North Korea and the Asymmetric Power of Hacking

Pyongyang is believed to have stolen 235 gigabytes of confidential information from South Korea's military network, which purports to include information about the plan for retaking North Korea in the case of unification.

First Published 13th October 2017

North Korea and the Asymmetric Power of Hacking

Truman left many things in South Korea. A sufficient cybersecurity defence wasn't one of them.

4 min read  |  Reflare Research Team

Statements by South Korean lawmakers released this week claim that North Korea successfully hacked into South Korean military networks in 2016 and stole highly confidential documents. In this briefing, we will take a look at the implications and re-visit why relatively small countries often have strong cyber capabilities.

What happened?

According to South Korean lawmaker Rhee Cheol-hee, North Korea stole 235GB of confidential information from a South Korean military network in September 2016. Among the stolen information is a document referred to as Operational Plan 5015 - a document allegedly outlining US and South Korean strategy in the event of a war with North Korea.

No details on the specific attacks used in the breach are currently available. As the attack was against a military target, it is very unlikely that such details will be released in the future.

What are the implications?

Much of the impact of the breach depends on whether or not the leaked plans were authentic. All parties involved in the conflict have long histories of intense spying and counter-spying efforts, including the placing of false information to throw adversaries off track. If the plan itself or the data cache in its totality should turn out to be a decoy, the impact of the breach will be negligible.

On the other hand, should the information be authentic, it may greatly interfere with US military actions during this period of heightened tension with North Korea. A successful breach of authentic data also raises concerns regarding whether South Korea and the United States will be able to successfully protect their military networks in the future.

Where do North Korea’s cyber capabilities come from?

As we have noted in previous briefings, relatively small government actors often have strong cyber capabilities. A number of factors create this situation.

Firstly, it is significantly cheaper to develop offensive cyber capabilities than traditional military capabilities. The cost of building a single long-range missile can fund an entire cyber warfare program.

Secondly, the anonymous nature of the internet means that cyber attacks can be denied. While a missile or artillery shell irrefutably links the attacking nation to the attack and thus incurs international repercussions, proving the origin of a cyber attack is exceedingly difficult. Thus, cyber-attacks are hard to deter.

Lastly, information regarding cyber security is readily available - at least when compared to military secrets and schematics. Most of the information required for building offensive cyber capabilities is readily available on the internet. Other information or weaponized exploits can be bought on unregulated anonymous marketplaces. Thus sanctions and embargoes are not effective against such programs. North Korea’s recent targeting of cryptocurrency marketplaces might indicate that they are gathering currency to acquire just such information.

Subscribe by email