that North Korea will probably continue to emphasize— in part because of its deniability and low relative costs.”
To counter the threat, U.S. and South Korean forces are bolstering both cyber and special operations capabilities.
The most recent North Korean cyber attack was carried out late last month when an attempt to steal military data, the South Korean Defense Ministry said. The attack utilized a journalist’s notebook computer that was penetrated and infected with malicious software.
The notebook was used by a South Korean defense reporter and such reporters are given authorized access to the ministry Internet network.
The cyber attack was thwarted before any data was compromised and the Ministry said it was able to detect the hacking attempt before it could be carried out. An investigation showed that the hackers had used an IP address in Austria to mask the origin.
“We believe the code has been produced by North Korea, or North Korean hackers are behind today’s cyber attack,” a Ministry spokesman told AFP.
It was the same server used by hackers last year to attack South Korean financial institutions and media broadcasters.
North Korea is believed to have a cyber warfare unit made up of some 3,000 technicians who conduct both cyber sabotage and espionage.
The Pentagon first disclosed some aspect of North Korean cyber warfare capabilities in a report to Congress made public in March.
“Given North Korea’s bleak economic outlook, [offensive cyberwarfare operations] may be seen as a cost-effective way to develop asymmetric, deniable military options,” the report said.
Cyber warfare operations are carried out by the North Korean Reconnaissance General Bureau (RGB).
– Bill Gertz
April 6, 2014