Hacking for Missiles?
Defectors from North Korea claim an elite cyber warfare group in the North Korean intelligence community referred to as ‘Unit 180’ is likely responsible for major cyber attacks.
Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry "ransomware" cyber attack that infected more than 300,000 computers in 150 countries this month. Pyongyang has called the allegation "ridiculous".
Kim Heung-kwang, a former computer science professor in North Korea, who defected to the South in 2004 and remains in contact with sources inside North Korea, said Pyongyang’s cyber attacks aimed at raising cash are likely organized by Unit 180, a part of the Reconnaissance General Bureau (RGB), its main overseas intelligence agency. "Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts," Kim says.
Central to the allegations against the North Korean regime is its connection to a hacking group called Lazarus which is suspected in an $81 million cyber heist at the Bangladesh central bank in 2016 and the 2014 attack on Sony’s Hollywood Studio. The U.S. government has blamed North Korea for the Sony hack and U.S. officials have indicated prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.*
in addition to the Bangladesh Bank heist, Pyongyang has also been suspected in attacks on banks in the Philippines, Vietnam and Poland.
North Korea is one of the most isolated countries in the world, making any details of its clandestine operations difficult to obtain. But experts who study the reclusive country and defectors who have ended up in South Korea or the West have provided some clues.
"The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace," Kim added. Ahn Chong-ghee, South Korea’s vice foreign minister concurs, "North Korea is carrying out cyber attacks through third countries to cover up the origin of the attacks." Masking their location provides plausible deniability. The South claims North Korean hackers have launched multiple attacks on over 160 South Korean companies and government agencies, including a nuclear reactor, which they staged from within China to originate a Chinese IP address.
The U.S. Department of Defense said in a report submitted to Congress last year that North Korea likely "views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the Internet".
James Lewis, a North Korea expert at the Washington-based Center for Strategic and International Studies, said Pyongyang first used hacking as a tool for espionage and then political harassment against South Korean and U.S. targets.
"They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime. So far, it’s worked as well or better than drugs, counterfeiting, smuggling – all their usual tricks," Lewis said.
Dmitri Alperovitch, co-founder of prominent U.S. security firm CrowdStrike Inc, added: "Their capabilities have improved steadily over time, and we consider them to be a threat actor that is capable of inflicting significant damage on U.S. private or government networks."
North Korea has emerged as a two pronged threat. The cyber threat they pose has become alarming in it’s own right. It only becomes more disturbing as we learn these banking heists and ransomeware attacks are helping fund their missile development.
* No conclusive proof has been provided and no criminal charges have yet been filed. North Korea has also denied being behind the Sony and banking attacks.