North Korea's School for Hackers

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.wired.com/news/politics/0,1283,59043,00.html

By Brian McWilliams
June 02, 2003 

In North Korea's mountainous Hyungsan region, a military academy 
specializing in electronic warfare has been churning out 100 
cybersoldiers every year for nearly two decades. 

Graduates of the elite hacking program at Mirim College are skilled in 
everything from writing computer viruses to penetrating network 
defenses and programming weapon guidance systems. 

Or so South Korea's government would have the world believe. 

Since at least 1994, military and intelligence officials in Seoul have 
warned of the growing threat posed by the "infowar" academy to the 
north, which they say was founded in the 1980s and is also known as 
the Automated Warfare Institute. 

Most recently, South Korea's Defense Security Command raised the 
specter of Mirim at a cybersecurity seminar in mid-May, where a South 
Korean general noted that North Korea is "reinforcing its cyberterror 
capabilities." 

Yet Pentagon and State Department officials say they are unable to 
confirm South Korea's claims that Mirim or any other North Korean 
hacker academy even exists. 

And some U.S. defense experts accuse South Korea of hyping the cyber 
threat posed by its northern neighbor, which they claim is incapable 
of seriously disrupting the U.S. military. 

"The KPA (Korean People's Army) is still predominantly an analog and 
vacuum-tube force," said Alexandre Mansourov, a professor at the 
Pentagon's Asia-Pacific Center for Security Studies. "We tend to 
overestimate the level of information-technology expertise in the 
North Korean military, and South Korea is especially guilty of this." 

Representatives of South Korea's National Intelligence Service, as 
well as its Institute for Defense Analyses and Information Security 
Agency, did not respond to requests for more information about Mirim 
College or North Korea's information warfare capability. 

Outside North Korea little is known about secretive Pyongyang's 
current infowar prowess, according to John Pike, president of 
GlobalSecurity.org, which maintains an online guide to North Korea's 
military. 

But Pike said the militaristic nation, which spends much of its gross 
national product on defense, undoubtedly is working to digitize its 
military. 

"It's not the sort of thing that a spy satellite is going to pick up," 
said Pike. "But even if the DPRK (Democratic People's Republic of 
Korea) can't feed its own people, it's quite capable of developing and 
using the full spectrum of modern weaponry, including cyber." 

Indeed, the regime in North Korea would be grossly negligent if it 
failed to beef up its information warfare capability, according to 
Mansourov. Its adversary South Korea, one of the most wired nations in 
the world, makes no secret that preparing for infowar is a top 
military priority, he said. 

In its 2000 annual report, South Korea's Ministry of National Defense 
said a 5 percent budget increase was allocated mainly for projects 
such as "the buildup of the core capability needed for coping with 
advanced scientific and information warfare." 

The report also revealed that South Korea's military has 177 "computer 
training facilities" and had trained more than 200,000 "information 
technicians." 

Meanwhile, in North Korea the lack of basic necessities, such as a 
reliable electrical grid, presents huge obstacles to creating an 
information-technology infrastructure, according to Peter Hayes, 
executive director of the Nautilus Institute, which published a recent 
study of North Korea's IT aspirations. 

Trade sanctions -- not to mention North Korea's guiding philosophy of 
"juche," or self-reliance -- have further isolated the DPRK from the 
Internet and many technological advances, said Hayes. 

As a result, North Korea has been assigned only two "class C" blocks 
of Internet addresses, none of which currently appear active, 
according to data from the American Registry for Internet Numbers and 
Asia Pacific Network Information Centre. The DPRK's limited connection 
to the Internet reportedly comes from satellite links provided by a 
company in South Korea, and by land lines from China. 

Similarly, North Korea's designated top-level domain, .kp, never has 
been implemented. The nation has only a handful of websites -- the 
most sophisticated being an online gambling site -- none of which are 
hosted in North Korea. Servers in China and Japan host the sites. 

While Net surfing is available only to a privileged few of the 22 
million North Koreans, leader Kim Jong Il is said to be a big fan of 
information technology. The dictator surprised many when he asked 
Secretary of State Madeleine Albright for her e-mail address during a 
historic visit in 2000. 

Yet, despite being mostly disconnected from the Internet, North Korea 
reportedly has developed a vast intranet linking government offices 
throughout the country. 

The DPRK has software development expertise that is "competent, if not 
world class," according to Hayes. He notes that programmers in North 
Korea's Pyongyang Informatics Center have done contract work for local 
governments and businesses in Japan and South Korea to develop a wide 
variety of software. 

In fact, some in the Department of Defense have recently considered 
North Korea a viable infowar threat. In a 1997 Pentagon war game 
called "Eligible Receiver," National Security Agency computer 
specialists posed as North Korean hackers and reportedly were able to 
disrupt command-and-control elements of the U.S. Pacific Command. 

The following year, Pentagon adviser and Rand consultant John Arquilla 
concocted a fictional scenario, published in Wired magazine, of a 
global cyberwar engineered by -- whom else -- the North Koreans. 

In March 2001, a task force of the Defense Science Board concluded 
(PDF) that the Department of Defense was unable to defend itself "from 
an information operations attack by a sophisticated nation state 
adversary." 

Experts are split, however, on whether North Korea's hacker-soldiers 
currently pose a serious threat to the U.S. military. 

Should war occur on the Korean peninsula, a cyberattack by North Korea 
could disrupt the ability of U.S. troops to provide support, according 
to Arquilla. Such an attack would not necessarily emanate from North 
Korea's limited network. 

"There are many places around the world from which (North Korea) could 
conduct cyberwar, places that have all the connectivity needed, and 
more," said Arquilla. 

Arquilla said highly automated U.S. military processes, such as the 
"air tasking order" of an air campaign, or time-phased deployment of 
troops and equipment, could be disrupted by a North Korean 
cyberattack. 

"In such cases, the disruption of American combat operations and 
logistics could make a very substantial difference in the overall 
military campaign," said Arquilla. 

Mansourov, however, said North Korea is unlikely to be focusing its 
scarce IT resources on the development of a crew of hacker-soldiers. 

"The Chinese are very good at this and have the resources to do it. 
But I don't think the KPA spends its efforts there. They are more 
focused on development of missile guidance and C4i 
(command-and-control systems)," said Mansourov. 

Hayes said he believes North Korean hackers would not be able to 
create serious harm to the U.S. military's mission-critical systems, 
which are decentralized and largely insulated from the Internet. 

"I'm sure they can get into some systems at a low level and maybe 
divert some things," said Hayes. "But in the big picture, a few 
hackers are not going to stop the flow of American men and material in 
a major war in Korea." 

On the other hand, North Korea's highly centralized IT systems are 
prone to "amplifying and propagating bad military decisions" and are 
an easy target for physical attacks by smart bombs and other means, 
according to Hayes. 

As for South Korea's recent claim that Pyongyang is ready to create 
"cyberterror," a State Department representative said North Korea is 
not known to have sponsored any terrorist acts since 1987, when a 
Korean airliner was bombed in flight. 

Spokesman Lou Fintor said, however, that the State Department 
nonetheless remains "disappointed" with North Korea's response to 
international efforts to combat terrorism. 

While details of North Korea's infowar force are available only in 
fiction and propaganda, Arquilla is convinced that the country may 
have marshaled a world-class offensive infowar capability. 

"I believe that the North Koreans, whatever their limitations, have a 
capacity to think deeply and innovatively about military affairs," he 
said. "And what I have observed over the years convinces me that they 
are devoting considerable attention to cyberwar." 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.