May 27, 2017 2:00 pm JST

WannaCry shows how North's hackers can punch above their weight

Pyongyang's cyber troops thought to number 7,000

JIRO YOSHINO and SOTARO SUZUKI, Nikkei staff writer

North Korean leader Kim Jong Un, center, has an increasingly powerful cyberattack force at his disposal. © Reuters

TOKYO/SEOUL -- A growing mound of evidence links North Korea to a cyberattack that disabled computers around the world in recent weeks, a sign that even the isolated state's middling corps of hackers can do serious damage with access to more sophisticated tools.

On May 12, workers in Europe and elsewhere found their computers flashing a simple message: pay up, or lose your data. Malicious software known as WannaCry had encrypted files both on individual machines and network servers, demanding payment to unlock them. This so-called ransomware attack spread within days to at least 150 countries, bringing a number of businesses to a halt, suspending surgeries at British hospitals and taking down train ticket machines in Germany.

Cybersecurity experts worldwide began hunting for the perpetrator. Researchers have discovered "traces of attempts to obscure commonalities" with the malware used in the 2014 attack on Sony Pictures Entertainment, said Rintaro Kawai, head of the Japanese unit of Russian information security firm Kaspersky Lab.

The U.S. government holds North Korea responsible for the 2014 attack on the Sony subsidiary. Other firms such as Symantec of the U.S. also have unearthed a slew of similarities between the code for this month's malware and past programs apparently authored by North Korean hackers.

One name stands out: Lazarus, a hacker group with apparent links to North Korea's Reconnaissance General Bureau, the state's top intelligence agency involved in foreign operations. Lazarus was allegedly involved in last year's cyberattack theft of $81 million from Bangladesh's central bank. The reconnaissance bureau, or RGB, is thought to be behind the killing of Kim Jong Nam, half-brother of North Korean leader Kim Jong Un, earlier this year.

Only the best

Pyongyang's cyberwarfare program took off in 1998, when then-leader Kim Jong Il ordered the creation of "Unit 121" at the RGB. The North has plucked the best of the best from around the country to join this elite force, said Kim Heung Kwang, head of North Korea Intellectuals Solidarity, an organization of defectors from the North.

High-performing students are brought to Pyongyang for thorough training in information technology at dedicated schools, then move on to universities such as Hamheung Computer College, where Kim Heung Kwang formerly taught. Around 500 graduates are brought on as cyber soldiers annually, enlarging a corps now thought to number 7,000 strong.

Joining the cyber force opens doors normally closed to ordinary North Koreans. Members enjoy posh apartments, order any books or computers they want and may even travel abroad to hone their skills. Those at the top of their class can bring their families to Pyongyang and gain membership in the ruling Workers' Party.

When the time comes for an attack, programmers split into groups -- systems analysis, cryptographic processing and the like -- and fan out, heading to internet cafes in northeastern Chinese cities such as Dandong, Shenyang, Changchun and Qingdao. Some travel to countries such as Malaysia, in the guise of migrant workers.

Poor man's weapon

Experts often view North Korea's cyberattack capability as being in the middle of the pack, behind the U.S. and China and on par with Iran. The ransomware in the recent attack was likely developed by someone of below-average skill, said Symantec's Vikram Thakur.

But tools that circulate among cybercrime groups can make up for an organization's lack of development prowess. Software developed by the U.S. National Security Agency and leaked on the internet enabled WannaCry to spread rapidly this time.

Many North Korean-linked attacks appear motivated by a desire to earn foreign currency, as international economic sanctions imposed over Pyongyang's nuclear weapons and missile development have cut off other sources of income. The cyberwarfare unit also produces software for IT devices and appliances on a contract basis, masquerading as companies in China and elsewhere.

North Korea is ruled by a dictator with little apparent regard for the international community's norms. Computer experts liken the country's cyberattacks, which occur at the whim of Kim Jong Un, to other facets of its diplomatic brinksmanship. The latest operation shows such attacks can have heavy social impacts. Pyongyang may reach for this poor man's weapon again, if the regime considers it sufficiently disruptive.

Sony Corp.

Japan

Market(Ticker): TKS(6758)
Sector:
Industry:
Consumer Durables
Electronics/Appliances
Market cap(USD): 51,252.02M
Shares: 1,264.36M

Get Insights on Asia In Your Inbox

To read the full story, Subscribe or Log in

Get your first month for $0.99

Redeemable only through the Subscribe button below

Once subscribed, you can…

  • Read all stories with unlimited access (5 articles per month without subscription)
  • Use our smartphone and tablet apps

To read the full story, Subscribe or Log in

3 months for $9
SUBSCRIBE TODAY

Take advantage of this limited offer.
Subscribe now to get unlimited access to all articles.

To read the full story, Update your account

We could not renew your subscription.
You need to update your payment information.

To read the full story, Subscribe or Log in

Once subscribed, you can…

  • Read all stories with unlimited access (5 articles per month without subscription)
  • Use our smartphone and tablet apps

To read the full story, Subscribe or Log in

3 months for $9
SUBSCRIBE TODAY

Take advantage of this limited offer.
Subscribe now to get unlimited access to all articles.

To read the full story, Update your account

We could not renew your subscription.
You need to update your payment information.