It’s not just nukes. Here’s what North Korean cyberwarfare might do.
After years of worry over North Korea’s nuclear weapons program, it appears that the Kim Jong Un regime is steps away from being able to drop a nuke on the United States. A missile test in July revealed that North Korea has an Intercontinental Ballistic Missile that might be able to reach Chicago — then, last week, a confidential U.S. intelligence assessment suggested that the nation could have miniaturized nuclear warheads that can fit onto missiles, too.
But North Korea isn’t just preparing an arsenal of nuclear weapons. If a war ever breaks out on the Korean peninsula, cyberwarfare tactics would likely be a part of the Democratic People Republic of Korea’s defense. As Kim, the North Korean dictator, allegedly put it, “Cyberwarfare, along with nuclear weapons and missiles, is an all-purpose-sword.”
Cyberwarfare is “probably overlooked in the North Korean context,” Peter Ward, a researcher at the Asan Institute for Policy Studies in Seoul, said by phone. “It’s not talked about widely, and it should be talked about more. Their cyberwarfare capabilities are quite advanced for a country of their size and poverty.”
But because of the DPRK’s longstanding isolation, it’s hard to know what North Korea’s nastiest electronic or cyberattack might look like. The nation has already shown the ability to jam GPS signals in planes and ships or burn out critical electrical equipment using an EMP, a device that deploys an intense magnetic field device that can rattle our hard-wired lives. As one report put it, an EMP could disrupt “telecommunications, financial institutions, the energy sector, transportation, food and water delivery, emergency services and space systems.” In other words, imagine entire power grids being shut off or subway systems rendered unusable.
“Let’s say you shut down someone’s electric grid,” Rhea Siers, a senior expert in cyber at the Risk Assistance Network and Exchange, said by phone. “It’s connected to hospitals, other things — you can have all kinds of terrible consequences. Even them spending resources and time on it is something we should be concerned about.”
Just because the DPRK has nuclear weapons or cyberwarfare capabilities, however, doesn’t mean it will actually use them. It could just be a line of defense, or part of North Korea’s contingency plan in the event of war.
“North Korea can strike Seoul and Japan anytime it wants,” Jenny Jun, a doctoral student at Columbia University’s Department of Political Science, said by phone. “It’s capable of that, but it’s not strategically viable before full-on war happens. It’s the same thing with cyberwarfare.”
An abbreviated history of North Korean hacks
North Korean cyberattacks have technically been going on for years. In 2004, the DPRK is thought to be responsible for penetrating 33 of the South Korean military’s wireless communication networks. About two years later in 2006, North Korea was believed to be responsible for hacking State Department computers. Since then, other incidents include deploying DDoS attacks against South Korea’s Incheon International Airport and against Nonghyup Bank in 2011 (which stopped 30 million users from using ATMs for days), hacking South Korean media outlets in 2012 and 2013 and leaking embarrassing information from Sony as a retaliation for the film The Interview in 2014. At one point, North Koreans hacked Interpark, a popular Korean shopping site, and stole millions of people’s customer data.
“They have nothing holding them back,” Siers said. “They just go ahead — they’re so into making a big splash. We don’t even know what their strategic purpose is sometimes.”
Some of North Korea’s most recent hacks, however, have a fairly clear intention: Rake in as much money as possible. In 2016, North Korean hackers stole $81 million from Bangladesh’s central bank (though that was only about 10% of what they were attempting to take). Hackers are also thought to be behind May’s WannaCry cyberattack, which extorted about $140,000 in bitcoin from infected users. The malware affected about 30,000 people in 150 countries and shut down computer systems in at least 16 hospitals.
“We don’t know if they’re developing this malware just to make money, or if they’re developing it for other purposes, too ... It’s kind of a mystery,” Siers said. “It could be a mixed bag, but it’s very tempting to them because of their lack of capital.”
The next generation of “cyber warriors”
North Korea practically rears youth into becoming a part of its cyber arsenal. According to one interview with a North Korean defector — formerly a computer science professor at Pyongyang’s Kim Chaek University of Technology — high-performing elementary school students are transferred to elite, tech-focused middle schools in North Korea’s capital.
“There is a pyramid-like prodigy recruiting system, where smart kids from all over the country — students who are good at math, coding and possess top analytical skills — are picked up to be grouped at Keumseong [school],” Kim Heung Kwang, the defector, told Al Jazeera. From there, the students allegedly move onto high school, then to some of the best North Korean universities, then for a year abroad in China or Russia. They might be the next generation of hackers for Unit 121, a department in North Korea’s Reconnaissance General Bureau. And in a state-controlled nation like North Korea, students have plenty of incentive to learn the ropes of cyberwarfare.
“Parents of students graduating from the cyber program with top scores are given the opportunity to live in Pyongyang; and married cyber operators are given housing, a food allowance and a stipend if traveling overseas,” a 2014 report by HP Security Research said. “Due to the nature of their profession, these cyber elite are some of the only North Koreans allowed to access the outside internet.”
Yet even with a team of at least 1,800 “cyber warriors”, according to one North Korean defector’s testimony, the truth is that we don’t really know how advanced North Korean cyberwarfare really is.
“Measuring cyberwarfare capabilities is notoriously hard,” Jun said. “The general consensus is that North Korea is on par with many of the sort of nation-states that are active in this area, and is only second to maybe Russia, China and the U.S.”
An uncertain future
A war with North Korea, although very unlikely by most analyses, would no doubt be horrific. Traditional weaponry aside, a total dystopian projection might include frozen public transit, tanked stock markets, electricity blackouts, government leaks, broken ATMs and hacked nuclear power plants.
“Hypothetically, you can blow something up,” Siers said. “But as for whether or not they can do that, I just don’t see it. I think it’s possible for them to disrupt civilian life with transportation and other things. I think it’s less likely that they infiltrate a nuclear plant.”
All of this, however, is mere speculation. North Korea is unlikely to show its true cards, though small-scale attacks against South Korea have been fairly frequent.
“I think they’re not keen to reveal what they can do unless they have to,” Ward said. “Once you use it, you know what people have.” He also believes the United States would be vulnerable to North Korean cyberattacks, particularly because U.S. power and water companies are “fairly decentralized.” Earlier this year, for example, the U.S. Department of Energy published a report stating that America’s electricity infrastructure “faces imminent danger from cyberattacks.”
“I think it’s obvious that the North Koreans have the capability of hitting the U.S. very hard with cyberwarfare,” Ward said. “Hopefully, the Americans have tightened security and will be able to keep out North Korean hackers, but I wouldn’t hold my breath.”
For what it’s worth, Siers doesn’t think that the issue is being “overlooked.” World governments and private cybersecurity companies are giving it a “fair amount of attention,” she said.
“But, you know, cyberattacks are certainly something to worry about — and if you don’t worry about it, then you’re not thinking,” she said.