Most of the concern among the international community involves DPRK‘s nuclear strike capability with little to no mention of what is a growing cyber threat. The DPRK is on a path to harden their own offensive as well as defensive capabilities in the real world and in the cyber. The DPRK‘s cyber freedom fighter is America’s cyber terrorist. While much of the focus is on other more well known foreign powers when it comes to the issue of cyber security, rogue states such as the DPRK can pose a much higher risk, in part, due to their unwavering determination to attack the US and its allies at all costs. Ostensibly, the DPRK is solidly committed to seeing the US fall and in most instances they are living in a fantasy world, whereas, the reality of it is more with the aim of making the US a good bogeyman for the fear mongering to continue among its own people.
North Korea’s Cyber Attack Capabilities
However, while examining more closely the actual attack capabilities of the DPRK military in the area of cyber defense, much like the rest of their military, where they use antiquated Russian hardware, it is a lot of bluster and talk. This is not meant to intimate that the remote possibility for a successful hack that could compromise US national security could never happen. It should be fairly obvious that the recent attack on a South Korean bank was a DPRK state sponsored attack considering the relatively low number of people permitted to use the World Wide Web in North Korea.
On March 30th the DPRK had only 2 internet connections routed to the global internet. The DPRK had disappeared from global routing tables for nearly 2 full days. Then on April 9th the DPRK expanded to 3 connections via China Unicom Hong Kong to North Korea in light of the all of the recent “downtime”. The DPRK has for decades threatened to attack the US with their military that can barely even deploy troops to Seoul let alone attack anywhere in the US. However, all delusions they may have about military superiority aside, absent any real mitigation by US security professionals, the DPRK can and very likely will pose an APT1 threat to US national security in the coming years.
An Easy Target?
All one needs to do is some basic script kiddie level hacks combined with some basic research online to see that the DPRK is a soft target and ripe for an attack. It appears that for every attempt they have made to shield themselves from a cyber attack they have only served to undermine their own self interests or using DPRK parlance: Juche self-reliance.
Clearly this is a case when one cannot be too self-reliant. Simply because it is having an overall adverse effect on their ability to maintain the requisite security patches they are leaving themselves wide open for an attack. The best analogy would be that of car accident statistics. If there are no or very few cars on the road then clearly there is much less of a chance of there being a car accident. However, what does that do to benefit a developing nation in dire need of an infrastructure? It only leaves them paralyzed by their own ideology.
If the DPRK had the level of import/export trade to enable more North Koreans to have access to technology, it would benefit their security apparatus much more than to simply assume that self reliance is a very pragmatic way of staying on top of what most of the world has already enjoyed for decades. The DPRK is in some ways limited to a full scale cyber attack because their technology is stuck somewhere in the 1980s-90s while the rest of the country is living in the Stone Age. They may have mitigated the risk of someone attacking on a large scale, but at such a cost that the nation is still on the verge of a collapse – or, at the very least, a military coup. On that subject many North Koreans are beginning to have access to mobile phones and smart phones.
The Uriminzokkiri Attack
Currently the only people allowed to have access to the internet are the elite and government officials. All of which makes it much easier for adversaries around the world to spearphish an attack aimed at those hated the most: DPRK military. Kwangmyong (network) is only an intranet connection for the average North Korean which typically has no TCP/IP connection to the World Wide Web. At least, the civilians can enjoy the security by obscurity which should be afforded to the ones intended to guard their country. It is not as easy for a hacker to simply break into every computer in North Korea because they are using Linux and the software they run has different vulnerabilities less exploited than on more popular Microsoft Windows and Machines running Mac. However, the North Korean web site version of Twitter, Uriminzokkiri.com, was recently hacked thereby compromising fifteen thousand of the DPRK‘s elite accounts. This clearly indicates that they are not anywhere near as secure as the DPRK Kool-Aid drinking crowd would like to delude themselves into thinking that their Juche self-reliance can actually provide for them.
While it has been widely disputed whether it was Anonymous or a US government led attack recently against the DPRK, the fact remains that the more threats they impose on the world, the more likely it will be for vigilante hackers to see a low hanging piece of fruit that is also a huge threat to global stability. DPRK Red Star Linux 2.0 is easily “metasploitable” due to the fact it is running KDE 3.x Linux which was initially released in 2002. That is a long time to run on an, albeit limited, public internet connection without even a modicum of software updates. Obviously, a state sponsored attack would be quite easy to achieve.
David Williams
Latest posts by David Williams (see all)
- Edward Snowden: A Product Of Nepotism Or Something More? - July 28, 2013
- DPRK Inherent Cyber Security Vulnerabilities - June 1, 2013
Google +
LinkedIn