Here’s what we actually know about North Korea’s cyber program

We hear a lot about Chinese and Iranian hackers, but we don’t usually hear much about North Korea. In the wake of this week’s cyber attacks against South Korean banks and television stations, though, there have been several news reports claiming North Korea is one of the world’s top cyber players. (The image above shows South Korean cyber investigators looking into this week’s attacks) While there’s no doubt that the North Korean military has growing cyber capabilities, most experts wouldn’t put them at the top of the list in terms of ability or sophistication.

"Limited internet access, limited electricity, bad infrastructure means that North Korea isn’t a place you’d look for a hacker culture," Jim Lewis of the Center for Strategic and International Studies told Killer Apps today. "The tendency is to overestimate their capabilities. When you look at their nuclear weapons or their missiles, yeah they have them, but they’re pretty primitive. Hacking probably tracks with their other programs."

"Are they trying? Sure, they’ve been trying since 1995, 1996 when Korean diplomats in the UN began to take computer programming courses in New York," added Lewis. "But the idea that they have low capabilities in all these areas and high capabilities in this one area [cyber] is just a little bit hard to believe."  

Here’s what the intelligence unit at cyber security firm Mandiant tells Killer Apps about the North Korean military’s cyber endeavors:

While we are unable to determine the extent of North Korean cyber capabilities, we anticipate they may be capable of offensive cyber operations, cyber espionage, and surreptitious intelligence collection on individuals or organizations they perceive as threatening.

North Korea’s Automation University graduates around 100 skilled cyber specialists each year and several academies and schools in North Korea now focus on training electronic warfare specialists that support at least two hacker brigades. The majority of North Korea’s cyber activities, as reported in the open press, have focused on South Korea. However, we consider that North Korea could target U.S. commercial entities for military or dual use technologies it lacks due to ongoing trade sanctions. During times of heightened political tensions, targeting critical infrastructure or computer networks of either South Korea or the United States might appeal as a perceived lower-risk form of escalation.

We believe North Korea will become more active in the cyber domain as the regime struggles to maintain legitimacy as a military power amid international scrutiny surrounding its nuclear program. Computer network operations employed as a lever of influence, coercion or disruption might appeal to North Korean authorities constrained by the sanctions regime.