North Korea is one of the world’s poorest countries, seen as well behind most everyone when it comes to most technologies and much more.
Hacking may not be one of them.
Scant resources or not, a defector who once worked as a computer expert for the North Korean government says that it has a vast network of hackers devoted to cyberwarfare against perceived enemies of the Stalinist state.
Jang Se-yul, who defected from North Korea seven years ago, told CNN that he thinks there are 1,800 cyberwarriors in the agency stationed around the world. But he says even the agents themselves don’t know how many others work for the secretive group, called Bureau 121, whose mission is to “conduct cyberattacks against overseas and enemy states.”
The South Korean government thinks Bureau 121 is the agency at the heart of numerous cyberattacks from North Korea against elements in foreign countries, a government official who requested to be anonymous told CNN on Thursday.
North Korea’s hacking capabilities have become a global talking point recently, after a massive hack of Sony Pictures — the studio behind “The Interview,” a comedy depicting the assassination of Pyongyang’s leader, Kim Jong Un. That was followed by warnings that the movie not be shown in theaters, something that’s a nonissue, for now, after Sony called off its planned release Wednesday.
U.S. investigators say an announcement blaming Pyongyang for this could come as soon as Thursday. North Korea’s government has denied responsibility for the crippling hack, even as its state news agency applauded it.
“The hacking into the SONY Pictures might be a righteous deed of the supporters and sympathizers with the DPRK,” KCNA reported.
Commenting generally on North Korea’s government hacking arsenal, Jang said he thinks the reclusive East Asian nation’s cyberwarfare is more real and more dangerous than the regime’s ability to launch a nuclear offensive — even if it is the latter that has contributed to expansive sanctions, other penalties and the country’s isolation on the world stage.
Said Jang, “This silent war — the cyberwar — has already begun without a single bullet fired.”
‘Dark Seoul’ hacks of banks, media companies
Whether or not it’s behind the Sony hack, South Korean intelligence thinks Bureau 121 has struck before, according to the government official.
South Korea has repeatedly accused the North of hacking attacks, including incidents in 2010 and 2012 that targeted banks and media organizations. Pyongyang has rejected the allegations.
The biggest case became known as “Dark Seoul,” a series of hacks between March and June 2013 that targeted South Korean banks and media companies. More than 48,000 computers were hit, infecting the companies’ computer networks with a malicious program, or malware, that slowed or shut down systems.
Seoul’s military ratcheted up its cyber-alert level in response, and an official South Korean investigation later pinned the blame for this attack on its northern neighbor, finding that many of the malignant codes employed in the attacks were similar to ones used by Pyongyang previously, said Lee Seung-won, an official at the South Korean Science Ministry.
A spokesman for the general staff of North Korea’s military called these allegations, which came at a time of heightened tensions between the two longtime rivals, “groundless” and “a deliberate provocation to push the situation on the Korean Peninsula to an extreme phase,” according to KCNA.
Analyst: North Korea ‘probably popping the champagne corks’
Assuming some of the allegations are well-founded, some might question how or why a country that’s so poor, with so few resources, would devote so much to cyberwarfare.
Jang, who says he is still in contact with at least one of Bureau 121’s members, says the answer is simple: “Raising cyberagents is fairly cheap.”
“The world has the wrong view of the North Korean state,” he adds. “With that incorrect world view, North Korea was able to increase its ability to launch cyberattacks.”
Jang attended North Korea’s military college for computer science, the University of Automation, and worked in information services for the government before defecting. He showed CNN reams of information he says was stolen by North Korean operatives from Bureau 121. The information taken from South Korean financial institutions, which Jang says he got from a Bureau 121 operation, appeared to list bank accounts, names and financial data.
The “Dark Seoul” hacks were harmful, but one analyst thinks that the Sony attack — if it’s indeed linked to North Korea — represents an escalation of tactics.
“I think we underestimated North Korea’s cybercapabilities,” said Victor Cha, director of Asian studies at Georgetown University. “They certainly didn’t evidence this sort of capability in the previous attacks.”
He called the Sony hack, and the studio’s decision to pull “The Interview,” “a big win” for Pyongyang.
“They got the U.S. government to admit that North Korea was the source of this, and there’s no (public) action plan … in response to it,” Cha said. “I think, from their perspective in Pyongyang, they’re probably popping the champagne corks.”