Developing

North Korea's secret army of 'cyber warriors'

South Korean security experts suggest that the North is training an elite force of “cyber warriors” - built to launch crippling attacks on companies in the South, or elsewhere.

North Korea this week issued a fiery statement threatening U.S. forces in the Far East with missile attack - but the real danger posed by the rogue state could be invisible.

South Korean security experts suggest that the North is training an elite force of “cyber warriors” - built to launch crippling attacks on companies in the South, or elsewhere.

In its statement this week, the regime warned the South Korean government that the country would be “reduced to ashes and flames” in the first strike.

The dictatorship successfully launched a satellite into space in December 2012 - and conducted an underground nuclear test, its third, in February.

But analysts have said that the regime’s primitive missiles are unlikely to be able to strike U.S bases in Guam or Hawaii, let alone mainland USA.

The real threat might be less tangible - cyber attacks, launched from within the country, either by the government itself, or rogue activists intent on attacking ‘enemies’ of the state.



North Korea recently cut off mobile internet access for visitors to the country, part of the cloak of secrecy that surrounds the state.

A malicious software attack shut down 32,000 computers at South Korean TV networks and banks last week - one of six in the past few years that have been attributed to the regime by South Korean experts.

North Korean defector Kim Heung-Kwang claims that the country’s top science universities train “cyber warriors” to attack Western targets - and that hackers also receive “tuition” from rogue groups in Russia and China.

By contrast, physical attack remains unlikely, according to most analysts.

“It is unlikely that North Korea would be technically capable of carrying out its threats of nuclear attack on the continental United States,” says Andrea Berger, Research Fellow in nuclear analysis at the defence think tank Royal United Services Institute.

It’s still disputed whether the North Korean government is directly behind cyber attacks such as last week’s.

Western security companies are less certain of who is to blame. The attacks appeared to come from an IP address in China - although this is likely to have been a ruse to conceal the real location of the attackers.

Internet security company Kaspersky Labs said in a statement last week, “"Obviously, the attacks were designed to be 'loud' - the victims are broadcasting companies and banks. This makes us think we are not dealing with a serious, determined adversary but hacktivists looking for quick fame.”

Analyst Roel Schouwenberg, Senior Anti-Virus Researcher, of Kaspersky Labs, says that:“The complete scope of last week's attacks hasn't yet been determined. The malware wasn't particularly complex, but the execution was well done, so it should just be a few people.”

“Conducting basic cyber-attacks isn't hard at all. So you could potentially be looking at a single motivated attacker who put in a lot of time. Having a bigger team of people would generally reduce the amount of time needed to prepare and execute an attack.”

The attacks may not have come from government, but instead from activist groups.

Within North Korea, the country’s elite are keen computer users, with Chinese-made tablet PCs and a dedicated North Korean operating system, Red Star, used in place of Windows or Mac OS.

“Given the state of cyber-security, a group of dedicated hacktivists can decide they want to attack a particular company or vertical and are likely to be successful,” says Schouwenberg. “When there are already geo-political tensions this can be cause for serious escalation.”

The relative lack of sophistication of the attacks on South Korea could also be a smokescreen.

While malware attacks such as Stuxnet and Flame are thought to be the work of nation states due to the sophistication of their code, none has been traced back to its authors.

“Nation-state actors may be moving from more to less complex malware in an attempt to make attribution more difficult,” says Schouwenberg. “After all, only top experts can create top quality code, but a lot more people can produce average quality code."

“When there's no physical war already happening nation-state actors will be very keen to make sure that especially their destructive/disruptive (cyber) operations are not attributable - especially now that more and more nations have stated that cyber operations can be cause for physical retaliation.”