The picture above from NightEarth.com shows North Korea at night. Yes, North Korea is the big black void circled in red surrounded by all the other countries that are lit up like Christmas Trees. So how is this nation, boasting about 30 external facing websites – all run by the government, such a threat to the cyber world?
Especially when compared to S. Korea (the glowing peninsula below N. Korea) which is one of the most connected countries in the world.
According to Richard A. Clarke’s book “Cyber War: The Next Threat to National Security and What to do about It” (excellent book by the way), North Korea, one of the least connected countries in the world has one of the most advanced cyber war programs.
So how can this be?
North Korea has four known cyber warfare units and Clarke states that the cyber forces are broken down as follows:
- Unit 110 – Also known as the “Technology Reconnaissance Team” was most likely responsible for the July 2009 DDoS attacks against the US and South Korea.
- Unit 35 – Also known as the “Central Party’s Investigations Department” is the smallest group but is responsible for both internal defense and offensive capabilities.
- Unit 204 – Also known as the “Enemy Secret Department Cyber Psychological Warfare Unit” has about 100 hackers.
- Unit 121 – Also known as the “Korean People’s Army (KPA) Joint Chiefs Cyber Warfare Unit” has over 600 hackers and would be responsible for disabling South Korea’s C3 functions (Command, Control and Communications) in case of armed conflict.
North Korean Students that show aptitude are selected from elementary schools and are groomed in cyber warfare throughout their college years. They constantly hone their skills and even attend foreign colleges to learn the latest security techniques.
But if North Korea is so unconnected, it would seem to be very easy to detect attacks coming from these specialized units and shut them down. This would be the case, but many of these units are not even stationed in North Korea. They operate out of China!
According to the book, anywhere from 600 to 1,000 Korean cyber war agents are working out of China. Apparently two suspected bases of operations are located at hotels in Sunyang and Dandong.
With the flood of cyber attacks coming out of China, one has to wonder, is it really North Korean hackers behind it all? Or, are the Chinese and Korean hackers acting as one in the same?