North Korean electro-magnetic pulse able to attack US via South Pole

News by Steve Gold

North Korea more likely to attack than most nation states: 3,000 cyberwar hackers and counting...

Back in the 1950s, the US threw many millions of dollars at analysing the military capabilities against the then growing threat posed by the USSR.

Six decades on, we have social networking, crowd-sourcing and the Internet - and HP has been quietly analysing the latest growing threat of North Korea, without requiring anywhere near the investigative investments sanctioned by President Eisenhower in 1953.  

In HP's latest security analysis - entitled `Profiling an enigma: The mystery of North Korea's cyber threat landscape' - HP explains how, by augmenting existing Internet resource data with open source intelligence (OSINT), it has been able to paint a picture of North Korea's cyber warfare capabilities.

So why would North Korea develop a cyber warfare capability? The answer, says the report, is that the nation's physical capabilities are physically and geographically limited. Using the Internet as a medium, however, makes the theatre of war global.

According to Kim Heung-Kwang, a North Korean defector and former computer science professor, the North Korean regime has several motivations for expanding its cyber warfare capabilities. These include the nation's schools focusing on maths, creating an environment that fosters programmers, cryptographers, and security researchers amongst its students.

"Considering the separatist nature of North Korea's infrastructure, cyber warfare provides a strategic advantage since outbound attacks are possible, but inbound attacks would have limited reach," says Heung-Kwang, adding that cyber warfare allows North Korea to leverage the Internet's inherent flaws for offensive purposes while maintaining its defences, primarily air-gapping its most critical networks from the outside world.

GPS jamming and an EMP against the US

Cyber warfare is often considered to be purely an Internet attack medium, but it can also be a means of harvesting intelligence, and it seems that North Korea has been active in this area, developing its GPS jamming capabilities and reportedly gaining access to more than 40 per cent of South Korea's military wireless networks.

It has also, says HP's analysis, given the nation the capability to stage an EMP (electro-magnetic pulse) attack - via missiles launched across the South Pole - against the US. This is no hyperbole either, as the report references a US Department of Homeland Security report on the subject.

According to Professor John Walker - a visiting professor with Nottingham-Trent University's School of Science and Technology - if you mentioned the topic of nation state cyber warfare just five years ago, there was a strong risk (which he attests to first-hand) of being branded a lunatic and a scaremonger.

"Thankfully attitudes have changed, and in the wake of documented evidence of intent - as detailed in China's Master Plan to Destroy America, co-authored by Qiao Liang and Wang Xiangsui - it is clear that technology can be used as a weapon," he said.

Cyber Weapons, says Professor Walker, have many advantages, ranging from value maximisation in a theatre of war situation, all the way to giving a small country a first strike capability.

He told SCMagazineUK, that they have the capability to cause chaos by interfering with electronic systems in a given country, including disrupting road and other transport systems, including air traffic control mechanisms.

Against this backdrop, Professor Walker points out that, just because the `good guys' have taken steps to secure critical national infrastructure assets, there is no reason to expect that the `bad guys' cannot overcome the defences - a situation he says is quite likely, given China and North Korea's cyber warfare capabilities.

Limitless resources

Craig Carpenter, chief cybersecurity strategist with AccessData, the digital forensics and cyber incident response specialist, agreed with Professor Walker's analysis, noting that state-sponsored hackers have virtually limitless resources and time to identify, create and exploit vulnerabilities on target organisations' networks.

The Heartbleed bug, he says, demonstrated that it is likely that there is some vulnerability already on organisations' networks about which they aren't even aware.

"The safest approach is to assume that your organisation will be compromised. This means that detection, confirmation and rapid remediation are key. Your organisation needs to be aware of real compromises, not false alarms, so that they can be shut down as quickly as possible," he said.

"An era of continuous compromise calls for a response that is equally continuous, fast and comprehensive. It also demands greater insight. As an industry, we need to focus on the integration and sharing of threat detection and response to address these state-sponsored, sophisticated attacks," he added.

2000: a South Korean hacker conference

Tom Cross, director of security research at Lancope, said that he attended one of the first hacker conferences in South Korea fourteen years ago.

"Several senior government and military officials attended this conference and were already preparing at that time to respond to the threat of cyber attacks from the North. Since then there have been several visible attacks that are suspected of having been launched by North Korea, although it can be challenging to attribute attacks on the Internet with any degree of certainty," he explained.

Cross went on to say that, today, cyber attacks are a reality that every nation state in the world has to contend with and most have both offensive and defensive programs.

"Nation states use the Internet both for espionage as well as attacks that disrupt, degrade, and destroy their enemy's infrastructures. Cyber attacks are thought to be most useful when launched in conjunction with conventional warfare, but for a nation like North Korea that wants to send political messages to the rest of the world, a computer based attack that damages infrastructure may represent a demonstration of capability that they find politically useful," he said.

"Therefore, the risk that North Korea would launch cyber attacks is likely greater than for most other nation states," he added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews