Platt Perspective on Business and Technology

Asking the fundamental questions when considering North Korea’s cyber-espionage and cyber-warfare capabilities 2

Posted in business and convergent technologies, in the News by Timothy Platt on December 24, 2014

Two days ago I posted an immediate-release news piece about North Korea and their cyber-espionage attack on Sony Pictures Entertainment for producing and planning on releasing a new comedy movie about them: The Interview. I was not planning on following through on it with a continuation posting this quickly, but decided to do so given the pace and nature of unfolding events.

Within 24 hours of the initial attack against Sony, President Obama gave warning that the United States saw it as a direct attack on American interests by the government of North Korea – and even if they acted through a group that identified itself as the Guardians of Peace as if this had been carried out by a privately organized and run hacker group. And Obama promised that the United States would meet this challenge with a “proportionate response.” Then within the next 24 hours, all of North Korea’s fixed-place internet capabilities went down and off-line.

I noted in my earlier posting that “North Korea has essentially no meaningful internet access or internet connected network resources.” They have in fact been maintaining four networking links to the internet, with all of them routed through China in order to connect into it. All four of these lines of connection are government owned and are primarily maintained and used by the cyber-units of their Korean People’s Army. I noted what little I know about these specific units and particularly their Bureau 21 and Bureau 121 in my December 22, 2014 posting. Perhaps as many as 2,000 individuals have had supervised, directly monitored and controlled online access through these links. And they have primarily if not exclusively been afforded this internet access in order to carry out their military service duties. Such personnel are carefully selected for their political reliability and stringently monitored to make sure that they live up to this trust.

By comparison, the United States and its citizens and business communities have access to over 152,000 direct connections into the overall internet and its core backbone network and with even the more modest of these lines of connection offering wider bandwidth than could be found in any intranet in North Korea, or in its set of four cabled points of outside connection that run through China.

Put somewhat differently, North Korea currently, as of this writing has 1024 registered IP addresses, and the United States has many billions of them.

I add that there is also significant evidence that North Korean cyber-espionage and cyber-warfare units also connect into the internet wirelessly for at least a portion of their online activities. In this, they locate facilities in strategic sites in their country, near their borders with China and with South Korea. More specifically, they chose operational sites for this where they can deploy at an elevation high point with unobstructed views across these borders. And they select them for their proximity to Wi-Fi hotspots and wireless routers that are not security protected from unauthorized outside use. And they do this both to gain additional pathways into the internet and with a goal of masking who is carrying out their activities by linking what they do to foreign IP addresses. And yes, they intentionally seek to make their cyber-espionage activities seem to come from China – their one and only real friend and their supportive patron. So saying that the North Koreans have been maintaining four points of connection into the internet as a whole, is misleading and underestimating.

The important issue here is that those cable-connected internet links were knocked off-line with slow-downs that turned into full stoppages of service. Who did this? It is certain that at least officially, the North Korean government will blame the United States and entirely so. But I would argue that the Chinese have significant reason to want to warn their smaller neighbor if nothing else, that they cannot take this type of cyber-military action with impunity. Agencies in the United States certainly have the technical capability to turn off internet connectivity for as limited a system as North Korea has, with its four fixed target network links. But it would be even easier for the Chinese to do this, as all they would have to do is make some minor adjustments in their own internet routers, where those North Korean cables cross their border and connect into their systems.

Who did this? What will the North Koreans do in retaliation? I am not going to even try to answer the first of these questions, simply adding that there are a number of possibilities, including joint effort scenarios that readily come to mind. What will North Korea do next? I fully expect to see more of the terabytes of material that were taken from Sony to be publically released as they are an easy target for that. I would not be surprised to see their Bureau 21 stepping up its already active attack campaigns against South Korea – simply because they do that. And I would expect further direct attack attempts against the United States government and the US private sector too, as a stepped up continuation of their activity against the United States that has been ongoing anyway.

I offer this as a news story update, noting that I will probably come back to it again, if not as quickly. Meanwhile, you can find this posting and related at Ubiquitous Computing and Communications – everywhere all the time and at its Page 2 continuation. And I also include this in my In the News postings list.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: