'Jungle' Kim: Cyber-Savage!
The recent cyber-attacks reputed to have stemmed from North Korea reminded me of an article by my army friend in open-source intelligence, Major Steve Sin, "Cyber Threat Posed by North Korea and China to South Korea and US Forces Korea," the English version of a Korean article published in the June 2009 edition of Defense and Technology Monthly, No. 364 (pp. 28-33). Natural modesty uncharacteristically fails to deter me from noting Steve's tribute to my "wonderful recommendations and sharp critiques[, which] . . . contributed greatly to the improvement of . . . [his] paper."
Be that as it may, Steve contacted me just yesterday to inform me that his article was getting some attention, as Bob Brewin cites it in "North Korea's Hackers in a Luxury Hotel," a recent "What's Brewin'" column for NextGov. In this column, Brewer notes:
The paper, written by Army Maj. Steve Sin, a senior analyst at the Open Source Intelligence Branch of the Directorate of Intelligence at U.S. Forces Korea, said North Korea operates two cyber warfare units: the State Security Agency's electronic communications monitoring and computer hacking outfit, and Unit 121, which is part of the Reconnaissance Bureau. The bureau's staff works directly for the General Staff Department of the Ministry of People's Armed Forces.I won't summarize either Brewer's column or Steve's paper since they are easily accessible online, but given the current relevance of cyber-attacks, I thought that some of my readers with interests in Northeast Asia and related topics might want to take a look at both sites. In lieu of a summary, however, I will paste Steve's "Conclusion and Assessment" about Information Warfare (IW) threats:
Unit 121's staff of about 100, Sin said, has the capability to launch "moderately advanced" Distributed Denial of Service attacks, the kind that took down South Korean and U.S. government Web sites this week. The attacks this week, though, sure give a new meaning to the word moderate. Unit 121 also has moderate ability to infect target computers with viruses and malicious code, Sin added.
The IW threats of today and the future represent a new way of thinking about conflict and warfare. IW attacks are particularly dangerous because of our reliance on computers, networks and technology. These computers control critical systems that run power plants, telecommunications infrastructure, military command and control nodes, and more. Even a cursory survey reveals that the Northeast Asian countries possess highly developed IW capabilities, and they continue to develop new and more sophisticated IW arsenal. All countries in the region have at least tested their capabilities if not already used them in actual attacks against their adversaries; therefore, it would be prudent for one to assume that the networks of the USFK [United States Forces Korea] and other US government agencies in the ROK [Republic of Korea] are under constant attack -- there are open source reporting that states NK and China have conducted IW attacks against US Department of Defense networks but these reports lack specifics of the incidents and do not specify these attacks were aimed at USFK. The US and ROK IW experts believe the recent attacks on their government networks were clear cases of state-sponsored governmental and corporate espionage activities. Given the constant advancement of the information technology, and that IW can be carried out anonymously with a high probability of success, state-sponsored IW attacks on our networks will continue to rise in frequency and sophistication.Steve was writing prior to the most recent cyber-attacks, and I lack sufficient expertise to judge if these recent cyber-attacks were serious threats or mere inconveniences, but the prudence recommended by Steve is our best policy. Prudence, however, would not appear to be a North Korean virtue, for if a recent report is correct that the North Korean Defense Ministry ordered its hackers to "destroy the South Korean puppet communications networks in an instant" (Hyung-Jin Kim, "Report: NKorean army suspected over cyberattacks," Yahoo News, July 11, 2009), then the North's hackers clearly failed in that desperate aim. Indeed, the desperation implicit in such an order would raise serious questions about the rationality of the North's leadership these days, and I would be inclined to dismiss the report -- except that the North's recent missile 'tests' have seemed equally desperate, mere bluster without strategy, revealing weakness rather than strength and alienating even the North's traditional 'friends'. More evidence that North Korea is in serious decline.
By the way, I realize that Kim Jong-il didn't personally take part in any cyber-attack, but the image of wild-man 'Jungle' Kim as a nerdy cyber-warrior just tickles my fancy.