Published October 21, 2015
Investigators have yet to pinpoint the culprit behind a synchronized cyberattack in South Korea last week. But in Seoul, the focus remains fixed on North Korea, where South Korean security experts say Pyongyang has been training a team of computer-savvy "cyber warriors" as cyberspace becomes a fertile battleground in the standoff between the two Koreas.
Malware shut down 32,000 computers and servers at three major South Korean TV networks and three banks last Wednesday, disrupting communications and banking businesses, officials said. The investigation into who planted the malware could take weeks or even months.
South Korean investigators have produced no proof yet that North Korea was behind the cyberattack, and on Friday said the malware was traced to a Seoul computer. But South Korea has pointed the finger at Pyongyang in six cyberattacks since 2009, even creating a cyber security command center in Seoul to protect the Internet-dependent country from hackers from the North.
It may seem unlikely that impoverished North Korea, with one of the most restrictive Internet policies in the world, would have the ability to threaten affluent South Korea, a country considered a global leader in telecommunications. The average yearly income in North Korea was just $1,190 per person in 2011 -- just a fraction of the average yearly income of $22,200 for South Koreans that same year, according to the Bank of Korea in Seoul.
But over the past several years, North Korea has poured money and resources into science and technology. In December, scientists succeeded in launching a satellite into space aboard a long-range rocket from its own soil. And in February, North Korea conducted an underground nuclear test, its third.
"IT" has become a buzzword in North Korea, which has developed its own operating system called Red Star. The regime also encouraged a passion for gadgets among its elite, introducing a Chinese-made tablet computer for the North Korean market. Teams of developers came up with software for everything from composing music to learning how to cook.
But South Korea and the U.S. believe North Korea also has thousands of hackers trained by the state to carry its warfare into cyberspace, and that their cyber offensive skills are as good as or better than their counterparts in China and South Korea.
"The newest addition to the North Korean asymmetric arsenal is a growing cyber warfare capability," James Thurman, commander of the U.S. forces in South Korea, told U.S. legislators in March 2012. "North Korea employs sophisticated computer hackers trained to launch cyber-infiltration and cyber-attacks" against South Korea and the U.S.
In 2010, Won Sei-hoon, then chief of South Korea's National Intelligence Service, put the number of professional hackers in North Korea's cyber warfare unit at 1,000.
North Korean students are recruited to the nation's top science schools to become "cyber warriors," said Kim Heung-kwang, who said he trained future hackers at a university in the industrial North Korean city of Hamhung for two decades before defecting in 2003. He said future hackers also are sent to study abroad in China and Russia.
In 2009, then-leader Kim Jong Il ordered Pyongyang's "cyber command" expanded to 3,000 hackers, he said, citing a North Korean government document that he said he obtained that year. The veracity of the document could not be independently confirmed.
Kim Heung-kwang, who has lived in Seoul since 2004, speculated that more have been recruited since then, and said some are based in China to infiltrate networks abroad.
What is clear is that "North Korea has a capacity to send malware to personal computers, servers or networks and to launch DDOS-type attacks," he said. "Their targets are the United States and South Korea."
Expanding its warfare into cyberspace by developing malicious computer codes is cheaper and faster for North Korean than building nuclear devices or other weapons of mass destructions. The online world allows for anonymity because it is easy to fabricate IP addresses and destroy the evidence leading back to the hackers, according to C. Matthew Curtin, founder of Interhack Corp.
Thurman said cyberattacks are "ideal" for North Korea because they can take place relatively anonymously. He said cyberattacks have been waged against military, governmental, educational and commercial institutions.
North Korean officials have not acknowledged allegations that computer experts are trained as hackers, and have refuted many of the cyberattack accusations. Pyongyang has not commented on the most recent widespread attack in South Korea.
In June 2012, a seven-month investigation into a hacking incident that disabled news production system at the South Korean newspaper JoongAng Ilbo led to North Korea's government telecommunications center, South Korean officials said.
In South Korea, the economy, commerce and every aspect of daily life is deeply dependent on the Internet, making it ripe grounds for a disruptive cyberattack.
In North Korea, in contrast, is just now getting online. Businesses are starting to use online banking services and debit cards have grown in popularity. But only a sliver of the population has access to the global Internet, meaning an Internet outage last week -- which Pyongyang blamed on hackers from Seoul and Washington -- had little bearing on most North Koreans.
"North Korea has nothing to lose in a cyber battle," said Kim Seeongjoo, a professor at Seoul-based Korea University's Department of Cyber Defense. "Even if North Korea turns out to be the attacker behind the broadcasters' hacking, there is no target for South Korean retaliation."