FoxNews on February 14, 2014, reported that North Korea’s effort to build a cyberarmy that can conduct a string of attacks on neighboring states has experts asking some key questions. Excerpts below:
Is Pyongyang gearing up for a cyberassault on the United States?
Does it have the capability?
“They do have the capability, obviously,” says Alexandre Mansourov, a visiting scholar at the U.S.-Korea Institute at the Johns Hopkins School of Advanced International Studies.
Like the Cold War in the 1950s and ’60s, cyberwarfare is becoming an arms race. Many nations, including the United States, are building up their offensive and defensive capabilities amid an increase of espionage and a proliferation of attacks on public and private computer networks.
Experts say the number of attacks on South Korea over the last five years looks more like a coordinated war than the work of random hackers. This has some officials in the U.S. girding for a broader fight.
“We should never underestimate Pyongyang’s willingness to engage in dangerous and provocative behavior to extract more aid and concessions from the international community,” Rep. Mike Rogers (R-Mich.), chairman of the House Select Committee on Intelligence, said in a statement to FoxNews.com.
‘They are saying quite publicly they have several thousand men and women working on a daily basis on cyber.’
– Jarno Limnéll, director of cybersecurity at Stonesoft Corp.
“North Korea is certainly not the most capable nation-state threat actor today, but even relatively minor cyberplayers can sometimes find vulnerabilities in complicated civilian architectures and cause significant disruptions.”
While no one knows exactly what North Korea has up its sleeve, a number of hackers who have defected, as well as the increasingly sophisticated attacks on South Korea, suggest that its leader, Kim Jong-un, isn’t limiting his muscle-flexing to nuclear tests in the Pacific.
According to reports beginning in 2010, North Korea has been training thousands of top computer science students to be sophisticated cyberwarriors.
The proof is in the attacks, of course, though it is difficult to pin down the responsible parties:
• A wave of “distributed denial of service (DDoS)” attacks in 2009 struck both U.S. government and South Korean websites. A virus launched from unknown sources (South Korean officials accused Pyongyang) through a series of “zombie” computers sent waves of Internet traffic to a number of websites in the two countries. The U.S. Treasury and Federal Trade Commission sites were shut down for a weekend, but the action crippled a number of government sites and media outlets in South Korea.
• A DDoS attack on South Korean banks in March 2011 left 30 million people without ATM access for days. At the time, Dmitri Alperovitch, vice president of threat research for McAfee Labs, said the attacks had the mark of a North Korean “cyberwar drill” and theorized that Pyongyang had built an army of zombie computers, or “botnets,” to unleash malicious software. He guessed that the 2009 attack had been a similar operation.
• An attack in March 2013 was the biggest one yet, infecting and wiping clean the critical master boot records of 48,000 computers and servers associated with South Korean banks and media outlets, using their own networks. Experts traced the “cyberweapon” back through more than 1,000 IP addresses used on different continents, but South Korean officials accused North Korea of directing the attack. Systems were crippled for days.
Gen. James Thurman, commander of U.S. forces in South Korea, told Congress in 2012 that “the newest addition to the North Korean asymmetric arsenal is a growing cyberwarfare capability,” in which North Korea “employs sophisticated computer hackers trained to launch cyberinfiltration and cyberattacks” against South Korea and the U.S.
Jarno Limnéll, director of cybersecurity at Finland-based Stonesoft Corp. (part of the McAfee cybersecurity company), said that while it is “hard to know what cyber-capabilities your enemies or even your friends have, [this is] something [North Korea] has taken very seriously … and what they are saying quite publicly is they have several thousand men and women working on a daily basis on cyber. They want to give a very clear impression that they are a strong player in this field.”
Mansourov said there is a “Cold War situation going on,” a tit-for-tat between the North and South. And it’s not limited to the Korean Peninsula:
Meanwhile, Israel and the U.S. were widely fingered for launching the Stuxnet virus that crippled Iran’s nuclear program in 2010.
“It’s effectively an arms race,” said C. Matthew Curtin, founder of the computer security consulting firm Interhack and author of Brute Force: Cracking the Data Encryption Standard.
“We need to assume that hostile nation states — even non-state actors like al Qaeda — have offensive cyber-capabilities, and we need to be in a position to render their capabilities moot.”
He said the best way to confront cyberthreats is to secure domestic networks and force other countries to spend more money to get to us. “Then it becomes like the [Cold War-era] Soviet Union, where they will eventually have nothing left to spend,” he said.
Rogers still hopes to see the Cyber Intelligence Sharing and Protection Act (CISPA ), which the House passed in April, succeed in the Senate and be signed into law by President Obama. It would allow greater information sharing between the government and private companies to prevent and respond to cyberattacks.
“If someone was trying to shut down our power grid when there is a huge polar vortex blowing through the country, that would have a serious impact on us,” he said.