Shostack + Friends Blog Archive


North Korean Hacking Story

The Korea Herald has done an awful job of reporting in “N.K. hacking ability matches that of CIA, analyst says.” Normally, I ignore awful reporting as roughly par for the course, but this is egregious.

“Our electronic warfare simulation indicates that North Korea’s capability has reached a substantial level, unlike what is generally known to the outside world,” Byun [Jae-jung, a researcher at the state-run Agency for Defense Development]
told the Defense Information Security Conference 2005 held yesterday at Korea University in Seoul. The conference is organized annually by the Defense Security Command and the Korea Information Security Agency. He said the simulation was based on reliable information from the DSC, but refused to give any details.

I’d like to focus on one sentence here: Our electronic warfare simulation…. Note that he’s not saying their intelligence estimates. He’s not saying their observations of North Korean activity. He’s saying they ran a simulation and decided that it was scary. Then he refused to answer questions about it.

According to him, the communist country since 1981 has been training about 100 hackers through an elite electronic warfare academy known as Mirim College and now operates a crack contingent of 500 or 600 cyber soldiers.

north-korea-satelite.jpgOk, so they retain people for five or six years. That’s probably a good average, although I would think that you’d want a large number of young folks coding attack tools, and a much smaller number of actual attackers. 500 people doesn’t seem an unreasonable number, and fear is an ok motivator for people to work well. Its not nearly as good as the snark-filled joy of conquest that the best hackers I know feel when finding vulnerabilities, but it may suffice. Equipping a battalion with internet connectivity and computers shouldn’t be hard, even for North Korea. (Pictured.)

Now, some people don’t like W. Mark “Deep Throat” Felt, but in this instance, his advice is as timely, as accurate and insightful as it always has been. Byun is looking for a large budget increase. Follow the money:

“The South Korean government spends only 2.5 percent of its information-related budget on information protection while the United States invests 8.8 percent,” Byun said.

Shortly after that, Byun said “We don’t play politics at the Department of Homeland Security. I mean, the Agency for Defense Development.” Follow the money, indeed.

One comment on "North Korean Hacking Story"

Comments are closed.