North Korea has recently drawn attention not only to missile and nuclear tests: the regime is said to have captured several billion dollars through cyber attacks. But the hackers are not just about money.
By Kathrin Erdmann, ARD Studio Tokyo
The crippling of 6000 computers from the public television broadcaster KBS, the theft of data from a nuclear power plant and the attempt to hack the government website: these are three examples of cyber attacks on South Korea in recent years. They all bear the signature of the neighboring communist country.
“Our analysis shows that half of all attacks come from North Korea,” said Kwon Hun-Yeong, lawyer and director of cybersecurity at Korea University in Seoul. Specialists are trained here who later work in the military or in the government and are intended to ward off attacks from outside. There are certain patterns and methods that allow this conclusion to be drawn. “And mostly that can be traced back to China, which is typical of the attacks from North Korea.”
The type of attack has changed significantly in the past – or more precisely, the target of the attackers. In the past, hackers were primarily concerned with paralyzing institutions in order to show their weakness on the one hand and to demonstrate their own skills on the other. “It has now become organized crime,” says Kwon. “The threat is increasing and we have to respond accordingly.”
Hackers are also concerned with sensitive data
Kwon assumes up to 5000 such attacks per year, there are no precise statistics. In his view, North Korea wants to get money above all. Nils Weissensee also suspects other motifs. The head of news of the Korea Risk Group media group has been dealing with hacking for years. Attackers are also increasingly concerned with data. In the case of espionage attacks, the hacker groups tried to get as much sensitive data as possible, says Weissensee, “partly because the North Korean secret service can do something with it directly.” On the other hand, this data could in turn be used to plan new attacks.
The hackers sometimes pretend to be high-ranking employees of institutions, acquire trust and then hypocritically ask for a file to be downloaded. “These attacks are often much cheaper because people can trick people much faster and create security gaps,” explains Weissensee.
Well-trained specialists are behind the attacks
The 40-year-old expects more hacker attacks in the future, if only because each individual is connected to the network with more and more devices and thus offers a target. And not only that: “I can imagine that maybe in ten or twenty years we will be at a point where we will be much more worried about cyber attacks on nuclear power plants than about missiles at nuclear power plants.”
North Korea has highly trained computer specialists, that is now known. In the past, young North Koreans were initially trained in the country itself, says Kwon. Then they would have sent the best to China to set up bogus companies there. “The hackers were only provided with the bare essentials, something like rice and kimchi,” says the expert. “And from there, they tried to infiltrate other countries, especially South Korea.” If they succeeded and the media reported it, the hackers received a bonus. As a UN report from this year lists, the North Korean regime is now working with groups from Eastern European countries and is more active in Southeast Asia.
The analysis of cyber attacks is tricky
Getting to the bottom of the hackers is like a puzzle, says Weissensee, who says he is also in contact with secret service agents. It is important to cleverly network computer and national experts. Every now and then there are fragments of text in the malware that are discovered. Then a lot of questions came up: “Is that a South Korean word, is it a South Korean phrase, is it something that could be used in North Korea?” This analysis is not easy – especially since the hacker groups may deliberately set the wrong track. The analysts also asked themselves why an attack on a particular institution is happening right now – because that could also have geopolitical reasons.
It is difficult to say whether North Korea has come under even greater economic pressure from the Corona crisis than from the sanctions and could therefore undertake even more hacker attacks. His biggest concern is that Pyongyang’s control over the computer specialists might eventually disappear – and the well-trained hackers will only work in their own interests. The computer specialist has only recently been dealing with such a scenario when North Korea’s ruler Kim Jong Un disappeared for weeks.