Originally Published 2011-12-08 00:00:00 Published on Dec 08, 2011
Two weeks back an unconfirmed media report stated that hackers from North Korea had illegally accessed Email Ids of students and graduates from the Korea University's Graduate school of Information Security.
North Korea's Cyber Skirmishes
Two weeks back an unconfirmed media report stated that hackers from North Korea had illegally accessed Email Ids of students and graduates from the Korea University's Graduate school of Information Security. The incident is currently being investigated by South Korean intelligence and police agencies and Pyongyang's involvement is still unconfirmed.

The Democratic People's Republic of Korea's (DPRK) engagement in cyber warfare activities has been highlighted in several other media reports and government statements emerging from South Korea and sometimes the US. These reports suggest that Pyongyang has been developing offensive cyber warfare capabilities to gain an asymmetric advantage over Seoul. Although there is lack of credible evidence that implicates North Korean government for launching the cyber attacks, the possibility cannot be ruled out given its overall IT capability. It has also been argued by cyber security experts that an offensive cyber warfare strategy will in fact suit Pyongyang's foreign and defence policy.

According to these reports South Korea has been a favourite target for hackers from DPRK. In 2009 several websites in South Korea and the US were shut down due to cyber attacks from North Korea. The same there were reports that the North Korean hackers were able to penetrate into South Korean military networks and obtain information about toxic chemical manufacturing units. Attempts were also made to get access to a software used by Seoul's railway system by an alleged North Korean spy. A parliamentary audit conducted in South Korea revealed that information networks of organisations under the Ministry of Knowledge Economy were subjected to 40 hacking attempts since 2010.

Similar to the 2009 incident, South Korea's banking infrastructure and government establishments were attacked in 2011. The Nonghyup Agricultural Bank's ATM services were disrupted in these attacks affecting 30 million customers. The bank's online services were also inoperative as several of the banks servers had crashed.. The attack began when a contractor downloaded a malicious program into his computer which enabled hackers to access the bank's networks. The South Korean investigation agencies believed that the attack was based out of North Korea and claimed that the servers which were used for triggering the attack on the bank were previously used in other attacks on Seoul. The Minister of Public Administration and Security of South Korea, Maeng Hyeonggyu had publically stated that these attacks had originated from North Korea. McAfee, a cybersecurity firm after conducting an investigation on cyber attacks on South Korea in 2011 stated that the attacks had a close resemblance to the attacks of 2009 and were more sophisticated in comparison. It also suggested that the attacks were an attempt to test Seoul's preparedness and reaction to such situations.

South Korea is one of the most advanced countries in the world that relies on information technology and communication which also makes it more vulnerable to cyber attacks. About 95 percent of South Koreans use internet for their routine activities such as paying utility bills, shopping, medical services and banking. It is also a frequent victim of hacking attempts from China. In response to these incidents, Seoul has strengthened its cyber defences by setting up a cyber command in 2010, but still remains vulnerable to attacks from hackers..

It is believed that the Pyongyang based Korea Computer Centre (KCC) is the central agency which carries out cyber operations. The centre was established in 1990 and as of now possesses eight research and development centres and 11 regional informatics centres. Functioning as an IT company also engages with foreign IT industries and has branch offices in China, Germany and Syria. The best computer sciences students from North Korean universities work for the KCC. It is said that the KCC is aiming to integrate the IT industry as a leading contributor to the country's economy. A Dutch IT company, GPI Consulting, which had conducted an audit of the KCC and other IT related infrastructure of North Korea in 2007, stated that the country could offer interesting business opportunities for European companies. There are about 1200 employees working for the KCC. According to a professor who was imparting offensive cyber skills to the North Koreans and later defected to South Korea, Pyongyang had trained about 3000 hackers in five years.

China's assistance in augmenting North Korea's cyber capability has also been highlighted in certain reports. Investigations of some high profile cyber attacks have revealed a possibility of collaboration between the two. The Seoul police investigating a hacking incident involving online gaming websites identified a link between Chinese and North Korean hackers. While cyber security analysts believe that North Korean cyber attack techniques are crude in nature, it is possible that it could augment its capabilities with technical know-how from China.

(Rahul Prakash is a Research Assistant at Observer Research Foundation)
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.