The threat of North Korea’s city-destroying killer hackers

gop-170Remember the “Guardians of the Peace”?

They are the hackers who compromised the computer systems of Sony Pictures last year.

In their attack they displayed ghoulish skulls on employee’s screens and stole terabytes of email archives containing details of what executives really thought of Angelina Jolie, and the pseudonyms stars use when they booked into hotels.

Nobody died, no cities were destroyed.

Sign up to our free newsletter.
Security news, advice, and tips.

But still, it was all pretty embarrassing for Sony, which – to be honest – has had a long history of being humiliated by hackers.

And, naturally, the hack caught the attention of the media – which speculated that the attack might be connected to a Sony Pictures comedy about the assassination of Kim Jong-un.

The White House certainly seemed convinced of the hackers’ connection to North Korea (despite the skepticism of some in the computer security industry), and within days of the hack making worldwide headlines announced that it had evidence that Pyongyang was behind the attack, and imposed sanctions.

Pretty serious stuff.

But, it turns out, not that serious at all. Because at the end of last week a BBC News report reported a defector’s claims that North Korean hackers “could kill”.

BBC News report

Prof Kim Heung-Kwang taught computer science at Hamheung Computer Technology University, before escaping North Korea in 2004.

Professor Kim says that former students of his have joined North Korea’s military hacking unit known as Bureau 121, which now has approximately 6000 trained hackers on its payroll. Kim further estimates up to 20% of North Korea’s military budget is spent on internet attacks.

I don’t know how large North Korea’s military budget is, but considering its tense relationship with South Korea I am amazed that such a large proportion would be spent on a hacking unit.

But then, Professor Kim paints a picture of North Korea’s apocalyptic cyberwarfare capabailities:

Excerpt from BBC News report

“The size of the cyber-attack agency has increased significantly, and now has approximately 6,000 people,” he said.

He estimated that between 10% to 20% of the regime’s military budget is being spent on online operations.

“The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber war capacity,” he added.

“Their cyber-attacks could have similar impacts as military attacks, killing people and destroying cities.”

Hmm. A little hyperbolic, perhaps?

Terminator 2We’ve had nonsense like this before, of course.

Remember when the Daily Mail ran a story entitled “How a North Korean cyber attack could cripple Britain: Jets falling from the sky. Drinking water poisoned. Nuclear reactors ablaze. With chilling realism, a war historian imagines what would happen”?

I have no doubt that North Korea, like many countries around the world, has military cyber-attack capabilities.

For instance, I wouldn’t be surprised if North Korea was investing resources in attacks like Stuxnet (a notorious piece of malware, launched by the United States and Israel to disrupt an Iranian nuclear facility).

Coincidentally, just last week reports came out that America had attempted – and failed – in a plot to meddle with North Korea’s nuclear programme through a Stuxnet-like attack.

Earlier this, year for instance, South Korea accused North Korean hackers of breaking into networks to steal details of 23 nuclear reactors.

But there’s a big difference between that and “destroying cities”.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

4 comments on “The threat of North Korea’s city-destroying killer hackers”

  1. Anonymous

    He's probably got a lot more deprogramming to under go. This idea sounds more like N.K propaganda than anything else. And if he escaped in 2004, why/how is this information only coming to light now?

    1. Graham CluleyGraham Cluley · in reply to Anonymous

      Fair point about 2004, although he says he never taught hacking himself I imagine he's claiming to still have information regarding what's going on in N Korea.

    2. Coyote · in reply to Anonymous

      Or scaremongering in order to encourage attacks against NK (why it comes out now could – and could not – be related). You reap what you sow, we all know this – not every acknowledges it but it is still a known phenomenon. That seems more plausible given some of his statements:

      Prof Kim has called on international organisations to take action over North Korea's cyber-activity.

      "We need to collect the evidence of North Korea's cyber terrorism and report them to UN Human Rights Council and other UN agencies," he told the BBC.

      Good idea – why didn't he think to collect evidence first ? Right, FUD, slander/libel and generally defamation.

      "If North Korea continues to cause damage in this way, an organisation such as Icann should ban North Korea."

      Shows rather amusing ignorance of what Icann is and isn't. It also shows rather severe ignorance to how the Internet works, as well as where NK gets service (or is expected to), the latter point being less relevant. This is ignorance that would make anyone who sees this – and it is glaringly obvious – to question his credibility seriously (and about more than just networking). There's a reason for that. Among them – the idea to take away the .kp domain. Yes, because a ccTLD is what comes before IP addresses, right ? And Icann has control of all regions IP allocations too (or for that matter…), right ? Wrong on both accounts (it is amusing, also, who created the predecessor to the Internet – and controls Icann – considering how much the two countries don't get along). And lastly, as someone else points out:

      Martyn Williams is a journalist who follows closely the development of technology in North Korea.

      He told the BBC: "I think it's important to underline that this is theoretical and possible from non-North Korean hackers too.

      Indeed true on all accounts. Which is somewhat similar to my point about MAD and how NK wouldn't feel comfortable otherwise. Once the atom has been split – and it was long ago – and once a country has penetrated another country's network (of course countries are rather late but that's besides the point) or cut their cables, there's no going back – what's done is done and that's all there is to it.

      But on second thought, maybe you mean propaganda by the south – or this professor – in order to make villains out of NK?

      For whatever harm NK has in mind or has done globally and locally, there's provocations on all sides, and no sides is completely innocent – all sides have caused harm.

  2. Coyote

    I saw this the other day and I wanted to write about it myself but completely forgot about it. Basically this is FUD just like some other claims some have made over the years (and will continue to make). This person should offer much more than what he does if he's so certain of this. Otherwise it might as well be slander (and maybe libel). Regardless, it is still FUD.

    But I'll humour him for a moment. Let's assume that his claims are correct. Does anyone truly believe that other countries wouldn't do the same and in fact aren't actually doing at this time? We can't forget, also, that there's one country that has used nuclear warfare in a war, warfare that has gotten far more powerful over the years. That country isn't North Korea. Let's also remember that the US has used chemical weapons, herbicides and the like (I'm not sure about chemical weapons per se. in wartime but they did use herbicides; however, they did test much more than one would like to believe they were capable of, outside war, some willingly and some unwillingly and unknowingly). Put all that together and NK's supposed actions/abilities are merely in line with other countries and after all, isn't the world wants from them ? I don't support them or oppose them but if you keep in mind MAD – mutual assured destruction – you can't really expect them to feel comfortable lacking abilities that other countries have; the meaning applies to cyberspace too.

    But the reality is this person hasn't been in NK in a long time so how does he really know what's going on in one of the most (if not the most) secretive states ? He is either making part of the story up or he isn't telling the full story. That or speculating.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.