North Korea steals secret South Korean military documents

A South Korean ruling party lawmaker said on October 10 that North Korea stole classified military documents from the South Korean Defense Ministry's database in September 2016.

» South Korea extends detention of former President Park Geun-hye

» Revealing the prison menu of the former female President of South Korea

A North Korean uses a computer at a factory in Pyongyang in 2012. Photo: AFP.

A South Korean ruling party lawmaker claimed on October 10 that North Korea stole classified military documents from a South Korean Defense Ministry database in September 2016. They included documents containing plans to assassinate North Korean leaders. However, the Pentagon denied the information.

Cybersecurity firm FireEye said on October 10 that it had detected and stopped an attack on US power companies by people linked to the North Korean government.

"Experts say North Korea should be ranked in the top five countries in the world in terms of cyberattack capabilities. I believe North Korea can steal anything it wants through cyber espionage," said Lim Jong-in, a cybersecurity professor at Korea University, according to CNN.

Allegations

North Korea has been blamed for some of the most dangerous cyberattacks of the 21st century, including the 2014 attack on Sony Pictures, which saw servers crashed, movies leaked, and employee emails, social security numbers, and salaries exposed. Sony was about to release the comedy “The Interview,” which featured a plot to assassinate the North Korean leader.

In February 2016, $101 million was fraudulently transferred from the Bangladesh central bank’s account at the Federal Reserve Bank of New York to the Philippines. North Korean hackers were believed to be involved.

Analysts say North Korea is preparing similar operations targeting cryptocurrencies like Bitcoin, as international sanctions make it difficult for the North to use the US dollar.

British and US intelligence agencies also believe this year's WannaCry ransomware attack was linked to North Korea.

Strategy

Bryce Boland, chief technology officer for Asia-Pacific at FireEye, said North Korea uses spear phishing — sending messages that appear to be from a trusted source or about a specific topic to the targeted person, but are actually embedded with malware.

Another tactic, according to Boland, is “puddle attacks” – taking control of a target’s favorite website and placing malicious content there that they click on, trapping themselves.

The smartphones of top South Korean government officials were also hacked in 2016. Seoul accused Pyongyang of stealing text messages and conversations by "sending decoy messages".

Pyongyang is also suspected of turning 60,000 computers in South Korea into “zombies,” meaning computers that have been hijacked and can be used for cyberattacks. South Korea’s spy agency estimates that Pyongyang took control of 10,000 computers in one month in 2015.

South Korea has strong cybersecurity defenses, but North Korea’s isolation has created an unexpected advantage, Boland said. “North Korea is less connected and less dependent on technology, making it less vulnerable to retaliatory attacks,” he said.

How it works

According to Kim Heung-kwang, a North Korean defector who was a computer science professor in Pyongyang, North Korea has been searching for and recruiting outstanding students since they were children.

The country has established about 250 elite computer science schools, from which the government selects the 500 most talented students for advanced training at two schools in Pyongyang.

After completing their training, some are assigned to cyber units for practical training. Others work in places like Shenyang, China, where a secret network of hackers known as “Bureau 121” operates.

In a 2015 interview, Kim said that in Shenyang, hackers have good internet infrastructure and can work secretly.

Previously, North Korea's Internet traffic went through only a single link provided by Chinese telecommunications company China Unicom.

Russia provided North Korea with a new internet connection this month, boosting the country's bandwidth. But that also poses risks for Pyongyang, according to FireEye. "Russia can monitor North Korea's internet and potentially identify North Korean targets," he said.

Analysts say cyberattack capabilities have become a key asset in North Korea's "arsenal of war."

“North Korea’s cyber weapons are as destructive as conventional weapons,” Lim said. “A Tomahawk missile can cripple the electrical system and the financial system. So can North Korea’s cyber weapons.”

According to VNE