A summer whose entertainment headlines were dominated by Taylor Swift and her blowout concert tour just…
CFIF on Twitter CFIF on YouTube
Event Ticket Purchases: The Proposed BOSS Act Would Empower Biden’s Rogue FTC and Make Matters Worse, Not Better

A summer whose entertainment headlines were dominated by Taylor Swift and her blowout concert tour just came to an end.  Unsurprisingly, a significant number of those headlines centered upon the ongoing public policy debate over the consumer ticket purchase experience, along with varying and differing calls for reform.

Unfortunately, some of that discussion served to introduce terribly ill-advised proposals that would only make the industry and American consumers’ enjoyment of it far worse.

To be sure, the genesis of the problem underlying various reform proposals is the issue of predatory ticket resellers who engage in harmful practices that hurt fans as well as the artists themselves.  As just one illustration, resale ticket prices at StubHub alone have increased over 100% since…[more]

September 26, 2023 • 07:25 PM

Liberty Update

CFIFs latest news, commentary and alerts delivered to your inbox.
North Korean Cyber Warfare: Focused On Money, Not Missiles Print
By Samuel Bocetta
Thursday, December 21 2017
In short, while missile tests or hacks of celebrities’ private photos will continue to generate the most headlines, these miss the point of the DPRK’s growing cyber capabilities.

Every time North Korea conducts a missile test, it understandably makes headlines around the world. While ICBMs capable of carrying nuclear payloads might be good for showmanship, however, in truth the North Korean missile program, while steadily improving, represents something of a sideshow in the country’s growing military capability.

At the heart of the DPRK’s military strategy is cyber warfare. The reclusive state’s technological capabilities used to be laughed at, but no more. Reports now suggest that the DPRK employs an “army” of over 6,000 hackers, working both within the country and outside it, who have been responsible for some of the most devastating attacks of recent years.

The most publicized attack of the past few years has been the 2014 operation that targeted Sony Pictures. This is understandable: a rogue state seeking to sabotage the release of a Hollywood comedy makes for a good story.

The emphasis on this attack, however, cloaks the true nature of the DPRK’s cyber operation. It is true that the regime has occasionally targeted organizations which planned to air information critical of it, such as the Sony hack or the more recent attack on Channel 4 in the UK, which had planned to run a satirical TV series.

However, the true target of North Korean cyber attacks is far more mundane: The regime needs money, and hacking is the easiest way to get it.

From Humble Beginnings

It would be nice to believe, of course, that our movies and documentaries are so ideologically powerful as to be seen as a threat to the power of Pyongyang. In truth, however, the regime cares little about how it is seen outside its own borders, and the country itself remains so technologically underdeveloped that no North Korean is likely to see them.

Indeed, the technological capabilities of the DPRK have long been underestimated. In 2011, when the previous leader of the country, Kim Jong-il, died, the country was estimated to have just 1,024 IP addresses. For reference, that’s less than the number for a typical city block.

Until the 1990s, the internet, and cyber warfare more generally, were not given much support by the regime. There is a good reason for this, of course: Totalitarian states tend to be suspicious of the freedom of the web, as evident in China’s reaction to it.

By the late 1990s, however, this was starting to change. North Koreans “assigned to work at the United Nations were also quietly enrolling in university computer programming courses in New York,” as the New York Times puts it. It was the US invasion of Iraq in 2003, however, that really spurred the development of North Korean cyber warfare. Inspired by the U.S. “Shock and Awe” campaign, Kim Jong-il issued a warning to his military: “If warfare was about bullets and oil until now,” he told top commanders, according to a prominent defector, Kim Heung-kwang, “warfare in the 21st century is about information.”

The Perfect Weapon

There are many reasons why cyber weapons are viewed as desirable in Pyongyang. Perhaps the most pragmatic of these is that developing such weapons is cheap. In contrast to the development of conventional weapons, which require serious outlay on hardware, cyber warfare merely requires bright students to be trained in its techniques. The DPRK’s approach is to simply pull promising students out of high school, pay them well, and train them in cyber warfare.

Once trained, these “cyber soldiers” can use existing internet infrastructure to launch attacks. Indeed, given the still-parlous state of such infrastructure inside the DPRK itself, it seems that many attacks actually originate from outside the country, with India and Eastern Europe appearing to be favored. This also points to another advantage of cyber weapons: Their use is deniable, because Pyongyang can claim that attacks originate with “rogue hackers” rather than the government.

Because of this, recent attention has shifted to the role of North Korean criminal organizations that operate from outside the country. The two main groups are known as Lazarus and Guardians of Peace (GOP). According to a report by commercial security firm Recorded Future, these groups almost exclusively launch attacks from IT infrastructure located outside of the DPRK. Just like the growing numbers of people who use a VPN to hide their location online, this makes tracing the source of attacks very difficult.

On the other hand, if an attack can be traced to a country outside the DPRK, this can bring hackers within the reach of law enforcement. Recently, the Australian Federal Police have been very active in this area, working with foreign police forces to seize equipment and shut down attacks before they happen. Even in these cases, however, it is easy for hackers to deny that they are under the orders of the North Korean government, and so these attacks retain plausible deniability.

Perhaps the biggest advantage of cyber weapons for the DPRK, though, is that their use brings little effective retaliation. Launching retaliatory cyber attacks on a country that remains stubbornly analogue is pretty difficult, even if the U.S. and other countries are willing to escalate the current conflict.

Following The Money

It’s hardly a one-way street, of course. As the Washington Post reported in September 2017, “Early in his administration, President Trump signed a directive outlining a strategy of pressure against North Korea that involved actions across a broad spectrum of government agencies and led to the use of military cyber-capabilities.” These have included a DDOS attack last month. The focus of these attacks, though, has been on traditional counter-intelligence: They have aimed to shut down North Korea’s intelligence agencies, rather than try to cause widespread damage.

The DPRK’s focus is different. With little to lose in terms of international reputation, and suffering under otherwise crippling sanctions, most recent attacks have focused on one thing: stealing money.

In fact, when taken as a whole, this appears to be the primary purpose of North Korea’s cyber program. In 2016, hackers working for the DPRK tried to steal $1 billion from the New York Federal Reserve. Though foiled on that occasion, the hackers still got away with $81 million, and more generally have developed a system that is quietly stealing hundreds of millions of dollars a year.

In short, while missile tests or hacks of celebrities’ private photos will continue to generate the most headlines, these miss the point of the DPRK’s growing cyber capabilities. A country that used to crudely counterfeit $100 bills has found a new strategy for generating cash: stealing it electronically.

Samuel Bocetta spent decades working for the U.S. Navy and as a consultant to defense contractors, specializing in electronic warfare and advanced computer systems.  He is currently writing and teaching defense engineering.

Notable Quote   
"The Biden administration recently issued yet another outlandish immigration action, but most Americans likely did not realize it. I'm talking about the Department of Homeland Security's decision to extend and 'redesignate' Temporary Protected Status for more than 700,000 illegal aliens from Venezuela that the Biden administration has already allowed into the U.S. For many Americans, this may sound…[more]
— Chad Wolf, Former Acting Secretary of the Department of Homeland Security and Executive Director of the Center for Homeland Security & Immigration at the America First Policy Institute
Liberty Poll   

Should any sitting president publicly pick either side in a private labor dispute?