North Korea’s ‘Ruthless Magic Weapon: The Cyber Warrior Factory Behind The Sony Hack — Gifted Children Hand-Picked To Hone Their Cyber Skills Against The Enemies Of Kim Jong-Un
The December 18, 2014 edition of the London newspaper — TheDailyMailOnline — reports that “just like in a Bond movie, an army of teenage geniuses tap away at keyboards in fortified, complex tucked away from prying eyes in a rouge state….bent on bringing cyber-carnage to their Western enemies — on orders of their leader, bent on revenge.” “But,” Flora Drury, writing for The Daily Mail, writes this “isn’t the plot line from a film. This is North Korea in 2014. And, the cyber warriors inside have diverted from their usual work of disrupting governments and big businesses, to turn their collective fury on Sony.”
“The building, the Kml ll-Song Academy, is one of the four North Korean universities known to train children, hand-picked for their intelligence from all around the country, and turn them into recruits for an elite group of hackers simply known as Unit 121, or Bureau 121.” “The unit dances to the tune of Kim Jong-Un, and his Reconnaissance Bureau. This is the North Korean entity that “is widely suspected to be behind the Sony Pictures hack — in revenge for the release of the Sony film, “The Interview,” — a comedy staring Seth Rogan which features the fiery death [assassination] of the supreme leader – Kim Jong-Un — whom I also call, ‘Mini Me.’
Ms. Drury writes that the “work could also be the work of Dark Seoul — which some experts to be another name for Unit 121. A Hewlett Packard report released earlier this year, notes, “North Korea’s premier hacking unit , Unit 121, trails Russia and the U.S. as the world’s third largest cyber unit.”
“It is Jong-Un’s preferred method of warfare for one simple reason,” Ms. Drury writes, “it is far cheaper to hack a computer that it is to build a nuclear submarine. And, as the country spends 10 times less than China on defense every year, cut-price warfare is key.” “It also comes with an added bonus: computers, the Internet and email are severely restricted by the regime, so the network is relatively small — which makes a counter-attack, and investigations difficult.”
North Korea’s “crack hacking team is recruited young,” Ms. Drury writes, “talented teenagers are picked out at an early age, and sent to Geumseong Middle School in the capital Pyongyang,” according to The Korean Herald.
Kim Heung-kwang, a former Computer Science Professor in North Korea who defected to South Korea in 2004, told al Jazeera in 2011: ‘There is a pyramid- prodigy recruiting system — where smart kids all over the country — students who are good at math, coding and possesses top analytical skills — are picked up to be grouped at Geumseong. Once they graduate, it is thought they are sent to one of four universities — Kim Il-Sung Military University, Command Automation University, Kim Chaek University of Technology, or Moranbong University. Kim Jong-Un is frequently pictured at these institutions; but, whether he has any skill at hacking is unknown,” Ms. Drury writes. “However,” she adds, “it was reported he was ‘obsessed’ with video games while at school — suggesting he knows his way around computers.”
Spots in this elite hacking group is highly coveted Ms. Drury notes, as “more than 2,500 students apply for a place at Command Automation University each year — which stands behind barbed wire fences — studying for five years in the hope of getting a place in Bureau 121.” Heung-kwang said: “It’s a great honor for them. It is a white-collar job there, and people have fantasies about it.” Jang Se-yul, who studied at Automation University before defecting six years ago, said Unit 121 is now made up of 1,800 cyber-warriors, and is considered the elite of the military. For them, the strongest weapon is cyber. In North Korea, it is called Secret War,” Jang said.
Upon graduation, “the soldiers are often sent abroad to their operations. One of Jang’s friends works in an overseas team of the unit, and is ostensibly an employee of a North Korean trading firm. Back home, Jang’s friend and his family have been given a large, state-allocated apartment, in an ‘upscale’ part of Pyongyang,” Ms. Durury noted. ‘No one knows…his company runs business as usual. That’s why what he does is scarier.’ he added. ‘My friend, who belongs to a rural area, could bring all his family to Pyongyang.”
“Incentives for North Korea’s cyber experts are very strong…they are rich people in Pyongyang.”
“Jang is not the only person to claim there are [North Korean cyber] operatives overseas: The Korean Herald says as many as 1,200 professional [North Korean] hackers’ are [currently] working in foreign countries,” TheDailyMail noted.
“A report into the [North Korean] cyber threat by [then] U.S. Major Steve Sin in 2009, revealed Unit 121 had a base in the Chilbosan Hotel, in Shenyang, China, from where they could launch attacks. The 164-room, three-star hotel — which is jointly owned by North Korea and China — is advertised as being a good option for both business and leisure travelers,’ and boasts a billiards room, beauty salon, shopping arcade, and night club.” One defector said that the North Koreans had used the hotel till at least 2004;” but, it is unknown whether or not that Pyongyang is still utilizing it as a cyber launching pad. “A second international hotel, the royal St. Regis in Bangkok, Thailand, has been implicated in the Sony hacking scandal,” according to previous open source reporting. What isn’t known; or, hasn’t been disclosed, is whether the North Korean St. Regis Sony Hack — came from a guest room, a public area like a lobby, or a separate location. It is also not impossible,” TheDailyMailOnline wrote, “that the IP address for the St. Regis was accessed remotely,” — as the hackers attempted to muddy their digital footprints.
“A total of 25 cyber attacks have been linked to North Korea, or Dark Seoul, in the past decade…with the most occurring since 2010. The attacks have come in different forms. But, North Korea is best known for their denial-of-service attacks — where a machine, or host is temporarily unavailable. However, the Center for Strategic and International Studies (CSIS), cites the first major [North Korean] hack as having happened in April, 2011, when South Korea’s Nonghyup Agricultural Bank was targeted,” the paper said. “A second major hack took place in March 2013, this time targeting multiple banks and broadcasting agencies with disc wiping tools,” the CSIS Report said.
“But, [North Korean hacking] attacks in the U.S. and Europe have been relatively rare, with just one incident involving the U.S. [prior to the Sony hack] State Department in 2006. Defectors allege that [North Korean] hackers are targeting certain websites — in order to get information about nuclear warheads — but, this allegation has not bee proved,” at least in the open press.
Clearly, North Korea is getting more sophisticated and clever when it comes to cyber warfare; and, Pyongyang no doubt views cyber as a cheap man’s — global disruptive weapon. What is also worrisome here is the perceived weakness of POTUS Obama and his national security team. al Qaeda, the Islamic State, and others are watching how this White House responds to this North Korean provocation. If we have another Syria Red Line type of reaction where North Korea’s actions go unpunished, we are only inviting more of these kind of hacking attacks; and, al Qaeda or the Islamic State may decide to also get into this game — and, start hacking critical infrastructure. V/R, RCP