Platt Perspective on Business and Technology

Asking the fundamental questions when considering North Korea’s cyber-espionage and cyber-warfare capabilities

Posted in book recommendations, business and convergent technologies, in the News by Timothy Platt on December 22, 2014

I have written at least on occasion about North Korea in this blog, and in that regard cite my 2011 posting: Romania and North Korea – a brief tale of two generations, where I first raised the specter of North Korea’s cyber-espionage and cyber-warfare ambitions. I pick up on that discussion again here, in the immediate aftermath of Sony Pictures Entertainment deciding not to release a movie that they had just produced that was set to be premiered this coming Christmas day: a comedy called The Interview. This movie depicts an exclusive interview opportunity, in which a fatuous American TV journalist and his producer are invited by the North Korean government to meet with their leader, Kim Jong-un, at his specific request as he is one of their fans. And when the CIA learns of this, they bring in these near-journalists to persuade them to take this opportunity to assassinate him. They agree to do that and at the end of the movie, he is in fact violently killed. And this movie identifies the leader of North Korea who is to be killed in this movie by the real leader of North Korea’s real name and an actor was employed to play him who was made up to look a lot like him too.

Given North Korea’s history and what is known of their way of thinking, it is all but certain that the real Kim Jong-un and his government would assume that any movie like this could only be made at the behest of and under the supervision of a government in power – in this case the United States government. So the director and producer of this movie, and the executives of Sony Pictures Entertainment who signed off on making it, should have anticipated that this movie would in all probability be seen as a direct US government-originated threat to their leadership, and especially given the failure on the part of the United States to bring North Korea to abandon their nuclear weapons ambitions, among other points of friction between those countries.

Sony produced this movie and began heavily advertising it, and with advance notice that it was about assassinating Kim Jong-un by name. North Korea saw this as a direct threat of what was to come in reality. And elements of the North Korean military tasked with cyber-espionage and cyber-warfare were given a green light to carry out cyber-attacks against Sony Pictures Entertainment and its interests, hacking into its computer intranets and computers and copying and deleting emails, electronic file copies of movies that had been made but that were still awaiting release, draft material from movies that were still under production, personnel records and other sensitive files – deleting Sony’s copies of all of this from those computers where they could, while doing so. And they began publically releasing these files, starting with the confidential emails and business planning documents that they had gathered, with threats of doing more and worse if this movie were to be publically shown. They also explicitly threatened any movie theatres that agreed to show this movie, with “9/11-like attacks” if they did so. Large movie chains that had agreed to show this movie began pulling out of their contracts to do so on the grounds that fulfilling them and showing The Interview would put their employees and customers in direct and grave risk. And with that, Sony decided to pull this film from release and either in theatres or through any other channels (at least for now and through the immediate future.)

The US Federal Bureau of Investigation (FBI), acting as a point of contact for other intelligence gathering agencies and as spokesperson for them, has announced that they had clear and direct evidence that this hacking attack did in fact originate in North Korea. A back and forth exchange immediately began between Sony and American politicians and others, as to whether this film studio should or should not have bowed to this extortionate terrorist threat, rewarding North Korea by doing so and conveying a message that went global that such threats can and do succeed in the United States.

This posting, at least up to here, summarizes the bulk of this news story as it has been conveyed up to today: December 20, 2014 as I write this. But my reason for writing this posting is somewhat different than simply to repeat a news story that has already been covered. My goal here is to at least consider the Who and How side to this news story. And I begin that by making note of a detail that I have heard before and that I have recently read confirmation of.

I couch this observation in terms of a newly published window of insight into the hermit kingdom of North Korea:

• Kim, S. (2014) Without You, There Is No Us. Crown Publishers.

Suki Kim is a Korean American who had opportunity to teach English to 270 elite students at the Pyongyang University of Science and Technology (PUST) for six months. And she taught and in fact lived with these North Korean students for that entire time. PUST is among other things the first privately funded university in that country and was conceived and built as a joint venture between North and South Korea. But it is also one of the North’s premier technical universities and it is an educational stepping stone for those who would be advanced and both in Communist Party and government ranks. And that is where this narrative gets interesting. Kim met with and discussed a wide range of issues over this six months period, and quickly learned in the course of it that her students all knew that they were always being watched and reported on. So they had to be very circumspect in anything that they chose to tell her or say to each other. But they did not see any reason for concern in telling her that they knew about and used computers as basic tools in their study. And they were willing and even happy to tell her about how their university-provided computers were linked into a network system – a closed intranet system. And in the course of this, she learned that absolutely none of them had ever even heard of the existence of the globally-reaching internet, or of search engines or of any of the basic routine online resources that we all take for granted outside of the closed and insular world of their country. And this brings me to two pivotal questions:

• If even the technologically and socioeconomically elite of North Korea do not in general even know of the internet’s existence, how and where did that country find thousands of highly trained computer and internet systems hackers in their population, as would be needed to build and staff their proclaimed and acknowledged cyber-espionage and cyber-warfare capabilities?
• And how and where would they be trained in these skills and technologically supported in using them?

And this brings me back to the points I raised in my above-cited 2011 posting and to the crux of this late-2014 posting too: the patron and uncooperative protégé relationship that exists between China and North Korea.

North Korea has essentially no meaningful internet access or internet connected network resources. The computer networks they do have are essentially all locally situated intranets that do not connect with each other, let alone with the wider internet. But they do have a series of military-run cyber units that are specifically tasked with tracking and targeting current and potential foreign enemies. The top three entries on their list enemies in this regard are South Korea and Japan and their government and private sector computers and networks, and those of the United States. And their active cyber-espionage and ready cyber-warfare reach goes far beyond simply targeting online resources in those countries. Their enemies and potential enemies list has a global reach.

What are these operating cyber-units? There are at least three that have been actively involved in overt hacking attacks over the past several years, and attacks and intrusions of all sorts, with a great deal of emphasis on business intelligence gathering and on sabotaging business and at least non-military government networks and computers and both as vulnerability probing exercises and to inflict specific harm.

• Bureau 21, which specifically targets South Korea,
Bureau 121, which among other things is the likely direct source of the recent attacks against Sony over this movie, and serves as a key component of North Korea’s principle military intelligence agency (their General Bureau of Reconnaissance), and
• Bureau 225.

This is only a partial list, identifying units that have been firmly established as sources of specific attacks. Members of their technical staffs are drawn from a pool of their most politically reliable, technically educated citizens, such as graduates from their technical colleges and universities. They are primarily trained in China at established People’s Liberation Army (PLA) cyber-warfare training facilities, and in China’s own cyber-espionage and cyber-warfare units, though North Korea’s cyber-personnel also receive at least some of their training in Russia too. And a significant amount of their work is in fact carried out from China, giving them greater access to the internet and to advanced network technology than they could find in their own country. And this would also help them to mask who is behind their activities and particularly where North Korea’s own direct points of connection to the internet are so limited that use of them for this would be difficult to hide. China’s cyber-warfare and cyber-espionage facilities can and do connect out through a vast maze of IP addresses and anonymizer servers, and through numerous physical network links and they hide their activity in the vast flow of every-day online traffic going in and out of their country – which does not occur in or out of North Korea.

And that brings me back to the question that I at least implicitly left open when writing my above cited 2011 posting. China is North Korea’s patron, even if a reluctant one given North Korea’s willingness to take action that their Chinese allies would find awkward and embarrassing. But they do provide what is seen as a vital physical barrier between their own people and the South Koreans and these countries do share what both sides see as mutually beneficial history between them.

• In keeping with the basic tenor of my December 25, 2011 posting, does China see the recent events that I write of here as a readily deniable test of tools and principles that they would benefit from, and both from real world proof of principle validation of their technology, and from possible consequences from this in the West?
• Or do they see this as yet another example of how this problematical protégé state of theirs can be more of a problem than they are worth?

My basic guess here, and I admit I am surmising here when I state this, is that China and its leadership probably see elements of both in this, and with the second of these possibilities probably predominating here, as this type of technology proof of principle testing is not worth its readily anticipated costs.

What are the potential costs from this in the United States and I add in Japan, where the overall headquarters of Sony are located? They could easily include an increased level of attack and from new sources and directions on United States interests and on those of US allies – because Sony caved in here, proving that this type of attack can succeed, giving an attacker the reward that they seek to achieve from their actions. I leave that the possibilities that I just raised above as open questions, noting that I write this on December 20, 2014 – almost exactly three years after my first posting related to this complex of issues.

And I finish this posting with a final thought. North Korea itself has offered to help resolve where this attack came from – and with threats if they are not included in this effort. It would be foolish to accept their offer, but every reasonable effort should be made to enlist China’s help in that, and to actively engage with China in jointly reining in North Korea’s very active cyber-espionage and cyber-warfare programs. Quite simply, any positive benefits that China might seek to achieve from placating North Korea – including preventing massive waves of refugees from there, flooding into China, are outweighed by the costs of this patron and protégé relationship that they have already been paying, and that simply continue to rise.

You can find this posting and related at Ubiquitous Computing and Communications – everywhere all the time and at its Page 2 continuation. And I also include this in my In the News postings list.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: