North Korea, a country where private computer ownership is illegal and most civilians can only access a tiny, closed intranet through shoddy knock-off software, is not the sort of place where you might expect to find the scariest and most talented of hackers. But reports from both ABC News and the Associated Press on the sudden computer crashes at South Korean banks and TV broadcasters pointed to speculation that North Korea was behind the cyber shutdown.
There are three pieces of circumstantial evidence: First, North Korea recently threatened the South (which it does all the time); second, the North itself recently experienced a bizarre and unexplained widespread computer outage that appeared to be linked to a possible outside attack. The third piece is the most persuasive: More evidence suggests that North Korea was behind past, similar attacks.
Here's the A.P.:
Seoul blames North Korean hackers for several cyberattacks in recent years. Pyongyang has either denied or ignored those charges. Hackers operating from IP addresses in China have also been blamed.
In 2011, computer security software maker McAfee Inc. said North Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites earlier that year. The analysis also said North Korea appeared to be linked to a 2009 massive computer-based attack that brought down U.S. government Internet sites. Pyongyang denied involvement. ...
North Korea also has claimed cyberattacks by the U.S. and South Korea. The North’s official Korean Central News Agency accused the countries of expanding an aggressive stance against Pyongyang into cyberspace with “intensive and persistent virus attacks.”
North Korea has not claimed other attacks on South Korea, either: It denies sinking a South Korean ship, the Cheonan, despite investigations that suggest otherwise.
The attacks would certainly seem to be sophisticated. Banks are not easy targets, particularly not in a place like South Korea, where computing technology is highly advanced and cyber security, particularly in the financial sector, is taken very seriously.
In 2011, Al Jazeera interviewed two defected North Koreans who claimed to have participated in what they described as a vast and highly professional cyberwarfare department, which allegedly recruited its hackers straight out of primary school.
The government hackers, they said, are sent to China or Russia for training and are rewarded with special housing and privileges for them and their families. They get such special treatment in part to reduce the temptation of defecting, given that the hackers are allowed rare access to the Internet and thus knowledge of the outside world's relative prosperity.
One of the defected hackers explained what he saw as the five reasons that North Korea was focusing such resources and energy into the program, growing their number of hackers from 500 to 3,000:
"First, cybermilitary strength is cost effective. With the North's deteriorating economic situation, it cannot compete with South Korea or the US in building conventional military army, naval or air forces.
"Grooming prodigies, deploying them, setting up internet, buying programmes, and providing conditions for them to operate in China or another third country is considerably cheaper than buying new weapons or fighter jets which cost hundreds of millions of dollars," Kim said.
"Second, North Korea is extremely confident of its software development capabilities, as cracking passwords within a secured system and finding patches within networks are all based on mathematical capabilities.
"Third, cyberstrength provides higher utility than any other naval, air, or army force. A state may possess tens of thousands of foot soldiers or hundreds of jets - but rarely would be able to use them, "especially in this day and age".
"But cybermanpower - once you have that established you can steal any classifed information from enemy states, incapacitate their servers and cause social panic through psychological warfare. It's high in utility in terms of creating different types of confusion and chaos - and that is cyberwarfare's biggest merit," said Kim.
"Fourth, cyber warfare is asymmetrically advantageous for the North. None of its servers are yet connected to the internet, which makes it immune to cyberattacks. But South Korea and other enemy countries, or any other country for that matter, will undergo major chaos if their computer system were to crash. For this very reason North Korea is fascinated with cyberwarfare."
"Finally, North Korea has recognised the internet's inherent weakness from its very inception in the mid-1990s. It realised that, as long as it maintained an attack network, it could easily hack into strategic targets with considerable speed. That's why they were driven to aggressively engage China in military exchanges to quickly build up a cyberforce of 500 hackers.
Update: A few North Korea-watchers have pointed out that, while many readers might find the country's cyber espionage skill level to be surprising, it is hardly a secret. And they're right: this story is not a surprise to close observers of North Korea, who have been documenting its hacking prowess for years. For more, check out Marcus Noland and Stephen Haggard's posts on North Korea and cyber war at their Peterson Institute blog.