Here’s what we actually know about North Korea’s cyber program

We hear a lot about Chinese and Iranian hackers, but we don’t usually hear much about North Korea. In the wake of this week’s cyber attacks against South Korean banks and television stations, though, there have been several news reports claiming North Korea is one of the world’s top cyber players. (The image above shows ...

Getty Images
Getty Images
Getty Images

We hear a lot about Chinese and Iranian hackers, but we don't usually hear much about North Korea. In the wake of this week's cyber attacks against South Korean banks and television stations, though, there have been several news reports claiming North Korea is one of the world's top cyber players. (The image above shows South Korean cyber investigators looking into this week's attacks) While there's no doubt that the North Korean military has growing cyber capabilities, most experts wouldn't put them at the top of the list in terms of ability or sophistication.

"Limited internet access, limited electricity, bad infrastructure means that North Korea isn't a place you'd look for a hacker culture," Jim Lewis of the Center for Strategic and International Studies told Killer Apps today. "The tendency is to overestimate their capabilities. When you look at their nuclear weapons or their missiles, yeah they have them, but they're pretty primitive. Hacking probably tracks with their other programs."

"Are they trying? Sure, they've been trying since 1995, 1996 when Korean diplomats in the UN began to take computer programming courses in New York," added Lewis. "But the idea that they have low capabilities in all these areas and high capabilities in this one area [cyber] is just a little bit hard to believe."  

We hear a lot about Chinese and Iranian hackers, but we don’t usually hear much about North Korea. In the wake of this week’s cyber attacks against South Korean banks and television stations, though, there have been several news reports claiming North Korea is one of the world’s top cyber players. (The image above shows South Korean cyber investigators looking into this week’s attacks) While there’s no doubt that the North Korean military has growing cyber capabilities, most experts wouldn’t put them at the top of the list in terms of ability or sophistication.

"Limited internet access, limited electricity, bad infrastructure means that North Korea isn’t a place you’d look for a hacker culture," Jim Lewis of the Center for Strategic and International Studies told Killer Apps today. "The tendency is to overestimate their capabilities. When you look at their nuclear weapons or their missiles, yeah they have them, but they’re pretty primitive. Hacking probably tracks with their other programs."

"Are they trying? Sure, they’ve been trying since 1995, 1996 when Korean diplomats in the UN began to take computer programming courses in New York," added Lewis. "But the idea that they have low capabilities in all these areas and high capabilities in this one area [cyber] is just a little bit hard to believe."  

Here’s what the intelligence unit at cyber security firm Mandiant tells Killer Apps about the North Korean military’s cyber endeavors:

While we are unable to determine the extent of North Korean cyber capabilities, we anticipate they may be capable of offensive cyber operations, cyber espionage, and surreptitious intelligence collection on individuals or organizations they perceive as threatening.

North Korea’s Automation University graduates around 100 skilled cyber specialists each year and several academies and schools in North Korea now focus on training electronic warfare specialists that support at least two hacker brigades. The majority of North Korea’s cyber activities, as reported in the open press, have focused on South Korea. However, we consider that North Korea could target U.S. commercial entities for military or dual use technologies it lacks due to ongoing trade sanctions. During times of heightened political tensions, targeting critical infrastructure or computer networks of either South Korea or the United States might appeal as a perceived lower-risk form of escalation.

We believe North Korea will become more active in the cyber domain as the regime struggles to maintain legitimacy as a military power amid international scrutiny surrounding its nuclear program. Computer network operations employed as a lever of influence, coercion or disruption might appeal to North Korean authorities constrained by the sanctions regime.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.
A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.

Lessons for the Next War

Twelve experts weigh in on how to prevent, deter, and—if necessary—fight the next conflict.

An illustration showing a torn Russian flag and Russian President Vladimir Putin.
An illustration showing a torn Russian flag and Russian President Vladimir Putin.

It’s High Time to Prepare for Russia’s Collapse

Not planning for the possibility of disintegration betrays a dangerous lack of imagination.

An unexploded tail section of a cluster bomb is seen in Ukraine.
An unexploded tail section of a cluster bomb is seen in Ukraine.

Turkey Is Sending Cold War-Era Cluster Bombs to Ukraine

The artillery-fired cluster munitions could be lethal to Russian troops—and Ukrainian civilians.

A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol  January 8, 2009 in Washington.
A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol January 8, 2009 in Washington.

Congrats, You’re a Member of Congress. Now Listen Up.

Some brief foreign-policy advice for the newest members of the U.S. legislature.