United States remains vulnerable to North Korean cyber-attack, analysts say
North Korea has cultivated an increasingly sophisticated group of hackers.
— -- As North Korea blusters about launching missile strikes against the United States and its allies, experts are warning that aggressive action from North Korea is more likely to come from cyber space.
While Kim Jong-Un has struggled to develop a traditional arsenal to rival those of his enemies as international sanctions have barred Pyongang from the global financial system, North Korea’s military has cultivated an increasingly sophisticated group of hackers capable of launching cyber-attacks on Western and Western-backed targets.
John Carlin, a former assistant attorney general for national security and an ABC News contributor, said the government hasn’t done enough to protect the country’s core infrastructure from North Korea and other cyber threats.
“We're still vulnerable,” Carlin told ABC News. “The threat in this space way outmatches what our current defenses are. It needs to be a top priority of this administration and this Congress to fix it … You’ve seen all these attacks take place. It’s not a hypothetical.”
He cited two recent examples of cyber-attacks U.S. officials suspect were carried out by North Korea. In 2014, a group calling themselves the Guardians of Peace hacked Sony Pictures Entertainment, delaying the release of The Interview, a comedy starring Seth Rogen and James Franco that depicted a fictional assassination attempt on Kim Jong-Un. In the following days, the hackers released proprietary information and embarrassing emails, costing the studio millions of dollars.
In 2016, hackers stole $81 million of Bangladeshi funds from the Federal Reserve Bank of New York through the SWIFT network, a financial messaging service used by thousands of banks around the world. According to The New York Times, U.S. officials are investigating whether North Korea was involved because the hackers used a piece of code that also appeared in the cyber-attack on Sony.
The North Korean government has denied any hacking allegations, but the Russian cybersecurity firm Kaspersky released a report earlier this month linking the hacker group “Lazarus” to both the Sony and SWIFT attacks and tracking “Lazarus” back to an IP address in North Korea.
In January, President Donald Trump pledged to appoint a team to deliver a plan to address U.S. cybersecurity vulnerabilities within 90 days of his inauguration, but Carlin noted that deadline has come and gone without a plan or a team in place.
“I can't think of a more urgent problem facing this administration, but as of yet we haven't heard what their strategy will be,” Carlin said. “I hope that it goes to the top of their agenda.”
A senior administration official declined to comment on when the president’s cybersecurity plan might be made public but told ABC News that, despite reports to the contrary, a “fully functional” cybersecurity team led by White House National Security Council cybersecurity coordinator Robert Joyce is already in place. Related efforts spearheaded by Jared Kushner and Rudy Giuliani are also underway, the official said, but it is Joyce who will set cybersecurity priorities.
The official acknowledged, however, that the government has “a long way to go” when it comes to cybersecurity, citing vulnerabilities in some federal networks.
“There are over 200 departments and agencies and they’re not all equipped to do cybersecurity right,” the official said. “Nobody would be credible if they claimed anything different.”
Those vulnerabilities could be exploited by foreign hackers. A cyber brigade is easier to develop than a traditional fighting force, even for a country with extremely poor network infrastructure. North Korea only made its first known connection to the Internet in 2010, and access remains tightly controlled by the government and limited to only a select group of citizens. As a result, Internet use in North Korea is among the lowest in the world, with only about 14,000 Internet users in the country in 2016, according to the International Telecommunication Union (ITU) within the United Nations.
An extensive report on North Korea's cyber capabilities compiled in 2014 by the technology firm HP determined that North Korea’s poor connectivity hasn’t stopped its government from building a team of so-called “cyber warriors.” Defectors say the regime identifies schoolchildren who show promise in mathematics, sends prospects to elite academies for rigorous computer science training and eventually recruits successful students into a cyber operations branch of the military. These “cyber warriors,” HP says, are some of the only North Koreans with access to the Internet.
"If they're going on the offensive, cyber makes a lot of sense for them," said Martyn Williams of 38 North, who specializes in coverage of North Korea's technological capabilities. "Some of those things you see in the parades look scary, but they don't have the resources to match the weaponry of the United States or South Korea. When it comes to cyber, it's much easier to become a formidable opponent, so it's a much more even playing field."
The exact size of the force, which is spread out among several different units overseen by the Reconnaissance General Bureau (RGB) within the General Staff Department of the Korean People's Army, is unknown, but a South Korean government analysis also conducted in 2014 estimated that the force could include nearly 6,000 soldiers, many of whom operate in foreign countries to hide their activity. The HP report pinpointed the location of one group, for example, called Unit 121, which is believed to have launched attacks on “enemy networks” in both the United States and South Korea from China, not far from the North Korean border.
John Bambenek of Fidelis Cybersecurity, who frequently consults for U.S. government agencies, says that many U.S. institutions, most notably banks, are also unprepared to defend themselves against a hostile intelligence service.
“Would they be able to compromise the CIA? No,” Bambenek said. ”But I think they could certainly go after soft target.”
Cyber thefts from financial institutions could bring security concerns about North Korea full circle, raising the question of whether North Korea might be pouring those allegedly stolen funds into its missile program.
Anthony Ruggiero, a senior fellow specializing in North Korea at the Foundation for the Defense of Democracy, says these alleged heists could be part of a new strategy to circumvent the international sanctions designed to cripple the missile program.
“North Korea has a long history of engaging illicit activities to acquire funds for its nuclear missile program, which they see it as key to the regime’s survival,” Ruggiero said. “As we squeeze more and are more successful, they may turn to illicit activities more. Cyber is one of the tools in their toolkit.”
ABC News' Cho Park contributed to this report.