ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintIcon Twitter

Fog of cyberwar spurs virtual arms race on Korean peninsula

Hacking networks a threat to governments, economy

CANBERRA -- In Units 110 and 121 of North Korea's General Staff Reconnaissance Bureau, several thousand information technology experts are working on ways to disrupt the vital installations and systems of their enemy countries via the internet.

About 600 of the 1,800 staff in Unit 121 are dedicated to finding weaknesses in South Korea's computer systems to exploit in the event of war, according to defectors, according to Western cybersecurity experts.

They get plenty of practice in the meantime. North Korean state hackers were responsible for damaging attacks on South Korea's banks in 2013, and most alarmingly of all, on the country's nuclear power industry in December 2014, when they published the personnel files of 10,000 employees and the schematics of nuclear installations.

That attack, employing over 200 different sets of malware, did not penetrate the "air gap" between the nuclear administration and reactors in the 23 nuclear power plants themselves, Seoul officials later reported. But postmortems by South Korean security experts found alarming complacency and even fraudulent security audits in the industry. It has left fears of what might come.

"Concerns about a cyber Pearl Harbor are receding," said Greg Austin, a cybersecurity professor at the Australian Defense Force Academy in Canberra and New York's EastWest Institute. "But I think we should start to look at what a 'cyber Fukushima' or a 'cyber Twin Towers' looks like."

Blurred lines

Across Asia, governments are rushing to build up expertise to fight off cyber attacks, both for defense and offense. The region's military forces are being thrust into the front lines, even though cyberwarfare reaches behind conventional battlefields. "Threats are dynamic and state actors are determined adversaries capable of sabotaging whole economies," Austin says.

The May 12 launch of the ransomware WannaCry also shows the blurring of state and criminal activity that create a fog of cyberwar, aided by development of the virtual currency Bitcoin and the software Tor, which both confer anonymity on their users.

State cyber agencies also operate through hacking groups that are ostensibly criminal or at very least deliberately disruptive, to give deniability to attempts to break into target systems for the theft of official secrets or commercial intellectual property.

Russian hackers have attacked power grids and other public systems in Ukraine and the Baltic states. In 2013, China's People's Liberation Army was reported to be running a secret hacking group in Shanghai, Unit 61398, which had stolen data from 141 companies since 2007.

Cyber espionage and sabotage hide in a jungle of criminal and malicious activity. In its latest annual report on data breaches, the e-transaction software firm Verizon found 73% of cases were financially motivated, with banks the biggest target. Only 21% of cases involved espionage, usually with the intent of stealing research and development data or other trade secrets.

The WannaCry virus crisis, which infected some 230,000 computers in 100 countries in one day, was criminal in purpose: those targeted were told to pay $300 worth of Bitcoin in order to retrieve their lost data. It drew on hacking tools developed by the U.S. National Security Agency that were leaked the previous month by hackers calling themselves the Shadow Brokers. The cybersecurity firm Kaspersky Labs found similarities in the WannaCry code and methods that had been used earlier by Pyongyang's hackers.

Whether or not Pyongyang is behind WannaCry, the Korean peninsula is the "vortex" of global cyberwarfare, according to ADFA's Austin. He likened the situation to the Spanish Civil War of 1936-39, in which Nazi Germany, Mussolini's Italy and the Soviet Union tested weapons and tactics later used with wider, devastating effect in World War II.

As well as the North Korean military's Units 110 and 121, the Korean Workers' Party has some 2,000 personnel in its psychological operations Unit 204. Altogether, the regime has about 6,000 cyber warriors, some in "sleeper" cells in China, Southeast Asia, and South Korea, from where infamous hacking operations on South Korean banks and Japanese entertainment giant Sony originated, according to Western intelligence reports.

Several hundred of North Korea's cyber warriors are operating from northern China, among the ethnic Korean populations of Jilin and Liaoning provinces, "which indicates some forbearance from the Chinese," Austin noted.

That is presumably to enable a freedom of maneuver in cyberspace not possible in North Korea. The country's cyber system is a giant intranet, cut off from the rest of the world, except for a single and closely monitored portal in Pyongyang.

Return fire

Until recently, this cyber moat has enabled the North Koreans to concentrate on offensive operations, to disrupt their opponents, steal technical secrets or disguise purchases for their nuclear and missile programs, or to steal hard currency -- as in their suspected involvement in the fraudulent transfer of $81 million out of Bangladeshi foreign reserves in New York.

But in March this year, the New York Times suggested that U.S. intelligence agencies had found ways to mess with North Korea's missile tests beyond traditional "electronic warfare" or radio signal jamming. Somehow, the U.S. was able to penetrate computer systems that were not connected to the internet and insert malware that caused the missiles to blow up soon after launch.

If the U.S. can orchestrate cyber attacks on ballistic missiles before launch or in flight, this adds a new dimension to the Korean peninsula as a test-bed for future war. "We know the Russians and Chinese are watching closely," Austin said. "What the U.S. is doing in the Korean peninsula has a direct impact on strategic stability at the highest levels."

Essentially, believe some experts, a cyber competition is building up around the region in parallel with a conventional arms race. South Korea has some 4,000 uniformed personnel in its cybersecurity arm. Japan, Taiwan, and Singapore are also investing heavily in cyberwarfare capability. The Association of Southeast Asian Nations Regional Forum, a security consultation mechanism which includes both Korean states, has discussed ways of protecting fast-spreading threats like WannaCry.

Australia suffered little damage from WannaCry, but in 2015 hackers thought to be located in China inserted malware into the systems of its Bureau of Meteorology, which operate from supercomputers that provide services to many government agencies.

In its latest Defense White Paper, published in February 2016, the Australian government announced its defense organizations would be recruiting 1,700 new cyber specialists, and Prime Minister Malcolm Turnbull declared that Australia had the capability to mount offensive cyber operations if required.

Building up those capabilities pits government in a competition with the private sector for the top talent. Earlier this year, the Australian branch of Google revealed it was launching a sweeping search for the country's best and brightest hackers. Its high salaries and lack of onerous security clearances give it an advantage over Canberra's Australian Signals Directorate, which, like its U.S. counterpart the NSA, is spearheading the national cyberwarfare initiative.

Cyber warriors in Australia and elsewhere in the West have registered some glee in the fact that China, which has vexed U.S. allies like Australia over hacking, suffered possibly the worst disruption from the WannaCry worm. Within two days, China's National Computer Network Emergency Response Center confirmed that half the world's infected internet protocol addresses were in China, including universities, immigration checkpoints and oil stations among 30,000 affected institutions.

But specialists know that while governments can more easily get the resources and skills to protect their own systems, the running of economies depends on multiple private sector networks where these are lacking. "We are asking private citizens and companies to do rocket science," Austin said.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends October 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more