Asia Pacific

North Korea reportedly stole military plans to wipe out Kim regime as its cyberabilities grow

Bloomberg, AP

The techno-soldiers of Kim Jong Un are growing more aggressive in defending North Korea’s supreme leader against threats from U.S. President Donald Trump and South Korea.

The country’s hackers stole military plans developed by the U.S. and South Korea last year that included a highly classified “decapitation strike” against the North Korean leadership, according to South Korean lawmaker Lee Cheol-hee, who said he has confirmed the hack with defense officials.

The plans were devised as the regime in Pyongyang stepped up nuclear tests and fired long-range missiles toward the Pacific Ocean.

North Korea’s possession of secret war plans would require a major overhaul of how South Korea and its ally Washington would respond if there is another war on the Korean Peninsula.

An unusually aggressive approach to the North by Trump — including rhetoric hinting at U.S. strikes and threatening the destruction of North Korea’s leadership — has some South Koreans fearful that war is closer than at any time since the Korean War ended in 1953 in a shaky cease-fire, leaving the Korean Peninsula still technically in a state of war.

After an investigation, the Defense Ministry said in May that North Korea was likely behind the hacking of the Defense Integrated Data Center but refused to confirm media speculation that the decapitation strike plan had been compromised.

Lee said the plans include operations for tracking the movement of the North’s leadership, isolating their hideouts, executing air assaults and conducting follow-up actions for securing and eliminating targets, which would obviously include Kim.

“There is an urgent need for the military to change and update parts that were stolen by North Korea,” Lee said.

A pre-emptive strike against Pyongyang’s leadership would be difficult but is widely seen as the most realistic of the limited military options Seoul has to deny a nuclear attack from its rival.

Kim, the third generation of his family to rule, is officially revered in the North, and any suggestion of removing him from power is taken extremely seriously in Pyongyang.

Lee said that 235 gigabytes of military documents were taken, but the military has yet to identify 80 percent of the documents that were compromised.

Other stolen data included contingency plans for South Korean special forces and information on military facilities and power plants, he said.

The episode shows North Korea’s progress in infiltrating computer systems around the world three years after its hackers allegedly pilfered documents from Sony Corp. in retaliation for the film “The Interview,” in which two journalists who get an interview with Kim are recruited by the CIA to assassinate him.

If Kim’s cyberwarriors have indeed stolen top-secret intelligence, it raises alarms about the security of U.S.-South Korea information and the effectiveness of potential military options.

“The plan is fundamental to conducting a war operation, and leakage of even a small part of it is very critical,” Lee said in a telephone interview. “How could we fight against an enemy and win a war if it’s already aware of our strategy?”

North Korea has been developing cybercapabilities as trade sanctions and a debilitated domestic economy make investing in conventional military capabilities difficult. As Kim devotes resources to developing nuclear missiles, hackers offer a cost-effective way to threaten rivals that are highly reliant on technology systems.

“There is no doubt that they are using their capability in creative ways,” said Fergus Hanson, head of the International Cyber Policy Centre at the Australian Strategic Policy Institute in Canberra. “Stealing battle plans is obviously a good idea from a military point of view, and they’re also monetizing their capability to get around sanctions.”

The U.S. defended its capabilities despite the alleged hack. In a briefing with reporters, Pentagon spokesman Col. Robert Manning wouldn’t discuss whether any breach had occurred but said the U.S. has confidence in the security of its intelligence and its ability to deal with North Korean threats.

It wasn’t immediately certain whether the strike plans allegedly stolen by North Korea could have been a decoy in the long-running war of espionage between the two Koreas.

While North Korea allows internet access to only a small portion of its population, it began to train its techno-soldiers in the early 1990s, according to South Korea’s Defense Security Command. The country probably employs 1,700 state-sponsored hackers, backed by more than 5,000 support staffers, Hanson said.

North Korean hackers made international headlines in 2014 when they allegedly broke into Sony’s Hollywood operation as it was preparing to release “The Interview.” Sony Chief Executive Officer Kazuo Hirai called the attack “vicious and malicious,” and it led to embarrassing revelations.

Last year, a group linked to North Korea, called Bluenoroff, allegedly stole money from Bangladesh’s central bank.

In May, a group called Lazarus was linked by security researchers to a global ransomware attack that affected more than 300,000 computers.

This year, the country’s hackers appear to have stepped up their efforts to secure bitcoin and other cryptocurrencies that could be used to avoid trade restrictions. They have increased attacks on exchanges in South Korea and related sites, according to the report from security researcher FireEye Inc.

“For South Korea, these targeted attacks from North Korea are not new. South Korea has relatively strong cybersecurity, but it faces an adversary with a significant asymmetric advantage,” said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye. “North Korea has little connectivity and relatively limited reliance on technology, making it less vulnerable to attacks.”

North Korean diplomats and official media have denied that the country played any role in cyberattacks, including the hacking of Sony.

Still, the attacks have prompted South Korea to raise an army of its own cyberwarriors and increase spending to deal with the threat.

South Korea says North Korea has carried out six major cyberattacks on its institutions since 2009, including an attack on one of South Korea’s largest banks, Nonghyup, that left about 30 million account holders unable to withdraw money for days in 2011.

“What’s embarrassing is that this was caused by an absurd mistake by our own military,” said Lee. “They’re not supposed to move and save such important files in PCs. This is an incident that could have been prevented if the military abided by the basic security rules.”