It is commonly believed that in recent years North Korea has adopted a unique strategy and position in the field of international relations, acting irrationally and demonstrating an unreliable profile to the international community. The fact that North Korea possesses at least 30 warheads in its nuclear arsenal, along with its behaviour, causes disturbing thoughts regarding the expected decisions and capabilities. Besides that, imagine that such a country can operate in a different domain, which is cheaper, more direct, anonymous and less possible to induce physical harm. This is the case of DPRK, where the internet accessibility is extremely limited and monitored by the regime. Despite that, the country has established cyber operations as one of its primary means of intelligence collection procedures, starting from the late 2000’s, with cyber operations mostly against South Korea. Even Kim Jong Un stated that “Cyber warfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our military’s capability to strike relentlessly”.
Since the first cyber attack in 2009, the cyber capabilities of DPRK have been improved and adapted to the strategic goals of the country, initiating with operations of espionage and information gathering, and gradually moving to attacks for financial gain. During the period 2009-2013, the primary motive was the disruption of opponents’ critical infrastructures, such as presidential offices, ministries, national banks, national intelligence agencies, major financial institutions and media. The operations were held with the use of the Distributed Denial of Services (DDoS) attacks, inflicting an excessive amount of information to a computer network from many different computers, leading to temporary paralysis of the network itself. Such major attacks were the “4th of July” in 2009, the “Ten Days of Rain” in 2011, and the “Dark Seoul” in 2013. It was the beginning of a comprehensive approach to the national strategy, as for the first time the regime enhanced the existing doctrine with the cyber capabilities, supporting thus the overall aggressiveness of the second nuclear test.
From 2013 to 2016, DPRK demonstrated an even improved application of cyber technology, by conducting operations of cyber espionage. The country was always keen on espionage operations in order to extract information from the rivals, but now has evolved its traditional means, using mostly cyber procedures. The information that the regime managed to collect during these years have significant value, among them the details and documents about the reactor designs and manuals of South Korea’s power plant operator, in 2014. In 2016, the operations got even further, as they turned to mobile technology and compromised up to 60 classified documents, containing vital information, from the personal mobile phones of several South Korean officials.
The most recent strategic objective of the DPRK in the cyber domain is financial gain. This transition took place due to the financial sanctions, which were posed to North Korea by the United Nations Security Council (UNSC) resolutions as a retaliatory measure to its nuclear weapons program. Even China, the most significant supporter of North Korea, seems to agree with the measures. The solution was found through cyber attacks, mostly focused on crypto-currency exchange institutions in 2017 and 2018. A lot of financial institutions from many countries have been targeted, such as Vietnam, Bangladesh, Poland, Turkey, Mexico and Chile among others. Ultimately, such operations proved crucial against the financial pressure of the sanctions, as well as for the maintenance of the Byungjin line[1] and the survival of the country itself.
Why cyber attacks?
The nature of the cyber domain provides advantages that fit perfectly with DPRK’s national strategy of asymmetric tactics. The low-intensity strikes of cyber attacks prevent a possible escalation and therefore mitigate the risk of retaliation from the adversaries. Using cyber attacks can be extremely efficient, especially when dealing with countries with low cybersecurity systems or high cyberdependance, as the DDoS attack demonstrated in Estonia, when the state suffered from temporary malfunction, due to the fact that the governmental services operated primarily in digital form. The restricted internet accessibility in DPRK protects the regime from possible cyber attacks against it. Thus, maintaining low-intensity strikes facilitates the operations. Choosing to engage directly in a military conflict may cause catastrophic consequences. Moreover, the cost of a cyber operation is relatively low compared to a traditional kinetic one, both in terms of funds and personnel. The requirements in cyber attacks are minimum, restricted to the pressing of some buttons, opposed to kinetic operations where the soldiers must be adequately trained, carrying special equipment and ammunition. Another difference between cyber and kinetic operations is the element of unpredictability and surprise, through mutability and inconsistency. In the real world a bullet will cross a specific route, operating in a more predictable way than a cyber weapon, where the attack may be held differently every time, due to the variety of software and hardware factors influencing the procedure. Last but not least, one of the most challenging issues in cyberspace is attribution. This characteristic provides anonymity and promotes deniability, as it is extremely difficult to determine the attacker.
Considering the benefits of cyberspace along with North Korea’s national strategy, it seems certain that the regime will continue to invest in the application of even sophisticated techniques. The facts so far are quite promising for DPRK, as it succeeds in both financial and information acquisition aspects. The question is how the international community, and especially the targeted countries, will respond to this behaviour. Currently, there are no universally accepted and legally binding laws of cyber warfare, and thus the only rational way to respond is through sharing information and know-how. Investing in resilience by creating more defensive layers or establishing a computer emergency response team, could prevent the access in critical documents. It is essential to understand that know-how arises from cooperation, both on a multilateral and bilateral level, by sharing common experiences and ideas. Technology is constantly evolving and cyberspace favors the attacking parties over the defending ones. North Korea is an irrational state actor and it will continue to be one, unless we neutralise its sophisticated cyber capabilities through equally efficient cyber security measures.
References
- Arms Control Association. (2020, August). Nuclear Weapons: Who has what at a Glance. https://www.armscontrol.org/factsheets/Nuclearweaponswhohaswhat
- Atlantic Council. (2020, May). Loose Cobras: DPRK regime succession and uncertain control over offensive cyber capabilities.
- Boland, H. (2018, December 28). Hackers stole personal data on 1000 North Korean defectors. The Telegraph. https://www.telegraph.co.uk/technology/2018/12/28/hackers-stole-personal-data-1000-north-korean-defectors/
- Boo, H. (2017, Spring/Summer). An Assessment of North Korean Cyber Threats. The Journal of East Affairs, Vol.31(No.1), pp. 97-117.
- Chanlett-Avery, E., Rosen, L. W., Rollins, J. W., & Theohary, C. A. (2017). North Korean Cyber Capabilities: In Brief. Congressional Research Service.
- Diotte, P. (2020, September 23). The Big Four and Cyber Espionage: How China, Russia, Iran and North Korea Spy Online. National Defense and the Canadian Armed Forces. http://www.journal.forces.gc.ca/Vol20/No4/page32-eng.asp
- Ha, M., & Maxwell, M. (2018, October 3). Kim Jong Un’s “All Purpose Sword”: North Korean Cyber Enabled Economic Warfare. The Foundation for Defense of Democracies: FDD. https://www.fdd.org/analysis/2018/10/03/kim-jong-uns-all-purpose-sword/
- Herzog, S. (2011, Summer). Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses. Journal of Strategic Security, Vol. 4(No. 2), pp. 49-60.
- Jun, J., LaFoy, S., & Sohn, E. (2015). North Korea’s Cyber Operations. Center for Strategic & International Studies (CSIS).
- Kong, K. (2017, October 31). North Korea Hacks South Korean Warship Blueprints, Report Says. Bloomberg.
- Kyeong-eop, L. (2018, October 4). N.Korean Hackers Steal Hundreds of Millions of Dollars. The Chosunilbo. http://english.chosun.com/site/data/html_dir/2018/10/04/2018100400891.html
- Martin, D. M. (2015). Tracing the Lineage of DarkSeoul. Global Information Assurance Certification Paper.
- Parks, R. C., & Duggan, D. P. (2011, September 26). Principles of Cyber Warfare. IEEE Security & Privacy, Vol. 9(No. 5), pp. 30-35. DOI: 10.1109/MSP.2011.138
- Sherstobitoff, R., Liba, I., & Walter, J. (2018). Dissecting Operation Troy: Cyber espionage in South Korea. Santa Clara CA: McAfee.
- Stent, D. (2018, September). The Great Cyber Game. New Zealand International Review, Vol. 43(No.5).
- Woo Kim, C., & Polito, C. (2019, February 19). The Evolution of North Korean Cyber Threats. Asan Institute for Policy Studies.
[1] A two-track policy of economic and nuclear weapons development
By The European Institute for International Law and International Relations.