Claims that North Korea could fire nuclear weapons at the continental US present a serious threat to global security. But its hostile activities don’t end there. North Korea has also become an aggressive cyber power, regularly using cyber attacks to advance its interests.
Last month, a threat intelligence firm, Recorded Future, reported that North Korea may have been using New Zealand’s internet networks as proxies to launch cyber attacks worldwide. The New Zealand government’s Communications Security Bureau is assessing the veracity of these claims.
The report suggests that North Korea may have both a physical and a virtual presence in New Zealand. It raised the possibility of a network of “patriot hackers” using New Zealand cyber networks to pursue the aims of the North Korean regime.
North Korea’s history of cyber attacks
Cyber attacks have become a wide-ranging tool in the arsenal of authoritarian governments to coerce and intimidate foreign governments, to subvert democratic processes, and to impose costs on their adversaries.
In North Korea’s case, this pattern of activity stretches back many years. North Korea is estimated to have an army of 6,000 hackers, engaging in malicious cyber activity regularly.
In March 2013, hackers linked to North Korea attacked South Korean banks and media agencies, causing widespread disruption. In November 2014, cyber attacks against Sony Pictures followed the release of the film The Interview, which caricatured and mocked the North Korean leader.
The attack led to the release of personal information on thousands of Sony employees and the cancellation of the film’s launch. The incident quickly escalated into a serious diplomatic dispute between the US and North Korea.
In 2016, a Bangladeshi bank became the victim of North Korean hackers. Reports said that US$81 million were lost through compromised financial transactions.
Most recently, the WannaCry ransomware attack, which affected computers in more than 150 countries, has been linked to the Lazarus group of hackers, which has links to the North Korean regime. This suggests North Korea is now using state-sponsored hackers to help raise revenue for a country starved of access to international markets and funding.
Cyber attacks further threat to nuclear security
Analysis of North Korea’s activities often misses the connections between cyber and nuclear security. North Korea’s nuclear program has itself become a victim of cyber attacks.
A report in the New York Times in March this year revealed that the Obama administration ordered a campaign of cyber subversion aimed at North Korea’s nuclear and missile programs. It mirrors the now infamous Stuxnet attacks directed against Iran in 2010.
In the absence of progress on North Korean disarmament, delaying its ability to pursue nuclear weapon programs through cyber attacks has become a feature of US strategy. It’s a strategy that may yield short-term results, but presents significant escalatory dangers.
Cyber attacks pose increasingly serious risks to classified nuclear information, the security of nuclear facilities, and the integrity of the components that nuclear arms and missile technologies rely on.
Last year, the UK government was warned that its trident nuclear submarine program was vulnerable to cyber intrusions. The think-tank report Hacking UK Trident: A Growing Threat argued that a cyber attack directed against the submarines could:
… neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly).
In June this year, the US government reported multiple cyber breaches of its own nuclear installations. This followed similar revelations about attacks directed against South Korea’s nuclear reactor operators Korea Hydro and Nuclear Power Co Ltd in 2015.
Another concerning aspect of the cyber-nuclear nexus is that hacking could facilitate the proliferation of nuclear materials and technology to other aggressive states and non-state actors.
Reining in North Korea
The growing connections between nuclear and cyber security are changing the strategic balance between nuclear powers in subtle and undetermined ways. Approaches to dealing with the North Korean regime must treat these issues as related.
So what can be done about North Korea’s aggressive use of the internet? Unfortunately, just as with its nuclear program, there few good options. Sanctions imposed on the regime for its cyber activity, such as those following the Sony hack, have proved ineffective at changing the regime’s behaviour.
China and Russia may have a role to play in persuading Kim Jong-un to “play nicely” in cyberspace, but both countries also have a long history of malicious cyber operations.
There are examples where states have given up destructive weapons programs. These include Colonel Gaddafi’s regime in Libya and the more recent Iran deal. However, the difficulty of verifying whether offensive cyber programs have been dismantled presents a major obstacle.
Cyber armies operating from a virtual realm can easily be hidden. Given that punishing the North Korean regime for its behaviour has not yielded results, it may be time to start thinking about a range of positive inducements to bring the country back into the international community, including offering diplomatic talks without precondition.
Rewarding North Korea for its errant behaviour may be unpalatable, but the combined danger of its nuclear and cyber capabilities would appear to warrant a significant shift in strategy.
Authors: Joe Burton, Senior Lecturer, Institute for Security and Crime Science, University of Waikato