Connect to share and comment

After two decades of relative peace, security experts caution that internet warfare is all but imminent. GlobalPost examines the skirmishes, defenses, and the "calamitous" threat that a small group of hackers could pose to American cities.

North korea cyberwar1
Members of the Korea Internet Security Agency check on cyber attacks at a briefing room of KISA in Seoul on March 20, 2013. (Jung Yeon-Je/AFP/Getty Images)

North Korea: How the least-wired country became a hacking superpower

North Korea’s cyber-war strength says a lot about the future of global hostilities.

Editor's note: This story was first published in May 2013.

SEOUL, South Korea — This year, North Korea has been flaunting its nuclear hardware in an effort to extort concessions from the United States and South Korea.

But the tactic has failed to provoke panic for one key reason: Officials doubt that Pyongyang would be stupid enough to start a nuclear war.

While nukes are better seen than used, and thus of limited blackmail value, dictator Kim Jong Un possesses a quieter weapon that’s more readily unleashed — and has already become a serious nuisance: cyber war.

Experts say Pyongyang typically deploys it about once a year, although it’s not always clear that North Korea is behind the attacks.

“Hackers activated a “botnet” of 50,000 hijacked zombie computers.”

The most recent offensive hit Seoul in April 2013. The strike disabled anti-virus software, brought down ATMs across the country and froze online banking systems for days. About 30,000 computers had their hard drives wiped and went dead.

In an Austin Powers-style twist, the malicious software displayed pixilated skulls on the monitors of infected machines.

After initially saying the strike originated in China, officials tracked it to a specific Pyongyang neighborhood. A month before the assault erupted, they said, hackers had quietly planted a simple but devastating software program on computers at three South Korean television broadcasters and three banks. Authorities identified the code as a hard-drive wiper called “DarkSeoul,” first identified a year ago.

Although this type of virus is relatively simple and has been around since the early 1980s, experts acknowledged that its impact was devastating. A computer security expert from Cisco, Seth Hanford, wrote that the “highly targeted” attack led to significant downtime and a “severe” loss of data.

On April 12, North Korea denied it was the culprit, but the South has maintained the accusation.

Although North Korea is among the poorest and most isolated countries, it is surprisingly adept at hacking — a testament to how dangerously accessible cyber warfare is to anyone that wants to pursue it.

Training a cyber brigade, it turns out, does not demand high levels of tech sophistication, and is a handy way to pester a far stronger foe.

A convenient arsenal

On the Korean battlefield — which remains manned 60 years after the end of the shooting war that divided the Koreas — the North is indisputably outgunned and outmaneuvered. That fact has led Pyongyang to adopt a modified guerrilla warfare strategy. As the Pentagon described it in a May report to Congress: “North Korea uses small-scale attacks to gain psychological advantage in diplomacy and win limited political and economic concessions.”

In the 1970s and 1980s, Pyongyang sent agents on risky operations to sabotage South Korean targets and hijack one South Korean civilian airliner. In November 2010, the north launched an artillery barrage at an island near the DMZ, and sunk a South Korean naval corvette in March 2010, leaving 46 South Korean sailors dead.

Strikes like these, however, can provoke dangerous retaliation. In contrast, cyber warfare supports the nation’s military strategy, and carries less risk.

A digital offensive requires a “very low developmental cost and can bring catastrophic results,” said Hyeong-wook Boo, an analyst at the Korea Institute for Defense Analyses, a think tank in Seoul. “The North Korean espionage team sees cyberspace as a very favorable place for its activities.”

The threat has been looming since the late 1990s, when North Korea unleashed its first basic denial of service (DDoS) attacks on its neighbor. Since then, the computer plots have become somewhat more sophisticated, targeting South Korean banks and businesses with malware and throwing the occasional wrench in the markets.

According to the National Intelligence Service, South Korea’s spy agency, the north was probably behind six cyber attacks from 2008 to 2012. Two of the largest came in 2009 and 2011, when Seoul accused the North of sneaking malware into its biggest banks and attacking government websites.

In the first of these, the US was also a key target.

Starting on July 4, 2009, hackers activated a “botnet” of 50,000 hijacked zombie computers to coordinate three waves of assaults targeting the public websites of the Pentagon and White House. The denial of service attacks also disrupted the websites of the South Korean intelligence agency and a major South Korean newspaper, but did not bring them