This week the U.S. Department of Defense published its annual report to Congress on military and security developments Involving the DPRK. The 20-page unclassified document provides a good if brief overview of the current state of North Korean armed forces. For tech-watchers, it doesn’t include any surprises.
The country’s cyber warfare capabilities were addresses in one carefully worded paragraph. The DoD noted the allegations made in South Korea that the DPRK was behind several attacks, but didn’t itself assert any involvement or disclose any knowledge of the country’s actual capability.
In fact, the DoD noted that finding the ultimate source of a cyber attack is very difficult.
Here’s the cyberwarfare section in full:
Cyberwarfare Capabilities. North Korea probably has a military computer network operations (CNO) capability. Implicated in several cyber attacks ranging from computer network exploitation (CNE) to distributed denial of service (DDoS) attacks since 2009, the North Korean regime may view CNO as an appealing platform from which to collect intelligence.
• According to a ROK newspaper, Seoul’s Central Prosecutor’s office attributed to North Korea a CNO activity on the ROK’s National Agricultural Cooperative Federation (Nonghyup Bank) servers in April 2011. Through remote execution, actors rendered the bank’s online services inaccessible and deleted numerous files concerning customer bank accounts while removing all evidence of CNO activity in the bank’s servers.
• In the years spanning 2009-2011, North Korea was allegedly responsible for conducting a series of distributed denial of service (DDoS) attacks against ROK commercial, government and military websites, rendering them inaccessible.
Technical attribution of cyberspace operations remains challenging due to the internet’s decentralized architecture and inherent anonymity. Given North Korea’s bleak economic outlook, CNO may be seen as a cost-effective way to modernize some North Korean military capabilities. As a result of North Korea’s historical isolation from outside communications and influence, it is likely to employ Internet infrastructure from third-party nations.