The Democratic People's Republic of North Korea (DPRK) is a country with almost no conventional Internet presence and yet it has among the most active cyberwarfare footprints of any nation on earth and appears obsessed with expanding its operations, HP has concluded after reviewing evidence from a range of third-party sources.
It’s an apparent paradox: how can a hermit-like country with a population on par with Romania get up to the sort of mischief North Korea has been accused of when satellite images show the country is so lacking of a working electricity grid that at night it advertises itself as a lightless, black expanse?
HP’s answer in latest its primer 101 is that North Korea doesn’t actually do that much from North Korea, relying instead of cells planted in other parts of the world, particularly China, and even inside sworn enemy South Korea.
Although the country’s use of its IP ranges has expanded since 2010, its major Government and education sector websites are hosted elsewhere, while a lot of its cyberwarfare capabilities seem to use external bases to direct attacks.
As the report notes, the DPRK’s hacking Unit 121 (accused of hacking the US and South Korea) has a base in Pyongyang but depends on a named command post based in a hotel just over the border in China. This and other units such as Unit 110 (aka ‘DarkSeoul’) have carried out numerous cyber-operations, which accelerated quite dramatically in number during 2013 using the same Chinese proxies.
Surprisingly, North Korea even maintains a small network of ‘Chongryon’ schools in Japan of all places, which it allegedly uses to aid the motherland by “raising funds via weapons trafficking, drug trafficking, and other black market activities.”
Beyond that, the DPRK has a small network of businesses in countries across the globe, including China, used to lifeline millions of dollars back to the regime, including from curious Western tourists who pay hard Yankee dollars to enjoy the ultimate in totalitarian tourism. Its spies are everywhere.
For a country with no indigenous business culture to speak of, software and technology remains incredibly important, almost a form of social control and job creation for the brightest kids who might otherwise get up to no good.
The country also has its own Linux/Mac OS X-derived operating system, Red Star OS, which sounds much like similar projects in Russia, Iran and China until you realise that unlike those other countries North Korea actually uses Red Star OS. It upholds Linux’s egalitarian ideals too – anyone in North Korea can run Red Star OS even if the computer to load it on is, Like Hitler’s VW Beetle, far beyond the pocket of any citizen.
The picture drawn by HP is of a state bent on using the Internet not to advance its economy but to fund its precarious economy and thereby simply survive. It happily uses cyber-operations for their nuisance value, setting out primarily to destroy and disrupt rather than steal resources. By turning itself into a problem demanding attention it seeks to gain concessions.
Its lack of infrastructure forces it to use resources beyond its borders, something that makes it incredibly vulnerable should governments and policies change but also quite effective in the short run. Sourcing cyber-attacks to North Korea is difficult and is usually done by drawing inferences form target lists that always include South Korea.
“We should not overestimate the regime’s advanced cyber capability, yet we should never underestimate the potential impact of North Korea utilizing less advanced, quick-and-dirty tactics like DDoS to cripple their high-tech targets,” concludes the report.