ArrowArtboardCreated with Sketch.Title ChevronCrossEye IconFacebook IconIcon FacebookGoogle Plus IconLayer 1InstagramCreated with Sketch.Linkedin IconIcon LinkedinShapeCreated with Sketch.Icon Mail ContactPath LayerIcon MailMenu BurgerIcon Opinion QuotePositive ArrowIcon PrintRSS IconIcon SearchSite TitleTitle ChevronTwitter IconIcon TwitterYoutube Icon

US and North Korea take their jousting into cyberspace

As Trump orders DDoS attacks, Pyongyang gains new net lifeline via Russia

Technicians watch electronic monitoring boards for possible ransomware attacks at the Korea Internet and Security Agency in Seoul on May 15.   © AP

WASHINGTON/MOSCOW -- Cyberwarfare between the U.S. and North Korea is escalating, including the use of military capabilities, according to U.S. media and other reports.

The U.S. military has reportedly conducted cyberattacks under a directive from President Donald Trump aimed at impeding North Korea's access to the internet.

Pyongyang responded to the attacks by routing some of its net connections through Russia, starting in October, adding to its existing access via China. That will make it harder for the U.S. to block North Korea's internet access, raising concern that Pyongyang may step up its own cyberattacks against the U.S.

According to a report in the online edition of The Washington Post, Trump signed a directive to strengthen the U.S. military's cyberattack capabilities to increase pressure on North Korea. The U.S. Cyber Command staged distributed denial of service (DDosS) attacks against the North, in which computers flood servers with traffic to paralyze them. The servers targeted are used by the North's spy agency, the Reconnaissance General Bureau of the Ministry of the People's Armed Forces, according to reports. The attacks were reportedly halted when the directive expired at the end of September.

A website devoted to analyzing North Korea at Johns Hopkins University in Maryland, 38 North, discovered on Sunday that Pyongyang has responded by using a new internet connection set up through TransTelekom, a Russian telecommunications company owned by Russia's state-run railway operator, Russian Railways.

TransTelekom has optical fiber lines along rail lines operated by its parent. The new internet connection may have been established via a railway bridge over the Tumen River, which marks the border between North Korea and Russia.

U.S. soldiers with the 561st Network Operations Squadron talk at Petersen Air Force Base in Colorado Springs, Colorado on July 20, 2015.   © Reuters

On Tuesday, TransTelekom confirmed to The Nikkei that the new internet connection has been set up, saying U.N. sanctions adopted on Sept. 11 do not include telecom services. The Russian company also said it has the right under its contract with North Korea to unilaterally terminate the service if Pyongyang uses it for illegitimate purposes, such as computer hacks.

In 2010, North Korea began using China United Network Communications Group, a Chinese state-run telecom operator also known as China Unicom, for internet access. According to Reuters, 60% of North Korea's access is already directed through Russia, with the rest provided by China.

The North Korean spy agency has a cyberunit as well as a bureau in China. It reportedly staged cyberattacks on Sony's filmmaking subsidiary in the U.S. in 2014, and the theft of $81 million from Bangladesh's central bank in 2016.

The agency is also suspected of involvement in a global ransomware attack in May that targeted the U.K.'s National Health Service and others. That attack may have been designed to snatch foreign currency, specifically bitcoin, a global cryptocurrency.

In line with the Sept. 11 U.N. sanctions, China has stepped up its economic pressure on North Korea, restricting oil exports, banning textile imports and halting financial services to North Korean individuals and companies through major Chinese banks.

North Korea may have turned to the Russian telecom operator to lessen its reliance on China and widen its cyberattack options.

The Trump administration's cyberattacks aimed at choking off North Korea's internet access may now become more difficult, according to Bryce Boland, chief technology officer for the Asia-Pacific at American cybersecurity company Fire Eye.

Get unique insights on Asia, the most dynamic market in the world.

Offer ends September 30th

You have {{numberReadArticles}} FREE ARTICLE{{numberReadArticles-plural}} left this month

Subscribe to get unlimited access to all articles.

Get unlimited access
NAR site on phone, device, tablet

{{sentenceStarter}} {{numberReadArticles}} free article{{numberReadArticles-plural}} this month

Stay ahead with our exclusives on Asia; the most dynamic market in the world.

Benefit from in-depth journalism from trusted experts within Asia itself.

Try 3 months for $9

Offer ends September 30th

Your trial period has expired

You need a subscription to...

See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

See all offers
NAR on print phone, device, and tablet media