North Korea’s Cyber War Forces

The picture above from NightEarth.com shows North Korea at night. Yes, North Korea is the big black void circled in red surrounded by all the other countries that are lit up like Christmas Trees. So how is this nation, boasting about 30 external facing websites – all run by the government, such a threat to the cyber world?

Especially when compared to S. Korea (the glowing peninsula below N. Korea) which is one of the most connected countries in the world.

According to Richard A. Clarke’s book “Cyber War: The Next Threat to National Security and What to do about It” (excellent book by the way), North Korea, one of the least connected countries in the world has one of the most advanced cyber war programs.

So how can this be?

North Korea has four known cyber warfare units and Clarke states that the cyber forces are broken down as follows:

  • Unit 110 – Also known as the “Technology Reconnaissance Team” was most likely responsible for the July 2009 DDoS attacks against the US and South Korea.
  • Unit 35 – Also known as the “Central Party’s Investigations Department” is the smallest group but is responsible for both internal defense and offensive capabilities.
  • Unit 204 – Also known as the “Enemy Secret Department Cyber Psychological Warfare Unit” has about 100 hackers.
  • Unit 121 – Also known as the “Korean People’s Army (KPA) Joint Chiefs Cyber Warfare Unit” has over 600 hackers and would be responsible for disabling South Korea’s C3 functions (Command, Control and Communications) in case of armed conflict.

North Korean Students that show aptitude are selected from elementary schools and are groomed in cyber warfare throughout their college years. They constantly hone their skills and even attend foreign colleges to learn the latest security techniques.

But if North Korea is so unconnected, it would seem to be very easy to detect attacks coming from these specialized units and shut them down. This would be the case, but many of these units are not even stationed in North Korea. They operate out of China!

According to the book, anywhere from 600 to 1,000 Korean cyber war agents are working out of China. Apparently two suspected bases of operations are located at hotels in Sunyang and Dandong.

With the flood of cyber attacks coming out of China, one has to wonder, is it really North Korean hackers behind it all? Or, are the Chinese and Korean hackers acting as one in the same?

Related:

South Korean Students see Cyber Attack as top North Korean threat

Social-Engineer Toolkit v3.0 Codename “#WeThrowBaseballs” Released

The mad hugger, Dave Kennedy (ReL1K) has been at it again. As if the Social Engineering Toolkit was not already one of the top security tools, Dave has been hard at work making it even better. Adding a slew of new features and updates.

Here is a list of the top new features:

1. Support for Windows – Tested on XP, Windows 7, and Windows Vista. Note that the Metasploit-based payloads to not work yet – when SET detects Windows they will not be shown only RATTE and SET Shell

2. New attack vector added – QRCode Attack – Generates QRCodes that you can direct to SET and perform attacks like the credential harvester and Java Applet attacks

3. Improved A/V avoidance on the SETShell and better performance. I’ve also fixed the non-encrypted communications when AES was not installed

4. Added a number of improvements and enhancements to all aspects of SET including major rehauls of the coding population and moved from things like subprocess.Popen(“mv etc.”) to shutil.copyfile(“etc”)

5. Rehauled SET Interactive Shell and RATTE to support Windows

6. New Metasploit exploits added to SET

Hey, does that say it runs on Windows??  🙂

As always, nice job Dave.

Why not head on over to http://sectools.org/tool/socialengineeringtoolkit/ and vote for the Social Engineering Toolkit?

Cyber Cold War and the need for an Offensive Cyber Special Forces Group

I was speaking to a veteran the other day that has about 20 years of service and has been in more countries than I can remember. As we talked about the war in Afghanistan, possible future war with Iran and other current military affairs, he told me, “Things are changing. They are after military websites, online accounts and even Facebook pages of active duty troops. It is a Cyber Cold War now.”

International websites are under siege by everyone from political hacktivists to cyber-crime organizations, to Nation State backed hackers. But what is the real threat?

  • Political Hacktivists – The current Anonymous leak of the intercepted FBI call concerning Anonymous told me everything I needed to know about how serious a threat political hacktivism is taken. During the call, FBI agents and British agents joke around and laugh up to the point where a senior agent joins the conference call. Then it was all business. Denial of service threats and the releasing of credit card info is a nuisance, but not really a threat, especially when compared to the other heavy crime that the FBI is used to dealing with.
  • Cyber Crime – This is a lot more serious than political hacktivism. International cyber-crime is booming, and recently more money was stolen through cyber-crime than was made in the illicit drug trade. But this really is an extension of organized crime and not cyber war.
  • Nation State Hackers – This is where the threat really lies. From the release of counterfeit network equipment that could be backdoored to industrial sabotage to military based espionage. This is where our military level cyber forces should be focused.

In essence we are in a Cyber Cold War. Nation State hackers are very active in attacking and compromising military, government and defense contractor sites. Terrorists are using social media sites to recruit, train and spread their poison.  It is very representative of the espionage, politics and spread of communism during the Cold War.

Is our current military cyber force capable of dealing with this threat? I think when our cyber command was created, it had in mind the threats they were facing and had the desire to be both offensive and defensive. Blocking the threats and counter-attacking in the cyber realm. But before cyber command even got off the ground, it was hamstrung by the legal and political ramifications of offensive operations.

What then is needed?

We need a Cyber Special Forces group.

After the failed Bay of Pigs invasion, President John F. Kennedy realized that the US was facing a new battle with the spread of communism. He made it a priority to get Special Forces groups created and active to face this threat.

Troops were selected that were intelligent, capable and willing to learn. They were put through intense training that allowed them to move undetected in enemy territory and engage the enemy on their own terms.

As Special Forces groups evolved, their peacetime missions became two fold. They were sent into countries to train allied or somewhat friendly forces, but at the same time to gather intelligence about countries that at some point in the future may not be allied with US intentions.

Right now, our Cyber Command seems more defensive oriented. Instead of just monitoring and detecting threats, a capable offensive unit is needed. One that can not only counter-hack, assess potential targets, train friendly nations, and stop electronic threats. But also be able to put boots on the ground and physically shut down terror cells and any other physical threats that arise from intelligence gained.

CyberArms Intelligence Report: Top Cyber Security News for February 19, 2012

Some of the top Cyber Security and computer news from around the web:

McCain: Cybersecurity Bill Ineffective Without NSA Monitoring the Net

The bill neglects to give authority “to the only institutions currently capable of [protecting the homeland], U.S. Cybercommand and the National Security Agency (NSA),” McCain said in a written statement presented at the hearing. “According to [General Keith Alexander, the Commander of U.S. Cybercommand and the Director of the NSA] in order to stop a cyber attack you have to see it in real time, and you have to have those authorities…. This legislation does nothing to address this significant concern and I question why we have yet to have a serious discussion about who is best suited to protect our country from this threat we all agree is very real and growing.”

Senators renew push for cybersecurity bill, absent ‘kill switch’

Senators are taking another crack at pushing a broad cybersecurity bill three years in the making, once again stripping a controversial Internet “kill switch” and making other concessions in a bid to find an elusive bipartisan majority in an election year.

NSA’s whitelisting approach economically blocks computer viruses

Military computers soon will be configured to execute only administrator-approved software applications in certain areas of a computer, Pentagon officials told Nextgov. The Defense Department’s unique version of the “application whitelisting” approach focuses on where downloads are allowed to launch in a system. It is intended to be a relatively inexpensive protection against downloads that antivirus programs fail to flag as threats.

FBI seeks developers for app to track suspicious social media posts, sparking privacy concerns

According to the ACLU, who reviewed the FBI documents for Fox News, information pulled from sites like Facebook, Twitter and blogs could be cross referenced with other databases to identify potential threats. Mike German, a former FBI agent who runs the National Security section of the civil liberties group, says the data could be used to increase video surveillance in a neighborhood. German argues fundamental issues are not being addressed.

Hacker Boasts of Intel Corporation Network Breach

A hacker who goes by the handles “WeedGrower” and “X-pOSed” is claiming to have breached the networks of tech giant Intel. The attacker boasts of having gained access to an Intel.com subscriber database that contains sensitive information including passwords, social security and credit card numbers.

U.S. Not Afraid To Say It: China’s The Cyber Bad Guy

American officials have long complained about countries that systematically hack into U.S. computer networks to steal valuable data, but until recently they did not name names. In the last few months, that has changed. China is now officially one of the cyber bad guys and probably the worst.

INTERPOL Set To Open Global Cybercrime Center In 2014

Michael Moran, director of cybersecurity and cybercrime for INTERPOL, says the planned opening of the INTERPOL Global Complex in Singapore in 2014 is crucial to improving global cooperation among law enforcement. Moran says the organization is working on putting in place a secure online presence for police worldwide to work together on cybercrime cases, which often crisscross multiple regions and geographic jurisdictions.

US Strategic Command on Defending Cyberspace

The DoD operates approximately 15,000 networks. These networks are comprised of about seven million computers at bases and outposts around the globe; in submarines and research facilities that patrol and monitor the oceans; in manned and unmanned aircraft that control the skies; in satellites that relay vast quantities of data around the earth in seconds and coordinate our efforts.

Middle East Cyberjihad Timeline

If you have a look to the Middle East nations involved in the cyber conflict which made attacks or suffered attacks (depicted in the map below that does not include U.S. victim of the latest Credit Card leak and France whose Council of Jewish Institutions was hacked earlier in June), you may easily notice that the virtual geopolitics reflect nearly exactly the real ones (the dotted arrow from Iran indicates the uncertainty of the nationality of OxOmar).

Selected Readings in Cyberwar

Large selection of cyberwar and cybersecurity articles and books.

Military News:

Navy Puts More Bang Into Unmanned Fleet

The special warfare branch of the Navy’s expeditionary warfare division is eying plans to arm its small fleet of unmanned boats with an long-range missile, branch chief Capt. Evin Thompson said. The missile — known as the Spike — is built by Israeli defense firm Rafael Advanced Defense Systems, Thompson said during this week’s Association for Unmanned Vehicle Systems International-sponsored symposium in Washington.

Pentagon calls for ‘urgent’ upgrade of massive bunker-busting bombs, as Iranian threat looms

The military’s so-called Massive Ordnance Penetrator, a 30,000-pound bunker buster bomb, requires an “urgent” upgrade, according to Pentagon officials who are trying to ensure that 20 of the bombs are battle-ready — possibly for use against Iran, though officials have been tight-lipped on potential targets.

China’s Minesweeping Drones

Amid all the recent talk about the need for U.S. Navy minesweepers in the Persian Gulf in case Iran attempts to close the strait of Hormuz with sea mines, I noticed an interesting fact about China’s minesweeping plans. They involve drones. Not sleek, purpose-built, sea-going drones, but vessels originally designed to carry people that have been quickly converted to be remotely operated from an anti-mining mothership.

Other Interesting News Stories:

Chinese thieves stole 1,700 US-bound iPhones

Five suspected Chinese thieves were arrested after allegedly stealing 1,700 iPhone 4S that were bound for the US and swapping them with plastic replicas, the Shanghai Daily newspaper reported Friday.

Stunning Footage from Space

Time lapse sequences of photographs taken by the crew of expeditions 28 & 29 onboard the International Space Station from August to October, 2011.