May 3, 2013
North Korea is expected to mooch off other nations for cyber offensive tools because it is not plugged into the global Web, according to the Defense Department’s first report to Congress on the regime's military might.
These are some of the spare details describing Pyongyang’s network operations found amidst a larger discussion of the regime's antagonism with South Korea and pursuit of nuclear weapons.
"As a result of North Korea’s historical isolation from outside communications and influence, it is likely to employ Internet infrastructure from third-party nations," states the 26-page report, which Defense Department Secretary Chuck Hagel released on Thursday.
The unclassified 2012 assessment concludes the Democratic People’s Republic of Korea "probably" has the capability to carry out military computer network operations. Since 2009, the nation has been linked to cyber espionage campaigns and distributed denial of service attacks that externally flood websites with paralyzing traffic, according to the Pentagon.
Cybersecurity researchers speculated suppliers for North Korean cyber fights could range from Chinese telecommunications giants to unwitting nations with connectivity that is not hard for Pyongyang to steal.
“Two of the world's biggest Internet infrastructure suppliers are Huawei and ZTE and there's a good chance North Korea's Internet infrastructure relies heavily on their equipment,” Martyn Williams, editor of the North Korea Tech website, which chronicles the regime’s use of information technology, said in an email. “Chinese providers are really the only choice as the DPRK can't really interconnect with South Korean or Japanese providers.”
That said, it’s easy for commodity products to take a detour through a third country on their way to sanctioned destinations; that reportedly was the route censorship technology took to Syria. “If, for example, the North Koreans wanted Cisco routers it probably wouldn't be difficult to get them,” Williams added.
North Korea sends military youth to India and China for university training, so both Internet-enabled countries might offer resources, suggested Jeffrey Carr, a cyberwar analyst and author of Inside Cyberwarfare (O'Reilly Media 2009).
And then there’s the atomic bargaining chip. North Koreans “also have a good relationship with Iran, which would certainly provide the DPRK with whatever they asked in exchange for the DPRK's help with nuclear fuel enrichment,” Carr said.
Congress in 2011 required Defense to produce annual classified and unclassified reports on military development in North Korea.
Pentagon officials informed lawmakers that the Seoul Central Prosecutor’s office reportedly implicated DPRK in 2011 cyber incidents affecting servers at South Korea's Nonghyup Bank. Remote "actors rendered the bank’s online services inaccessible and deleted numerous files concerning customer bank accounts while removing all evidence" of unauthorized activity on the servers, the Defense report states.
Several high-profile cyber events involving the regime are not mentioned. For instance, in March, experts worldwide accused North Korea of immobilizing computers at South Korea's key broadcasters and ATMs. This was one of a series of cyber spats between North Korean and South Korean supporters that began when the United Nations imposed sanctions on the northern nation for nuclear tests.
“The report is worded carefully,” Williams said. “You'll note it doesn't accuse North Korea of doing anything, but rather says the South Korean government or local newspapers have reported the DPRK is [behind] the attacks.”
The study indeed acknowledges that proving North Korea responsible for network abnormalities is difficult because of the Web's inherent anonymity and distributed structure.
Williams added, “The evidence is growing that North Korea is behind at least some of these attacks, but everyone is still pretty much guessing.”
May 3, 2013