TOM LEONARD: How North Korea’s elite cyber-attackers are wreaking havoc across the world

The boys are still in primary school when they are picked out as their country’s future warrior elite. The recruiters, however, aren’t looking for playground bullies or sporting champions, but those who come top of their class in maths and science. This is a different kind of soldier.

Those with the right talents are whisked off to the capital city for hothousing in intensely selective schools, where they access technology beyond the wildest dreams of their peers.

Further training follows at specialist universities or a purpose-built secret military college hidden in the mountains. Then the soldiers are ready to be unleashed on their country’s enemies.

Their country is North Korea, and this elite army — said to be at least 7,000 strong — is composed of computer hackers, dedicated not only to spreading chaos and confusion among the brutal regime’s enemies but also, through theft and extortion, to adding billions of dollars to their country’s coffers. 

It seems fantastical that a place so backward and repressive that its farmers still work the fields by hand, and most people can’t even access a computer, can produce some of the world’s most proficient hackers.

However, as was laid bare in an alarming report last month in the New Yorker magazine, it’s just that sort of assumption that encouraged the West to ignore warning bells for years.

North Korean Leader Kim Jong-un speaks during the Russia – North Korea Summit in April 2019

Under successive leaders who quickly recognised the internet as one area where they could even the odds against opponents’ conventionally superior global forces, North Korea has been diligently building an army of what it calls ‘information soldiers’, who can hack into places that are supposedly impregnable.

And its efforts are paying off. State-endorsed hacking outfits — using pseudonyms such as the Lazarus Group, the Shadow Brokers and Hidden Cobra — are breaking into everything from international TV stations and Hollywood studios to banks and hospitals, freezing their computer systems and stealing their secrets.

UK victims have ranged from the NHS to a TV production company planning to make a drama about a British nuclear scientist held hostage in North Korea.

The hackers are highly unpredictable and, more importantly, unconcerned about being identified — which makes them particularly dangerous. Why should they worry, after all, when they operate from deep within a pariah state that funds, trains and rewards them generously for their work?

Politicians and security experts have been warning for years about the rising dangers of cyber attacks.

When hackers could cripple a country’s entire power supply or other essential services, we need to stop thinking about wars as struggles between conventional armed forces.

The U.S. was reminded of this bleak reality this week, when a cyber criminal gang called DarkSide — thought to be Russian — took offline a major fuel pipeline carrying almost half of the East Coast’s supply of petrol, diesel and jet fuel, causing chaos.

And although Russia has so far attracted the most notoriety for hacking — hijacking anything from the 2016 presidential election to a Florida water treatment plant — former U.S. Secretary of State Mike Pompeo surprised many when he insisted last year that China and North Korea posed a greater threat.

Indeed, according to the New Yorker report, hackers have conducted operations in more than 150 countries, and experts who have analysed malicious North Korean computer code have identified at least 1,100 different people as having written it. Experts are confident all the hackers are men — a reflection of the male-dominated society.

What makes North Korea’s operation unique among other governments that sponsor illicit hacking, including Moscow and Beijing, is that it doesn’t do it primarily for political or intelligence reasons — but for money.

The impoverished, sanctions-racked international outcast has long relied on crime, such as producing illegal drugs and wildlife trafficking, to supplement its feeble foreign currency reserves. Now, cyber bank theft has become a significant weapon in the arsenal of North Korean hackers.

John Demers, assistant attorney general at the U.S. Department of Justice, says North Korea’s hackers ‘have become the world’s leading bank robbers’.

The New Yorker illustrated this by describing how, in 2016, the North Koreans enlisted the help of Japanese organised crime, the Yakuza, to take $16 million from cash machines inside Japanese branches of the 7-Eleven store chain.

Each Yakuza member was given a plain white credit card and a PIN and told that for three hours on a particular morning they could withdraw the equivalent of $900 at a time, making no more than 19 transactions per machine. The money came from a South African bank whose data had been hacked by the North Koreans.

Recently, an even more lucrative target for them has been Bitcoin, the heavily hyped cryptocurrency which, for all its supposed benefits, is frighteningly vulnerable to online theft.

The hackers adopt fake or stolen identities to trick Bitcoin owners into downloading a ransomware virus which allows the hackers to take control of the computer systems.

In February, the U.S. revealed charges against three North Koreans accused of conspiring to steal and extort more than $1.3 billion in cash and cryptocurrency from banks and businesses around the world. It is estimated that North Korean hackers have actually stolen at least $1.75 billion in digital currency alone — the equivalent of 10 per cent of the country’s defence budget.

A 2019 United Nations report estimated that North Korea had already been able to spend at least $2 billion from the proceeds of cybercrime on weapons.

Last month, a UN report said North Korean hackers are now extending their money-making activities to stealing military secrets, which they can then sell. But this is not a new threat. South Korea has been warning for decades that its militaristic and aggressive northern neighbour was building a cyber army.

As long ago as 2003, reports claimed the existence of a shadowy military academy called Mirim College, located deep in the mountainous Hyungsan region — and originally set up with support from the Soviet Union — which had been churning out 100 cyber soldiers every year since the 1980s.

At the time, a South Korean expert claimed the hackers were already on a par with the CIA in their capabilities. Defectors say the training programme began in earnest in 1996, when computers started appearing in elite North Korean schools. The smartest pupils were later sent for two years’ additional training in China and Russia.

Some would go further afield, even to Europe, where they would pose as ordinary students and gather useful information.

To the envy of fellow North Koreans, they returned with foreign clothes and electronic gadgets like cameras and rice cookers.

However, the U.S. could find no evidence that Mirim or any hacker school existed in North Korea, prompting defence experts to dismiss South Korea’s astonishing claims as propaganda.

North Korean leader Kim Jong Un addresses a conference of cell secretaries of the ruling Workers' Party in Pyongyang last month

North Korean leader Kim Jong Un addresses a conference of cell secretaries of the ruling Workers’ Party in Pyongyang last month

Suffice to say, nobody is scoffing now. North Korea’s leaders had been quick to see the threat the internet posed to their authority, and they decided they had to find a way to control and exploit it.

Kim Jong-il — the present leader’s late father — once said: ‘If the internet is like a gun, cyber attacks are like atomic bombs.’ Now, North Korea runs a slick operation, hothousing its hackers in the same way the Soviet bloc once did with Olympic athletes.

Two elite schools in the capital feed a clutch of specialist technology universities and academies.

According to reports from North Korean defectors, over five to ten years of study at these institutions hackers are taught highly complex skills such as writing computer viruses, programming weapons guidance systems and disabling enemy command and communications systems.

The very best students compete in international maths and computer programming competitions, where they often beat the best universities in the UK and U.S. However, unlike the British and American maths whizzkids who can expect illustrious careers in Silicon Valley, their North Korean peers are compelled to put their talents to use in state-endorsed hacking.

Most of the work is done by the North Korean army’s Reconnaissance General Bureau, where sub-departments bear ominous titles such as the Enemy Collapse Sabotage Bureau.

North Korea is prone to power cuts and its internet connections are limited, so some hackers are based in China and other parts of South East Asia.

However, the most serious work is done from Pyongyang, where there is no risk of the hackers being apprehended, and where Kim Jong-un’s paranoid government can keep a close eye on their work. They are rewarded with luxuries denied to other citizens — cars, comfortable homes in the capital and ‘Kim Jong-un’s Special Gifts’ such as extra food.

It has been claimed that, as an added incentive, they can even earn 10 per cent of the cryptocurrency they manage to steal —although they wouldn’t find much to spend it on in North Korea.

The communist hold-out boasts of its founding principle of juche, or self-reliance, but it accepts help when it comes to hacking.

U.S. officials say it’s no coincidence that Russia and China have never been targets of North Korea’s financial cybercrime as both provide technical assistance, supplementing its otherwise feeble digital infrastructure.

Pyongyang has been stepping up its cybercrime activities. In 2017, North Korea was blamed after a huge ransomware virus called WannaCry swept through 150 countries and hit at least 200,000 targets, from Australian railways to French car plants, all of whose computer systems suddenly froze, replaced by ransom demands to be paid in Bitcoin.

The most alarming target, however, was Britain’s NHS, where some 600 organisations within it were affected.

Thankfully nobody died, but that may be only because Marcus Hutchins, a 22-year-old English hacker and cyber security researcher sitting in his bedroom at his parents’ home in Devon, managed to activate a ‘kill switch’, preventing further computers from becoming infected.

The Government said the attack cost the NHS £92 million, with 19,000 appointments cancelled.

And WannaCry wasn’t the first major cyber raid conducted by North Korea. In 2014, the world’s biggest entertainment giant, Sony, was brought to its knees, causing huge embarrassment in Hollywood as thousands of internal emails were made public.

Its chairman, Amy Pascal, lost her job after being caught suggesting that President Obama would naturally be keen on films about slavery.

Also in 2014, British TV production company Mammoth Screen was targeted by the North Koreans after Channel 4 announced it was making Opposite Number, a ‘bold and provocative’ drama series about a British scientist taken prisoner in North Korea.

Pyongyang described it as a ‘slanderous farce’. Its hackers caused no real damage, but huge alarm at the company. (The series was later shelved, reportedly over funding issues.)

In early 2015, North Korea’s hackers struck again, this time targeting Bangladesh’s central bank, swindling it out of more than $100 million.

In 2016, South Korea was humiliated when Pyongyang even managed to hack its top-secret plans for what to do if they went to war, which included assassinating Kim Jong-un.

Last month, Jeremy Fleming, head of GCHQ, warned that the West is faced with a ‘moment of reckoning’ over technology and security, as Britain faces rivals in cyberspace ‘who don’t share our values or follow the rules’.

Nowhere fits that description better than North Korea.

Source link

Related Articles

Back to top button