Lying in digital ambush
Despite denuclearisation, North Korea posits significant threat with its underrated and proliferating cyber prowess, elaborates Rohan Chandra
Technology has always attracted attention from across the globe with its radical approach. Right from smartphones in our hands to nuclear power in our lands, it has invaded all fields empowering humanity in unprecedented ways. While networking has greatly reduced the gap existing between nations and its people in terms of processes and data sharing, it has inevitably shot up insecurities, thereby scrutinising it. So, the analogy invariably concludes at how if there's a plus, there shall be a minus, to neutralise or to live up to the symmetrical aspect of nature itself. If the cyber age has facilitated the unification of humanity in terms of technology, then it has left a wide loophole in the form of cyberwarfare.
Cyberwarfare stands limited to few powers in the world, sceptically developing both its offensive and defensive operations regarding cyber attacks, espionage and sabotage. In between these limited powers stands a solitary pillar harbouring the capacity to inflict havoc: North Korea. From the time of 'Dear Leader', where implementing "Songun" or 'military first' ideology was prioritised, the scope of a hacker army was envisioned as the world entered cyberage. Ironically, the hermit regime kept itself at bay, thereby portraying an isolated figure while internet and networking integrated the rest of the world. Bloomberg Businessweek's interview with a defector belonging to Kim Jong-il's regime of hackers elaborated on the ambitions and predicaments of the so-called hacker army whose sole purpose was to earn money in foreign lands (largely China) besides minor incursions on Government websites and banking networks. However, this expanded once Kim Jong-un took over with the stakes rising to cyber espionage and sabotage as prime objectives besides money. None of this, obviously, is accepted by Democratic People's Republic of Korea (DPRK) whose vehement claims regarding their overseas cyber activities revolve around their Internet and Computer security solutions. Their indigenous anti-virus scanner 'SiliVaccine' has been developed since 2002 to prevent manifestations of malware in a country which hardly has computers connected to the internet. The same interview reveals the motivation for defection harbouring in the minds of these indistinguishable hackers for whom the picturisation of life back home governed by stringent laws looked uglier than their miserable workaholic lifestyle in a foreign land. Over 100 businesses in association with the North's hacking regime were found to be at the Chinese border cities of Shenyang and Dandong alone, which has been effectively busted by China as per UN sanctions. This, however, urged the relocation of such fronts to Russia and Malaysia, simply highlighting their immense value towards the regime and its cupidity.
North Korea's cyber prowess is notably unheard of which is why their presence is only alarming in terms of the possession of nuclear power. To a desolate state that has recently opened talks with South Korea and the US, cost-effective cyber warfare has supported their urge for nuclear proliferation, funding the development for the same. These recent years have witnessed numerous linkages of cyber incidents to DPRK. Lazarus Group, an elite hacking group linked with the regime, used ActiveX zero-day vulnerability (an attack that exploits a previously unknown security vulnerability) to attack South Korean security think-tank, Sejong Institute. Hackers attacked private ATM accounts in South Korea to steal money from citizens. Last May, the country was responsible for a ransomware called WannaCry - a variant of Petya (Malware), which, for a few days, infected and encrypted computers around the world, using cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible and demands a ransom payment to decrypt them. On May 29, 2018, US issued a fresh warning about malicious North Korean cyber activity, which had two pieces of malware: a remote access tool known as 'Joanap' and a server message block worm commonly known as 'Brambul'. Both of these are tools to the North's cyber threat programme "Hidden Cobra". Lazarus Group can be split into four distinct groups, each with different tactics and targets, according to Crowdstrike, a security firm, as they have issued code names for the North Korean hackers in reference to Chollima, a mythical winged horse that's an important symbol in the Communist nation. Stardust Chollima is responsible for revenue-generating attacks; Silent Chollima is focused on those destructive attacks against media, financial companies, government agencies and contractors; Labyrinth Chollima focuses on infiltrating Western and South Korean targets for espionage purposes, and Ricochet Chollima takes a "smash-and-grab approach" to steal data. South Korea has accused the North of stealing millions of dollars in cryptocurrencies.
It's not hard to comprehend the DPRK's formidable capabilities in IT, having silently built up a sophisticated cyber army capable of pulling off cyber heists, cyber espionage, and dismantling critical Government systems across varied fields. As the world grasped for breath witnessing the Trump-Kim handshake, facilitating denuclearisation of the Korean peninsula – cyberwarfare was completely overlooked since nuclear proliferation is a matter of greater concern, especially with players like DPRK. However, to a country which allegedly possesses the capacity to sabotage worldwide systems and infiltrate military and aerospace mainframes in order to unleash global havoc and inflict damage to people, giving up on nuclear power in front of the world after conducting six nuclear tests through years of perseverance could very well be a deception largely to hide the real intent. It's similar to giving up on your queen early in a game of chess that can either highlight your stupidity or hint at your heightened acumen because, while the opponent thinks they have got you under their clutches, they're unaware of the fact that it is you pulling the strings in the first place.
(The views expressed are strictly personal)