How North Korea Built An Army of Hackers

North Korea isn’t known for technological sophistication. The isolated country doesn’t have global giants like Apple Inc. or Samsung Electronics Co. and its citizens have limited access to basics like the internet and smartphone apps. Yet the regime of Kim Jong Un has grown increasingly adept at breaking into computer systems around the world for financial gain and strategic benefit. In recent weeks, his cyber warriors have been linked to stolen U.S.-South Korean military plans and the alleged theft of $60 million from a Taiwan bank. Even as the U.S. takes aim at North Korea’s development of nuclear weapons, the hackers are becoming more aggressive and skillful in fighting for the nation’s Supreme Dignity.

1. What kind of technology does North Korea have?

Kim’s nation has long limited access to the global internet to prevent the free flow of information. Most citizens can only view websites within the country, including government media and agencies. A select few have international access, though their activities are closely monitored. For years, North Korea had only one link to the global internet through state-owned China United Network Communications Ltd., but it secured a second link through a Russian telecommunications company in October. The country probably employs 1,700 state-sponsored hackers, backed by more than 5,000 support staff, according to Fergus Hanson, head of the International Cyber Policy Centre at the Australian Strategic Policy Institute in Canberra

2. How did the country’s hackers get started?

Kim Jong Il, father of the current leader, was an early proponent of technology as a central weapon of modern warfare. His military worked on ways to disrupt GPS systems and set off an electro-magnetic pulse to knock out computer capabilities abroad. North Korea is believed to have set up Unit 121, an early cyber warrior squad, about two decades ago as part of the country’s military. The unit began to draw attention in 2004 for allegedly tapping into the South Korean military’s wireless communication network and for testing malicious computer code. The hackers also worked to bring in cash: In 2011, South Korean police arrested five people for allegedly working with North Korean hackers to steal millions of dollars through online games.

3. When did they show signs of getting better?

The cyber troops drew international headlines in 2014 when they allegedly broke into Sony Corp.’s movie business as it was preparing to release “The Interview,” a Seth Rogen and James Franco comedy about meeting the North Korean leader. Their efforts appear to have been aimed at protecting Kim’s image and punishing the studio. Leaked documents from the hack damaged careers in Hollywood and led Sony to pay as much as $8 million in damages over the theft of personal information. After the U.S. publicly identified North Korea as the perpetrator, Kim’s government denied any involvement and said the U.S. is “slandering us.” North Korea has regularly denied its involvement in hacking attacks.

4. What is going on now?

North Korea has been stepping up its cyber attacks amid rising tensions with the U.S. and the rest of the world. Last year, a group tied to the country was allegedly behind the theft of $81 million from a Bangladeshi central bank account. Then in May, cybersecurity researchers linked a North Korea-affiliated group called Lazarus to the WannaCry ransomware attack that affected more than 300,000 computers. The hack, called “unprecedented” by Europol, threatened people with the loss of computer data unless they paid a ransom, typically $300 in bitcoin within 72 hours. The country’s hackers also appear to have increased efforts to secure bitcoin and other cryptocurrencies, which could be used to avoid trade restrictions like recent sanctions approved by the United Nations.

5. Are the hacks then primarily for financial gain?

Not quite. In October, a South Korean lawmaker disclosed that Kim’s techno soldiers stole military plans developed by the U.S. and South Korea in case of armed conflict. They allegedly included a highly classified “decapitation strike,” aimed at taking out the North Korean leader. The lawmaker blasted the armed forces for allowing the breach. "What’s embarrassing is that this was caused by an absurd mistake by our own military,” said Rhee Cheol-hee, who added that he confirmed the hack with defense officials. “They’re not supposed to move and save such important files in PCs.” A spokesman for the U.S. military said, despite the alleged hack, the country has full confidence in its intelligence and ability to deal with North Korea.

6. What are the U.S. and South Korea doing in response?

The U.S. hasn’t been standing idly by. Before North Korea got its second connection to the internet through Russia, the country’s sole connection through China had been faltering. The link had reportedly been under a distributed denial of service attack, a flood of data traffic designed to overwhelm and disable computer systems. Meanwhile, President Donald Trump has criticized Kim for his development of missiles and nuclear weapons, saying the U.S. may use military force against the regime. North Korea has warned that nuclear war “may break out any moment” as the U.S. and South Korea began joint naval drills.

7. How do the hacking efforts fit with the political clash?

The hacking efforts appear to be continuing amid the war of words. Kim’s hackers can keep pushing for hard currency and valuable intelligence as the traditional military forces prepare. Indeed, Lazarus, the hacking group linked to North Korea, may have been behind this month’s theft of $60 million from Taiwan’s Far Eastern International Bank, according to researchers at BAE Systems Plc. The cyberattack, in which malware was used to steal the money through the international Swift banking network, bore “some of the hallmarks” of Lazarus, according to a BAE blog post on Monday.