North Korea’s cyber warrior threat greater than missiles
US and Britain confirm rogue nation responsible for attack on 230,000 computers in 150 countries
WHILE the world has obsessed over North Korea’s rapidly advancing nuclear and weapons programmes, Pyongyang has silently built a sophisticated cyber army capable of plundering international banks, military espionage, and wreaking havoc on critical infrastructure.
Yesterday, the US and British governments confirmed what many had suspected – that North Korea was behind May’s Wannacry ransomware attack, which affected more than 230,000 computers in 150-plus countries, costing billions and causing huge disruption to the NHS.
The announcement came on the back of suspected North Korean hacks on a South Korean cryptocurrency exchange, where at least $7 million (£5.25million) worth of digital money was stolen and one company, Youbit, was forced into bankruptcy.
Observers have warned that currently Pyongyang’s most credible threat to global security may lie not in its progress towards building a nucleartipped warhead capable of reaching the US mainland, but in its formidable cyber prowess.
For a decade, Pyongyang has covertly trained an estimated 6,000 cyber warriors, creating a low-cost online army capable of creating total chaos in an interconnected world. Meanwhile, the isolated regime’s lack of connectivity protects it from retaliatory attacks, creating an almost perfect weapon.
Describing Wannacry as “indiscriminately reckless”, the US blamed the Lazarus Group, a hacking entity working on behalf of Pyongyang.
It is also suspected to have carried out last year’s $81 million cyber robbery of the Bangladesh central bank’s account at the Federal Reserve Bank of New York, while in October North Korean hackers stole war plans from the South Korean army.
Britain also yesterday publicly named the Lazarus Group as responsible for the Wannacry campaign – one of the most significant to hit the UK in terms of scale and disruption.
“We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyber space,” said Lord Ahmad of Wimbledon, a Foreign Office minister. Pyongyang has denied all accusations.
“They are quite capable of conducting operations that could cause significant disruption to many organisations,” said Bryce Boland, chief technology officer for Asia Pacific at Fireeye, a cyber security company. North Korea is likely to increase its surveillance of enemies’ military plans to prepare for a possible conflict, he said.
But North Korea was not acting alone, claimed Mr Boland. “We’re fairly confident that they are gaining information, potentially benefiting from some support from Russia,” he argued, referring to a Russian telecoms company that had recently supplied Pyongyang with an in- ternet connection.
“It’s pretty much win-win for Russia,” he said. “It gives them a bit of leverage over North Korea, it gives them a bit of leverage over the US.”
The targeting of digital cryptocurrencies like bitcoin was a recent development in North Korea’s cyber operations, noted Mr Boland.
“It’s completely reasonable to expect that they are using cryptocurrencies to bypass sanctions,” he said.
Multiple attempts also have been made on conventional bank systems to allegedly finance the regime. In October, employees at the Far Eastern International Bank (FEIB) in Taipei, Taiwan’s capital, were blindsided by hackers who attempted to steal $60 million through the international Swift banking network and transfer it to a Sri Lankan account. Howard Jyan, head of the government’s cyber security division, revealed that it had been a twopronged heist during a public holiday, where hackers had used a backdoor via an email attachment to gain access to
‘The Winter Olympics in South Korea would be a prime opportunity for cyber espionage and sabotage’
the bank’s system and then covered their tracks with a ransomware attack.
The government has not officially blamed North Korea pending the outcome of an investigation, although it acknowledges that the attack bears the hallmarks of the Lazarus group.
This theory is supported by Priscilla Moriuchi, director of strategic threat development at Recorded Future, a US tech company, who will release a new report on the FEIB case in January.
“There is definitely a strong thread throughout these attacks of a North Korean connection through the malware and, it seems, through the techniques that they’re using,” she said.
Like many cyber experts, Ms Moriuchi has warned that financial gain is not Pyongyang’s sole motivation.
The Wannacry worm also laid bare the regime’s appetite for wanton destruction.
Many fear that the 2018 Pyeongchang Winter Olympics, a scant 50 miles from the tense demilitarised zone that has divided the peninsula for six decades, could be a prime target for South Korea’s rogue neighbour.
“That desire to target South Korea and create chaos that would undermine South Korea’s image is still very much a goal for North Korea, and it’s more likely that they would do something in the cyber operations sphere,” said Ms Moriuchi.
In the absence of an imminent truce between Kim Jong-un and the international community, “the Olympics would be a prime opportunity for cyber espionage and sabotage”, agreed Patrick Cronin, a senior director at the Washington-based Centre for a New American Security.
Gavin Williamson, the Defence Secretary, yesterday said: “North Korea is a massive threat, they’re a real danger to this country.”