Somewhere deep inside North Korea is a cell of sophisticated cyber warriors known as Bureau 121.
Some investigators believe this group, or something like it, committed the damaging hack against Sony Pictures, a revenge scheme for the studio’s upcoming release entitled “The Interview” – a comedy about an attempted assassination of North Korea’s leader. The country is also suspected to have carried out a series of other attacks against South Korean companies.
A North Korean defector, Jang Se-yul, recently told Reuters that Bureau 121 consists of roughly 1,800 hackers, who live a relatively pampered life as elites in the country's military.
"For them, the strongest weapon is cyber. In North Korea, it’s called the Secret War," Jang told Reuters. But while members of Bureau 121 are reportedly handpicked from the reclusive nation's technical university programs, the rest of the country is largely cut off from the online world outside of North Korea.
As with all things related to North Korea, it’s very difficult to independently verify Jang’s remarks. North Korea denies it had anything to do with the Sony hack, despite making public threats against the studio over the movie prior to the hack.
In a statement issued Sunday, North Korea called the attack a "righteous deed" and suggested that perhaps "supporters and sympathizers" of the regime had taken it upon themselves to hack the company.
However, investigators have told the Washington Post that they believe the country is responsible for the attack, which included hackers allegedly uploading several unreleased films to the Internet and leaking sensitive personal information regarding thousands of Sony employees. Cybersecurity researchers have said the Sony breach is similar to an attack against South Korean media and financial institutions last year that was attributed to North Korea.
Given the increasingly digital nature of warfare in the world, it makes economic sense for North Korea to pour resources in entities such as Bureau 121.
On the digital battlefield attackers have a distinct advantage. For hackers to win, they only need to breach a system once, while defenders must deflect each and every attack to be successful.
In other words, North Korea could attack again and again with little consequence, causing immense damage without paying much cost, except for the lavish lifestyle of its hackers.
Gen. Curtis Scaparrotti, the commander of United States Forces Korea, told Congress earlier this year that North Korea has "an active cyber warfare capability" is its asymmetric arsenal.
"While North Korea’s massive conventional forces have been declining due to aging and lack of resources... North Korea is emphasizing the development of its asymmetric capabilities," he said, adding that the secretive nation employs hackers capable of conducting cyber-espionage as well as disruptive cyber attacks.
"Cyber warfare is an important asymmetric dimension of conflict that North Korea will probably continue to emphasize— in part because of its deniability and low relative costs," Scaparrotti testified. Because determining the origins of a cyber attack can be incredibly difficult, making it easier for attackers to deny responsibility.
By blocking Internet access for most of its population, North Korea is able to limit its citizens' understanding of the outside world. It also serves as a defensive barrier of sorts, protecting North Korean infrastructure from the very cybersecurity threats Bureau 121 is dedicated to exploiting.
"Today North Korea’s air-gapped networks and prioritization of resources for military use provide both a secure and structured base of operations for cyber operations and a secure means of communications," an Hewlett-Packard Security Briefing from earlier this year said. "North Korea’s hermit infrastructure creates a cyber-terrain that deters reconnaissance. Because North Korea has few Internet connections to the outside world, anyone seeking intelligence on North Korea’s networks has to expend more resources for cyber reconnaissance."