The (Cyber) Mouse that Roared
If someone asked you for a quick list of nations capable of mounting a major cyber attack, it's doubtful that North Korea would be included.
After all, the DPRK is one of the least-wired nations on earth. Aside from a few government agencies and Kim Jong-il's various residences, there is virtually no internet access. Just a few years ago, a North Korean government official said the nation's "young men" were still "trying to figure out the net."
Apparently, North Korea's IT fledgling cadre has made a lot of progress in recent. Hackers loyal to the DPRK--operating from North Korea or other locations--are believed responsible for last week's cyber assault that paralyzed government and commercial websites in South Korea and the U.S. The attacks began on July 4th, and their effects were still being felt four days later.
It was, by all accounts, a sophisticated, well-planned strike. As the U.K. Telegraph reports:
The South Korean intelligence agency told members of parliament that it believed Pyongyang or its agents abroad were behind the attacks.
“This is not a simple attack by individuals,” Seoul’s National Intelligence Service (NIS) said in a statement. “The attack appeared to have been elaborately prepared and staged by a certain organisation or state.”
The Yonhap news agency quoted an unnamed member of parliament who said that the NIS had suggested that the attacks were the work of North Korea or “a pro-North Korean force”.
Experts said that there was no indication of data theft, but because the websites were still affected four days after the attacks began, an unusually sophisticated denial of service attack had probably been used.
Thousands of computers were infected by a virus that flooded websites with traffic, then overloaded their servers and forced them to shut down.
In the U.S., the official websites of the Treasury, Transportation and State Departments were hit with similar attacks. However, agency spokesmen and members of Congress refused to link the strikes with those in South Korea. But media reports suggested the American websites were hacked by the same groups that targeted South Korean government sites.
The weekend attacks offer another reminder of the vulnerability of our computer networks and related systems. Even a nation like North Korea--or its sympathizers--can marshal the resources conduct a large-scale cyber assault on technologically advanced adversaries. Meanwhile, the DPRK is less vulnerable to a similar counter-attack, given its limited access to the internet.
At least one analyst described the assault on U.S. and ROK systems as a probing attack, designed to test our computer defenses. The hackers targeted a variety of business and government sites with a denial-of-service (DOS) attack. On the commercial side, targeted sites included the New York Stock Exchange, NASDAQ and Amazon.com.
The Obama Administration had previously announced plans to appoint a "cyber czar" to oversee computer security in the public and private sectors. Additionally, the Defense Department has created its own cyber command to oversee the military's information operations and computer network defense functions.
And not a moment too soon, judging by the impact of last weekend's attacks. The successful strike reminds us that virtually all future conflicts will contain a cyber element, and some will be built around those operations. As one of the nation's most dependent on the internet, the U.S. is among the most vulnerable. Creation of the cyber czar and cyber command are steps in the right direction, but they represent steps that should have been implemented years ago.
Oddly enough, three Air Force Captains suggested this type of attack would be part of a crippling, asymmetric first strike inflicted on the United States by North Korea and its "coalition" partners. Their scenario was first published in 1998. Events last weekend remind us that such an attack is not only possible, it is becoming increasing probable. Unfortunately, our preparations for that type of contingency remain weak.