05.05.2015 Author: Konstantin Asmolov

Elaborating on the issue of “North Korean hackers”

10-29_n_korea_cyber_attackFight against North Korean cyber threats benefited from a series of significant events. First and foremost, the Sony pictures documents that were leaked, stolen by hackers in November 2014 in anticipation of the release of the “The Interview” film at the end of the last year. WikiLeaks have recently published these documents and it is normal for experts and unexpected for supporters to argue about the Pyongyang hackers. There are more than 20,2 thousand SPE documents published on the site, more than 173 thousand emails and more than 2,2 thousand email addresses, including email addresses of the US government employees.

There is quite a lot of interest, as is pointed out in the preface of the documents, as Sony is not only busy with the production of entertainment content: the company “has ties with the White House and with the US military-industrial complex” (there are more than 100 email addresses of the US government in the archives). Wikileaks believes that the corporation is lobbying the Motion Picture Association of America (MPAA) on issues related to copyright, Internet policy, piracy and trade agreements. Published correspondence show that company representatives not only discussed these topics with the MPAA but directly with politicians as well. It also demonstrates Sony’s close ties with the Democratic Party of the United States. Specifically, Sony’s CEO Michael Lynton dined with the US President Barack Obama.

It seems to the writer that in conjunction with the fact that “the company’s work has been paralysed since the Intranet has been disabled” it is more than obvious that the attack on internal network of the company was an inside job rather than the fantastic capabilities of the North Korean hackers that miraculously were able to penetrate computers that are not linked to the Internet. And Wikileaks the source of the leak, not particularly friendly to North Korea, also says that North Korean authorities were not involved in the hacking.

So what happens now? Either it is necessary to recognize, that “a mistake was made” and to revoke the so very effective sanctions against the Democratic People’s Republic of Korea brought in response to the charge of cyber attack. Or it will soon “become clear” that the entire WikiLeaks project is associated with North Korea and it will become a new pretext for tightening the screws in the particular industry. Or a blind eye will be turned on this discrepancy and information will be displaced with new “sensational” evidence about the North Korean hackers.

It seems that the third assumption is correct. After all, “Pyongyang conducts about 1000 cyber attacks by hackers based in China and countries in South-East Asia. They were sent to these regions under the guise of ordinary workers working for foreign currency”. This is what is written in the paper of the head of the innovation department of the State Institute of Safety Issues Kim Ying-zhong, submitted on March 31, 2015 at a scientific conference – North Korean cyber threat and response strategy. It turns out that North Korea sent its information and communication technologies specialists to China, Malaysia, Cambodia and other countries in the region. They work in software development and administration of various sites, but they carry out cyber attacks on specified targets in the event of receiving orders from Pyongyang. At present, as stated by Kim Ying-zhong, they are focused on industrial targets of South Korea, the disruption of which can cause disturbance in society. Furthermore, under the leadership of North Korea’s military and Workers’ Party there are seven organizations of 1,700 hackers, plus there are already13 companies, employing approximately 4,200 employees working in this field in North Korea.

So what more can be said? North Korean seasonal workers doing menial work in China will be very surprised to learn that they are also hackers. The attacks on industrial facilities either tend to be as a result of non-compliance with safety or retaliation of laid-off employees but as we already wrote “it is one thing to demonstrate their own carelessness to the public at large and quite another to fall victim to the secret computer services of a terrible totalitarian regime“.

But on the other hand it is possible to make money with impunity and inflate bureaucracy with such cyber threats. The South Korean government announced plans on March 17, 2015 to create a unified information security system. And a fifth Secretariat was created within the management structure of national security of the Administration of the South Korean President that will deal with issues of cybersecurity as a coordinating body. The decision was made during a meeting of the South Korean administration in regards to reviewing the management structure of national security. The new body will seek to prevent incidents such as hacker attacks on hydro-and nuclear power Korean corporation network sites.

As the South Korean media reports, “the level of cyber threats from North Korea is much higher than from the United States, Russia, China and Israel. Add the cyber threat to the North Korean nuclear threat and it needs to be effectively opposed in the best tradition of “powder of blue flying crocodiles”. Buying expensive powder helps, you don’t see any flying crocodiles now do you? And if another North Korean attack, trumpeted by the media, was not from North Korea, then who will remember it a year later when “all that has remained is sediment”?!

Konstantin Asmolov, candidate of historical sciences, senior researcher at the Institute of Oriental Studies of the Russian Academy of Sciences, exclusively for the online magazine “New Eastern Outlook”.