Shostack + Friends Blog Archive


More on North Korean Online Warfare

I wrote about this in “North Korean Hacking Story,” and more detail emerges from a mail (or perhaps its a website? Hard to tell.) Anyway, this was eventually forwarded to Dave Farber’s IP list, Anyway, Brooks Isoldi, edidor of Intellnet writes:

North Korea has trained a small army of computer hackers whose
capability is equal to that of U.S. intelligence agencies, a South
Korean defense official said last week.

Byeon was referring to a 1997 U.S. military exercise code-named
Eligible Receiver that used National Security Agency officials posing
as North Korean hackers. Using software obtained publicly from the
Internet, the simulation showed that North Korea could shut down all
U.S. military communications in the Pacific and the entire electric
power grid in the western United States.

Ok, so lets see. Not only was it a simulation, but it was seven or eight years ago. And what it found was that Americans were able to hack into and shut down US military communications. Which is bad. But it was also seven years ago. Perhaps they’ve improved things a little since then.

The skeptical reporter might also consider what differences exist between Americans pretending to be North Koreans, and real North Koreans. This is made harder because North Koreans are subject to one of the nastiest dictatorships on Earth. You can’t go, hang out with some North Korean hacker kids, and learn how they think. They have essentially no industry (have you ever seen a product made in North Korea?) They have no infrastructure. The ability of the North Korean military to execute on complex operational plans is unknown, but given the Stalinist nature of the country, it is unlikely that the operators are encouraged to take initiative or creatively exploit what they find. That might be mitigated or made worse when your unit is operating from a cube farm, with officers around.

On the other hand, the North Koreans seem to have produced nuclear weapons, and their military frequently does things (suicide squads sent through the DMZ, landed by submarine, etc) which seem to make no sense.

So Eligible Reciever is probably a bad model, but it may also be the best model that anyone has.

3 comments on "More on North Korean Online Warfare"

  • “Using software obtained publicly from the Internet…”
    Then surely PRNK is not the sole attacker we should include in the threat model, yes?
    Nuclear weapons obviously require very different tech and expertise, pre-dating modern digital information systems by several decades.
    However, if we really wanted to begin to understand the threat, anyone have any idea how many ways bits can leave PRNK? Most that I can envision seem pretty monitorable…

  • Iang says:

    “Evil people are preparing to attack the USA.” I hear this a lot. It is almost always rubbish. In general it comes from Washington DC. There are always authoritive sources which end up being as you suggest something like “well, we showed it was possible a decade back.” Pretty much the people spreading these stupidities include the old catch all of “if you knew what was really going on…”
    This would be funny but it’s far too much the pattern of life in that corner of the world. It infects everyone who enters the spin cycle, from the low to the high. It’s very sad, and everyone else gets to pay when it spills out into the open.

  • John Kelsey says:

    I think North Korea having nuclear weapons demonstrates that it’s not that hard to build nukes, not that North Korea is capable of great feats of high technology. Similarly for missiles. Using modern computers and the last 50+ years of progress, they can do work comparable to what the US was capable of in 1945-50.
    Of course, any modern industrial nation that wants nukes is going to be able to have them, and my suspiscion is that many officially non-nuclear powers have nuclear arsenals either currently available or planned out so that they can become available very quickly if necessary. If you were in charge of the defense of (say) Japan, how comfortable would you be with the idea that upon withdrawal of the US’ nuclear deterrent, you’d be helpless for the next several years to any nuclear power willing to start threatening you?

Comments are closed.