SEOUL, South Korea — They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection.
Ever since the 1980s, reclusive North Korea has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States. In more recent years, cybersecurity experts say, the North Koreans have spread these agents across the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the homeland is attacked.
Now this force of North Korean cyberhacking sleeper cells is under new scrutiny in connection with the ransomware assaults that have roiled much of the world over the past four days. New signs have emerged not only that North Koreans carried out the attacks but also that the targeted victims included China, North Korea’s benefactor and enabler.
As evidence mounts that North Korean hackers may have links to the ransom assaults that destroyed more than 200,000 computers, their motives appear twofold: financial gain — which does not appear to be turning out so well — and proof that Pyongyang has the means to cause significant damage, with or without a nuclear weapon.
Cyberattacks are also a way for the country to inflict damage with little risk of a military response. They are inexpensive and hard to trace, and they can be profitable.
Until last year, nation states rarely used cyberattacks for financial gain. China has been tied to attacks aimed at stealing trade secrets. A handful of countries, including Russia, the United States, Iran and North Korea, have also used cyberweapons.
North Korea has been tied to gunrunning, jewel smuggling, illegal gambling and counterfeiting to pay for its military and the lifestyle of the government, but as foreign nations have clamped down on those activities Pyongyang has turned to cyberattacks for badly needed funds.
“North Korea was always a state criminal, sheltered behind sovereignty, and now they’ve moved this into cyberspace,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington … (read more)