Here’s another reason to fear North Korea
Little is certain in this world — save, perhaps, for the fact that we have never in modern times been so close to destroying it by way of nuclear war. But as long as we’re worrying about threats to humanity, we may as well reserve a bit of our terror for those attacks already perpetrated by one of the same menaces waving nuclear weapons around.
In recent years, North Korea has attacked financial services, government websites, movie studios and vital infrastructure. Its attempts at digital sabotage are getting better. And if there is a military confrontation between the United States and North Korea, then Pyongyang’s ability to engage in cyber-warfare could be one of its most important weapons.
A regime that takes every opportunity to boast of military might it has not quite acquired has managed to quietly supplement its legions of goose-steppers with a 6,000-hacker strong nerd army.
The credit, if we’re to call it that, goes to Kim Jong Un’s father, Kim Jong Il, who intuited that nuclear development wasn’t enough to preserve his regime, so Pyongyang started packing off the smartest
North Korean students to China for computer training courses.
Initially, they weren’t any good: A decade ago, they might be able to attack a U.S. government webpage that even the U.S. government didn’t care about. But by 2014, the hackers were ready to take on Seth Rogan and James Franco — and abscond with a massive amount of personal data of Sony employees.
More recently they’ve graduated to petty theft, threatening to erase people’s data unless they pay, say, $300 in bitcoin, as well as to bigleague theft, in one instance attempting to steal $1 billion from the Federal Reserve in 2016, a mission only partially thwarted by a typo; as the New York Times has reported, they made off with $81 million and would have taken more, had bankers failed to notice the withdrawal request spelled “foundation” as “fandation.”
The regime’s hackers are now estimated to bring home anywhere from hundreds of millions to
$1 billion a year in cyber robberies.
If only it were all about money. The regime can shut down critical social networks as well as infiltrate financial systems. This spring, Britain flew into a panic when hospital computer systems were shut down. The British government believes North Korea may have been testing its ability to cripple vital parts of the country’s infrastructure.
The regime seems to be building its cyber capabilities the way it builds its nuclear capabilities — incrementally. And it appears to getting outside help, including from Iran.
What can Western states do? We can’t easily hack it back: The very thing that makes the country seem so ill suited to cyber-warfare — the fact that it is relatively unconnected — protects the regime from digital retaliation.
We can’t easily track its hackers: Though some reside in countries such as India and Malaysia where they can be physically followed, others can only be found in online chat rooms.
We can’t hit it with weapons: The same defence that protects the country’s nuclear program from military strikes — the fact that the regime could kill thousands of South Korean citizens and American soldiers in response — keeps the regime and its digital army safe.
We do sanction it and that doesn’t do enough. Some experts believe that isolating the regime gives it more reason to attack.
The North Korean nuclear threat may be the most terrifying threat.
But the cyber threat is grave. And just as there are no sure ways to disarm the one, there are no sure ways to disable the other.
— Shannon Gormley is an
Ottawa Citizen global affairs columnist and freelance journalist.