Ha Tae Kyoung Interview on the Growing Cyber-Terrorism Threat from North Korea and the South’s Response
May 15, 2013
Below is a summarized version of an interview with National Assembly member Ha Tae Kyoung that appeared on pages 26-29 of NK Vision’s May 2013 issue. Arrangement by Robert Lauler.
A major cyber-attack on March 20 of this year led to the crippling of several South Korean financial and media company websites, including North Korean news outlet the Daily NK. The South Korean government has officially concluded that North Korea was behind the attacks citing evidence that hackers employed the same IP addresses as those used in previous North Korean cyber-attacks. These recent attacks are just the latest in a stream of cyber-attacks over the past few years, including one in 2009 when a total of 25 websites in the U.S. and South Korea were paralyzed by a DDoS (distributed denial of service) attack and another on March 4, 2011, against the Blue House, National Intelligence Service (NIS, 국가정보원) and other government organizations. Further attacks occurred against Nonghyup Bank and the Jungang Ilbo in April 2011.
One of the most outspoken experts on the issue of North Korean cyber-terrorism is Ha Tae Kyoung, once a member of the National University Student Representatives Association (전국대학생대표자협의회, 전대협)’s Fatherland Unification Committee (조국통일위원회) and a former head of Open Radio for North Korea (열린북한방송). Ha is now a congressman in the National Assembly and has recently published a book called From Leaflets to DDoS (삐라에서 디도스까지) that explores historical trends in North Korea’s propaganda machine toward South Korea. The congressman has also been spearheading the passage of new legislation aimed at strengthening South Korea’s defenses against cyber-attacks. Specifically, this legislation would establish a National Cyber Security Strategy Committee (국가 사이버안전 전략회의) and launch a civil cyber-defense training program (사이버 민방위훈련).
Ha argues there are four reasons why North Korea has increasingly moved to mounting cyber-attacks and away from more traditional forms of provocation. These include the relative low cost of mounting cyber-attacks; the negligible risk of agents being caught; the difficulty for South Korea to mount a counter-attack; and the relative ease in which hackers can obtain large amounts of data. NK Vision sat down with Ha to talk in detail about North Korea’s recent cyber-attacks, North Korea’s cyber-terrorism capabilities, and South Korean responses and challenges to the cyber-terrorism threat.
The March 20 Cyber-Attacks
While the South Korean government officially named North Korea as the culprit behind the March 20 attacks, Ha says he was certain North Korea was behind them from the beginning. “The March 20 cyber-attacks had to have been pulled off by a group, not by individuals. I noticed that the attacks were aimed at government organizations and assumed they were North Korean in origin because ordinary hackers usually commit cyber-attacks for economic reasons,” he says. “Furthermore, the hacking program tool used to create software employed in these most recent attacks was Visual Basic 6, an old version of the software. If the hackers had been based locally they probably would have used Visual Basic 2012, the latest version. Most likely, the group of North Korean hackers had a difficult time obtaining this new version.” Ha says that because the 2009 and 2011 attacks were orchestrated by North Korea, it would only make sense that the recent attacks were made by the same source. “Kim Jong Un has a record of leading the 2009 DDoS attacks,” he continued. “No major attack against South Korea can occur without direct orders from him.”
North Korea’s Cyber-Terrorism Capabilities
In recent years, North Korea has appeared to move away from more traditional forms of provocation to place more of a focus on cyber-terrorism. “In the past North Korea sent spies down to South Korea to collect information but this cost a lot, was ineffective, and there was always the danger of spies being captured,” Ha says. However, cyber-terror is a low-cost, less dangerous way to conduct provocations and is extremely difficult for South Korea to mount a counterattack against. “While South Korea is always susceptible to an attack, North Korea is in a more favorable position because it has so few places open to attack,” says Ha. “Cyber-terrorism will have a considerable place in North Korea’s arsenal against the South because it doesn’t leave a trace and allows hackers to obtain a lot of information.”
Ha argues that North Korea has been making great strides over recent years in increasing its capabilities to wage cyber-terrorism against South Korea and its allies. “North Korea is nurturing top-notch hackers by handpicking teenage computer whizzes nationwide and sending them abroad to foreign universities for more education. While it’s difficult to calculate the exact size of the organization, they probably number in the thousands,” says Ha. According to Ha, the North Korean organization in charge of cyber-terrorism is run by Kim Jong Un himself and is made up of personnel from both the Korean Workers’ Party (KWP, 조선노동당) and the military. “The Party operates Liaison Office 414 under the command of the KWP Operations Department (조선노동당 작전부), and the military operates Research Center 258 under the direction of the Ministry of the People’s Armed Forces (인민무력부)’s Intelligence Bureau,” Ha says. “The hackers are now engaged in activities like the recent cyber-attacks. In short, North Korea’s cyber-terrorism capabilities are the best in the world.”
The consequences of this jump in North Korean capabilities against the national security of South Korea and its allies range from irritating to positively devastating. “The North Korean regime is under the perception that ‘south Korean money is our money.’ North Korea hackers create sites selling gifts and insert hacking programs inside them. South Korean business people buy items off the sites because they’re so cheap, even though these people know that North Korea created the site,” says Ha. “Ultimately, North Korea is able to earn foreign currency from these enterprises. The issue is, however, that South Koreans who join these websites are subject to having their information stolen.”
However, a larger cause for concern is the potential that North Korea could commit devastating cyber-attacks aimed at stealing top secret government information or paralyzing entire computer networks. “One scenario has top secret information from the military, Blue House or NIS being stolen by North Korea,” says Ha. “North Korea could also conduct a Stuxnet attack to hack into important national infrastructure. Experts suspect this method was employed by Israel in 2010 to attack Iran’s nuclear project infrastructure. This method could allow cyber-terrorists to hack into the computers of those working at a nuclear power plant and shut it down or worse.”
North Korea could also potentially combine cyber-attacks with more traditional methods of armed provocations. “North Korea could send commandos down to commit an act of terrorism against a chemical plant or the subway system after a cyber-attack,” says Ha. “The potential is also there for North Korean agents to use a USB stick to infect an intranet system at a government facility and cause chaos. North Korea could also conduct a cyber-attack or interfere with GPS or other communication networks, thus interfering with military operations. Of course, all three of these methods could be used at the same time.”
According to Ha, the worst case scenario would be if North Korea employed the use of an electro-magnetic pulse (EMP) weapon. “The detonation of an EMP weapon paralyzes electronic devices,” says Ha. “The explosion of a large EMP bomb 40 km above the earth would paralyze all electronic devices within a 700 km radius. Chaos would break out if one of these bombs exploded at the center of the Korean Peninsula. While this is a worst case scenario, we need to prepare for it. North Korea is constantly developing the way it carries out terrorist attacks.”
South Korea’s Responses and Challenges
The recent cyber-attacks have led to an outpouring of concern in South Korea over North Korea’s capabilities and ways to respond to the threat. Ha is quick to point out that there is no central “control tower” that manages cyber-attack threats at the national level in South Korea. “Threats to civilian infrastructure are managed by the Korea Internet Security Agency (KISA, 한국인터넷진흥원), general government infrastructure by the National Intelligence Service, and military infrastructure by the Defense Intelligence Agency (DIA, 국방정보본부),” says Ha. “The division of labor and poor communication between the military, NIS and civilian sectors directly led to the failure by the South Korean government to respond effectively to the cyber-attacks.” Following the March 20 attacks, the Park Geun Hye government has reportedly moved towards establishing a national system that will manage the response to cyber-attacks, something that Ha says is “late in coming.”
Ha has recently submitted new legislation that would establish a National Cyber Security Strategy Committee and launch a civil cyber-defense training program. If government agencies manage their intranet and internet systems separately they’ll be able to prevent most PCs from becoming zombies, like what happened during the 2009 DDoS attacks,” says Ha. Meanwhile, a civil cyber-defense training program would help educate ordinary Koreans about the dos and don’ts of using the internet. “There is also a need to develop a new software program that will allow individuals to format their computers on a regular basis,” Ha says, noting that people should format their hard drive every six months if possible, place important files on external disks and carefully check the senders of emails before opening them.
This new legislation, however, is facing opposition from the opposition party, which argues in particular that the NIS should not intervene in cyber-attacks against civilian infrastructure. “They think that the intervention of the NIS is political, but I say that more important is that North Korean hackers are having their way with South Korean computer users,” Ha argues. “Opposing the law because the NIS is involved shows that they aren’t acknowledging the severity of the threat. Such thinking will continue to leave South Korea exposed to the threat of North Korean cyber-terrorism.”