Today's Wall Street Journal commentary "Take the Palestinians' 'No' for an Answer" offers the choice…
CFIF on Twitter CFIF on YouTube
Quote of the Day: Trump Beats the "Experts" Again

Today's Wall Street Journal commentary "Take the Palestinians' 'No' for an Answer" offers the choice quote of the day today, highlighting the way in which President Trump's decision to finally (and rightfully) relocate the U.S. embassy in Israel to Jerusalem has once again proved him more prescient than the foreign policy "experts" who predicted dire consequences:

. This week's U.S.-led Peace to Prosperity conference in Bahrain on the Palestinian economy will likely be attended by seven Arab states - a clear rebuke to foreign-policy experts who said that recognizing Jerusalem as Israel's capital and the Golan Heights as Israeli territory would alienate the Arab world."

. The piece also highlights how the Palestinians stand alone among nations who somehow claim entitlement…[more]

June 24, 2019 • 01:32 pm

Liberty Update

CFIFs latest news, commentary and alerts delivered to your inbox.
Jester's CourtroomLegal tales stranger than stranger than fiction: Ridiculous and sometimes funny lawsuits plaguing our courts.
North Korean Cyber Warfare: Focused On Money, Not Missiles Print
By Samuel Bocetta
Thursday, December 21 2017
In short, while missile tests or hacks of celebrities’ private photos will continue to generate the most headlines, these miss the point of the DPRK’s growing cyber capabilities.

Every time North Korea conducts a missile test, it understandably makes headlines around the world. While ICBMs capable of carrying nuclear payloads might be good for showmanship, however, in truth the North Korean missile program, while steadily improving, represents something of a sideshow in the country’s growing military capability.

At the heart of the DPRK’s military strategy is cyber warfare. The reclusive state’s technological capabilities used to be laughed at, but no more. Reports now suggest that the DPRK employs an “army” of over 6,000 hackers, working both within the country and outside it, who have been responsible for some of the most devastating attacks of recent years.

The most publicized attack of the past few years has been the 2014 operation that targeted Sony Pictures. This is understandable: a rogue state seeking to sabotage the release of a Hollywood comedy makes for a good story.

The emphasis on this attack, however, cloaks the true nature of the DPRK’s cyber operation. It is true that the regime has occasionally targeted organizations which planned to air information critical of it, such as the Sony hack or the more recent attack on Channel 4 in the UK, which had planned to run a satirical TV series.

However, the true target of North Korean cyber attacks is far more mundane: The regime needs money, and hacking is the easiest way to get it.

From Humble Beginnings

It would be nice to believe, of course, that our movies and documentaries are so ideologically powerful as to be seen as a threat to the power of Pyongyang. In truth, however, the regime cares little about how it is seen outside its own borders, and the country itself remains so technologically underdeveloped that no North Korean is likely to see them.

Indeed, the technological capabilities of the DPRK have long been underestimated. In 2011, when the previous leader of the country, Kim Jong-il, died, the country was estimated to have just 1,024 IP addresses. For reference, that’s less than the number for a typical city block.

Until the 1990s, the internet, and cyber warfare more generally, were not given much support by the regime. There is a good reason for this, of course: Totalitarian states tend to be suspicious of the freedom of the web, as evident in China’s reaction to it.

By the late 1990s, however, this was starting to change. North Koreans “assigned to work at the United Nations were also quietly enrolling in university computer programming courses in New York,” as the New York Times puts it. It was the US invasion of Iraq in 2003, however, that really spurred the development of North Korean cyber warfare. Inspired by the U.S. “Shock and Awe” campaign, Kim Jong-il issued a warning to his military: “If warfare was about bullets and oil until now,” he told top commanders, according to a prominent defector, Kim Heung-kwang, “warfare in the 21st century is about information.”

The Perfect Weapon

There are many reasons why cyber weapons are viewed as desirable in Pyongyang. Perhaps the most pragmatic of these is that developing such weapons is cheap. In contrast to the development of conventional weapons, which require serious outlay on hardware, cyber warfare merely requires bright students to be trained in its techniques. The DPRK’s approach is to simply pull promising students out of high school, pay them well, and train them in cyber warfare.

Once trained, these “cyber soldiers” can use existing internet infrastructure to launch attacks. Indeed, given the still-parlous state of such infrastructure inside the DPRK itself, it seems that many attacks actually originate from outside the country, with India and Eastern Europe appearing to be favored. This also points to another advantage of cyber weapons: Their use is deniable, because Pyongyang can claim that attacks originate with “rogue hackers” rather than the government.

Because of this, recent attention has shifted to the role of North Korean criminal organizations that operate from outside the country. The two main groups are known as Lazarus and Guardians of Peace (GOP). According to a report by commercial security firm Recorded Future, these groups almost exclusively launch attacks from IT infrastructure located outside of the DPRK. Just like the growing numbers of people who use a VPN to hide their location online, this makes tracing the source of attacks very difficult.

On the other hand, if an attack can be traced to a country outside the DPRK, this can bring hackers within the reach of law enforcement. Recently, the Australian Federal Police have been very active in this area, working with foreign police forces to seize equipment and shut down attacks before they happen. Even in these cases, however, it is easy for hackers to deny that they are under the orders of the North Korean government, and so these attacks retain plausible deniability.

Perhaps the biggest advantage of cyber weapons for the DPRK, though, is that their use brings little effective retaliation. Launching retaliatory cyber attacks on a country that remains stubbornly analogue is pretty difficult, even if the U.S. and other countries are willing to escalate the current conflict.

Following The Money

It’s hardly a one-way street, of course. As the Washington Post reported in September 2017, “Early in his administration, President Trump signed a directive outlining a strategy of pressure against North Korea that involved actions across a broad spectrum of government agencies and led to the use of military cyber-capabilities.” These have included a DDOS attack last month. The focus of these attacks, though, has been on traditional counter-intelligence: They have aimed to shut down North Korea’s intelligence agencies, rather than try to cause widespread damage.

The DPRK’s focus is different. With little to lose in terms of international reputation, and suffering under otherwise crippling sanctions, most recent attacks have focused on one thing: stealing money.

In fact, when taken as a whole, this appears to be the primary purpose of North Korea’s cyber program. In 2016, hackers working for the DPRK tried to steal $1 billion from the New York Federal Reserve. Though foiled on that occasion, the hackers still got away with $81 million, and more generally have developed a system that is quietly stealing hundreds of millions of dollars a year.

In short, while missile tests or hacks of celebrities’ private photos will continue to generate the most headlines, these miss the point of the DPRK’s growing cyber capabilities. A country that used to crudely counterfeit $100 bills has found a new strategy for generating cash: stealing it electronically.


Samuel Bocetta spent decades working for the U.S. Navy and as a consultant to defense contractors, specializing in electronic warfare and advanced computer systems.  He is currently writing and teaching defense engineering.

Question of the Week   
In which of the following years did the U.S. Census Bureau start using standardized questionnaires for the decennial census?
More Questions
Quote of the Day   
 
"MIAMI -- President Donald Trump was the big winner of the first 2020 Democratic debate.The Republican commander in chief, who was on his way to an economic summit in Osaka, Japan, emerged from the scrap largely unscathed -- barely mentioned at all -- even though he is a uniquely antagonizing and energizing force for Democratic voters.At the same time, the 10 candidates who were in the room here at…[more]
 
 
—Jonathan Allen, NBC News National Political Reporter
— Jonathan Allen, NBC News National Political Reporter
 
Liberty Poll   

In response to the escalating series of provocations by Iran, do you believe Pres. Trump's measured response, including positioning of military assets and documenting Iran's actions to allies, is better policy than immediate retaliatory strikes?