Cyber warfare comes into the present
Earlier this month, the U.S. government blamed North Korea for the hacking into Sony Pictures Entertainment. A South Korean government investigation team also hinted at the possible North Korean cyberattacks against its nuclear power plant operator, saying the hackers’ digital footprints were traced to Shenyang, a Chinese city known as a hub for North Korean cybersecurity agents.
“Pyongyang might have engaged in two cyberattacks at the same time against the United States and South Korea as its new weapon to destroy the balance of power,” said Shin In-kyun, head of the Korea Defense Network, a private research group in Seoul.
According to security experts, North Korea’s capabilities in cyberwarfare are approximately the same level as those of the United States or China.
The Technolytics Institute of the United States, an independent think tank specialized in cybersecurity, said the North’s ability to carry out cyberattacks such as hacking and use of malware is ranked sixth in the world. The country is ranked seventh for its intelligence assessment ability and second for its willingness to wage a cyberwar.
The South Korean intelligence authorities also said the North’s cyberattack capabilities are ranked third in the world, following the United States and China.
Experts said the North’s cyberwarfare ability is particularly menacing because its spear is sharp, while its shield is strong. In other words, it has both offensive and defensive strengths.
The North Korean military is in charge of educating hackers. According to a report by the National Intelligence Service to South Korea’s National Assembly Intelligence Committee, the Reconnaissance General Bureau of Pyongyang established the cyber reconnaissance department to operate Unit 204. About 5,900 hackers are serving in the unit, the report said.
At the same time, the North is relatively underexposed to cyberattacks from the outside world. Its tiny network has less than 1,000 Internet Protocol addresses made public so far. That’s a stark comparison to the United States, South Korea and other normal nations, which have major infrastructure facilities such as nuclear plants, airports and financial institutions that must be protected from cyberattacks.
The North has carried out a series of cyberattacks against the South to test its abilities. According to the National Intelligence Service, North Korea carried out a series of DDoS (distributed denial of service) attacks on 35 government Internet sites in the South in July 2009. A DDoS attack refers to attackers flooding a network with traffic until it crashes due to the overload. The Blue House and the National Assembly were targets.
In April 2011, the North also attacked the computer network of Nonghyup, paralyzing the operation of its financial system.
The intelligence authority also said the North was behind the attacks on 32,000 computers of broadcasters, companies and financial institutions in March 2013.
The North has consistently denied responsibility for the attacks and there was little clear evidence to pinpoint Pyongyang.
Often referred to as “shadow warfare,” a cyberattack is an offensive that is hard to trace. Even if an investigation reveals the attacker, it is hard to hold the culprit responsible. When a country denies responsibility, there is no means to punish it
A classic example of such “shadow warfare” was the Stuxnet attack on Iran in 2010.
Stuxnet is a computer worm designed to attack programmable logic controllers (PLCs) used to control factories. They are also used to control centrifuges separating nuclear materials, and Iran’s nuclear facility was reportedly compromised by Stuxnet.
Some reports said as many as 1,000 out of 2,000 nuclear centrifuges were destroyed.
While Iran blamed the United States and Israel for the incident, no evidence was found to hold them accountable.
In 2008, Russia and Georgia were involved in a similar incident. At the time, Georgia’s government offices, financial institutions and military intelligence system were hacked and paralyzed, but it was hard to definitively trace the cyberattacks back to Russia.
Because evidence is often weak to pinpoint the culprit behind a cyberattack, international sanctions are also difficult. While the United Nations Security Council imposes sanctions on countries for nuclear and missile programs, there is no punitive means for a cyberattack.
“Because it is hard to find a smoking gun, a cyberattack cannot be punished, and there are countries that abuse this situation,” said a South Korean Foreign Ministry official.
A tacit war in cyberspace has now become a reality between the United States and China.
In May, a federal grand jury indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries. After officers from Unit 61398 of the Third Department of the Chinese People’s Liberation Army were prosecuted, China immediately lodged a complaint by summoning U.S. ambassador Max Baucus.
In retaliation, China also banned the use of U.S. computer products including those produced by Microsoft and International Business Machines Corporation. The cyber dispute appeared to have spread to the real world of commerce.
Speculation is high that the United States was behind North Korea’s continuing loss of Internet use following the hacking of Sony Pictures Entertainment, because “an eye for an eye” is a principle often used in retaliation of a cyberattack.
“Because it is hard to pinpoint the attacker, it is difficult for justice to be done,” said Professor Lee Kyung-ho, an information security specialist at Korea University. “It is also difficult for the victim to refrain from retaliating against a suspect. This is the problem with a cyberwar.”
BY JEONG WON-YEOB [email@example.com]