Prof. Kim Heung-Kwang has told BBC Click that North Korea has trained 6,000 military hackers capable of attacks that could destroy critical infrastructure or even kill people:
For 20 years Prof Kim taught computer science at Hamheung Computer Technology University, before escaping the country in 2004. While Prof Kim did not teach hacking techniques, his former students have gone on to form North Korea's notorious hacking unit Bureau 121. The bureau, which is widely believed to operate out of China, has been credited for numerous hacks. Many of the attacks are said to have been aimed specifically at South Korean infrastructure, such as power plants and banks.
Speaking at a location just outside the South Korean capital, Prof Kim told the BBC he has regular contact with key figures within the country who have intimate knowledge of the military's cyber operation. "The size of the cyber-attack agency has increased significantly, and now has approximately 6,000 people," he said. He estimated that between 10% to 20% of the regime's military budget is being spent on online operations. "The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber war capacity," he added. "Their cyber-attacks could have similar impacts as military attacks, killing people and destroying cities."
Speaking more specifically, Prof Kim said North Korea was building its own malware based on Stuxnet - a hack attack, widely attributed to the US and Israel, which struck Iranian nuclear centrifuges before being discovered in 2010. "[A Stuxnet-style attack] designed to destroy a city has been prepared by North Korea and is a feasible threat," Prof Kim said. Earlier this year, the South Korean government blamed North Korea for a hack on the country's Hydro and Nuclear Power Plant. "Although the nuclear plant was not compromised by the attack, if the computer system controlling the nuclear reactor was compromised, the consequences could be unimaginably severe and cause extensive casualties," Prof Kim said.
Original Submission
Related Stories
A precision digital weapon reportedly created by the US and Israel to sabotage Iran’s nuclear program had a fraternal twin that was designed to attack North Korea’s nuclear program as well, according to a new report.
The second weapon was crafted at the same time Stuxnet was created and was designed to activate once it encountered Korean-language settings on machines with the right configuration, according to Reuters. But the operation ultimately failed because the attackers were unable to get the weapon onto machines that were running Pyongyang’s nuclear weapons program.
WIRED reported back in 2010 that such an operation against North Korea would be possible in light of the fact that some of the equipment used by the North Koreans to control their centrifuges—the devices used to turn uranium hexafluoride gas into nuclear-bomb-ready fuel—appeared to have come from the same firms that outfitted the Iranian nuclear program.
http://www.wired.com/2015/05/us-tried-stuxnet-north-koreas-nuclear-program/
Related: North Korean Defector Warns that Hackers Could Kill.
Original Submission
(Score: 2, Insightful) by Nerdfest on Sunday May 31 2015, @02:46PM
Air Gap Control Systems. It's pretty surprising that South Korea (at least) doesn't do this, especially for thing like dams and unclear plants.
(Score: 1, Funny) by Anonymous Coward on Sunday May 31 2015, @04:31PM
Well, it is an unclear plant so surprises are to be expected.
(Score: 2, Funny) by Ethanol-fueled on Sunday May 31 2015, @05:04PM
That's probably why Stuxnet worked against an Iranian unclear plant even though it was air-gapped -- surprises are always to be expected at unclear plants.
I can't help but be skeptical, though, as this is the same country that believes its former leader invented the bicycle.
(Score: 0) by Anonymous Coward on Monday June 01 2015, @07:04AM
Sure, right after he reinvented the wheel.
(Score: 4, Interesting) by Justin Case on Sunday May 31 2015, @03:04PM
You needed a North Korean to tell you that hackers can kill? Not been paying attention I guess.
In the half-a-century-plus that humans have been creating software, we still haven't figured out how to make it bug free. As a result, computers simply can't be trusted -- with secrets, with control of physical objects. Soon there will be nobody left who remembers that the world worked just fine before the stampede to put everything "online".
But, we must be cool, and new, and wow. At any cost. We'll believe the risk only after the disaster, and then we'll "patch" something and carry on. Because we absolutely must have computers in everything!
Someone a few years ago commented that humans seem to be in a frenzied race to create the Terminators. I haven't seen a lot of counter-evidence since then.
(Score: 2) by isostatic on Sunday May 31 2015, @07:05PM
Yes Commander Adama, we've all seen Battlestar Galactica
(Score: 0) by Anonymous Coward on Sunday May 31 2015, @08:53PM
Oh computers can be trusted just fine. All you need to do is put them in a locked room and cut the metaphorical cables.
Genuine software bugs are very rarely damaging, the typical software bug would render the equipment inoperable, or be obviously malfunctioning. It's much more likely to be struck by lightning than to suffer software-related injury.
(Score: 0) by Anonymous Coward on Sunday May 31 2015, @08:54PM
It's not about being cool, new, and wow at all, its all about being *lazy*.
It's about not having to go outside and climb that hill to see how much water is in the tank.
(Score: 2) by GreatAuntAnesthesia on Monday June 01 2015, @09:22AM
Lazy/ efficient, tomato / tomato.
Well I for one quite like not having to pay people to schlep around doing stupid menial tasks like walking up hills to check water levels. And because the computers can give the water company live, accurate readings from the water tank and even calculate accurate estimates of forthcoming demand from our customers, they can manage production more efficiently, not producing more water than is actually needed, driving down costs again.
Sometimes, those cost savings actually make it to the customers too.
(Score: 0) by Anonymous Coward on Monday June 01 2015, @12:59PM
http://img2.wikia.nocookie.net/__cb20131110114604/smashbroslawlorigins/images/a/af/Captain_Haddock_Meme.jpg [nocookie.net]
(Score: 0) by Anonymous Coward on Monday June 01 2015, @07:15AM
Yes, bugs are bad. But how about multiple vulnerabilities baked into the hardware and software? Who do you think is responsible for them? And what is being done about it? Can you be certain that a new piece of hardware/software does not have back-doors?
Let us not forget that government-mandated bugs are increasing in number and power.
(Score: 5, Interesting) by rts008 on Sunday May 31 2015, @04:00PM
I just view this article as another 'preview of coming attractions' trailer for the IoT.
Legions of hackers from all over the world(physically and ideologically) engaged in a non-stop, desperate battle for control of your toaster.
Your life, and your toast will never be the same. ;-)
My IoT project is to build some 'virtual toasters' which mimic an appliance on the network, but are effectively no more than 'scoreboards' that register a successful 'takeover', and by who, then at the end of a designated time period, declares a winner for that period. * "N. Korea won the Internets today, with 23 pwned toasters, and 7 fridges overheated!" *
This way looking at my network logs will be way more entertaining!
(Score: 1) by Dr Spin on Sunday May 31 2015, @04:53PM
If you have a real toaster on the Internet, you might want to use NetBSD - it specifically targets toasters.
OTOH, if you are leaving your toaster unattended, who is going to eat the toast?
My prize goes to the person who finds a way to email freshly buttered (margarine not accepted) toast to me, and have it arrive still hot, with the butter still cold.
Bonus prize if coated in chunky Oxford marmalade.
Warning: Opening your mouth may invalidate your brain!
(Score: -1, Flamebait) by Anonymous Coward on Sunday May 31 2015, @06:20PM
There is a fruiy company that already make a unixy-type OS for toasters. I believe it is very popular among the fashion-conscious city types.
(Score: 2) by rts008 on Sunday May 31 2015, @09:02PM
If someone claims your prize, please let me know!
I have a hard enough time getting those results in my own kitchen. :-/
(Score: 1) by tftp on Sunday May 31 2015, @05:22PM
Legions of hackers from all over the world(physically and ideologically) engaged in a non-stop, desperate battle for control of your toaster.
Not just *your* toaster, but toasters like yours. That would be a significant number (all that were made, bought and connected.) Who says that a toaster cannot be reprogrammed to cause fire? Who says that a refrigerator cannot be configured to spoil all the food in it? It's certainly not the doom that the NK guy is claiming, but it would have some effect.
Besides, your IoT device may be safe enough on its own - say, a read-only rain gauge - but it may be a stepping stone for someone to break into your LAN.
(Score: 2) by VLM on Sunday May 31 2015, @05:42PM
Don't forget simple economic damage. Say for the sake of example, some N.K. agent bricks every NEST thermostat ever made. Not a very big deal on the world stage, but to NEST the company I'm sure that's very exciting.
Software companies are used to this kind of stuff. It'll be interesting to watch fridge, thermostat, garbage disposal, and lightbulb companies when their products get bricked. And cars, and electric can openers, and electric shavers, and ...
The real fun isn't in bricking entire finished machines but "behind the scenes" stuff. Like every GM alternator made in the past 30 years simultaneously and remotely gets disabled. Or every gigabit ethernet fiber optic transceiver, simultaneously. The rest of the car or router or whatever would be unaffected, but...
As for the N.K. motivation, aside from the US addiction to killing wedding parties with drone strikes along with random women and children, these economic hits could be a source of hard currency or influence. Why just have your CEO submit a statement to the UN condemning "whatever" and we'll keep the smoke-alarm-goes-off-continuously exploit under wraps, etc.
(Score: 2) by Justin Case on Sunday May 31 2015, @06:07PM
> Software companies are used to this kind of stuff. It'll be interesting to watch fridge, thermostat, garbage disposal, and lightbulb companies when their products get bricked.
Forget the sellers. Watch the users. Will they tolerate fragile crap, like they do with software?
If so, it won't be long until some CFO says oh dear, we're short our sales goal this quarter, send out the command to make 3 million people buy replacements.
People are used to software that fails routinely, because that's how it has been since the dawn of the GUI. Most people don't write code, so they don't know that bad code is the fruit of sloppiness or haste. If this starts happening with "real stuff", where they're used to things that last awhile, I hope they roast the first manufacturer who tries it.
(Score: 3, Funny) by VLM on Sunday May 31 2015, @05:30PM
My IoT project
Nice idea. You should install the hardware in a physical "honey pot" and call it the Honey Pot Project
Although an alternative from the BSG universe would be that "toaster" in the red dress, a model #6 I believe.
Its not either or, there are mash up opportunities here.
(Score: 1, Insightful) by Anonymous Coward on Sunday May 31 2015, @05:56PM
I'm no defender of North Korea and its impotent "Great Successor", but where's the proof that this guy isn't just another Chalabi [wikipedia.org] feeding false info?
(Score: 0) by Anonymous Coward on Sunday May 31 2015, @08:09PM
Where's the proof that you are not? Fallacies aside, the proof is in rhetoric and propaganda. Has there been any spike in anti-DPRK sentiment lately? Will there be soon in the future. If so then this account can't be trusted even though it is plausible.
Every so often we get these sort of spikes, usually when nothing else is going on to keep up fear. It has been some months since the last time and there is sufficient things going on to make me believe that this is not a propaganda attempt. Of course that will change rapidly if anti-DPRK news stories hit mainstream news in the next few weeks.
(Score: 0) by Anonymous Coward on Sunday May 31 2015, @09:04PM
There isn't. Just strange how we have the Patriot Act close to expiring and now this defector spreading fear about impotent Un to scare people.
(Score: 0) by Anonymous Coward on Monday June 01 2015, @05:06AM
Proof rests on the one making a positive claim.
(Score: 0) by Anonymous Coward on Monday June 01 2015, @07:14AM
OK, I hereby claim that the sun will not raise again tomorrow. Since this is a negative claim, there's no need to proof. Those who claim that the sun will rise again are in need of proof.
(Score: 2) by looorg on Sunday May 31 2015, @08:48PM
I was thinking he is more like Rafid Ahmed Alwan al-Janabi aka Curveball. He told them whatever they wanted to know and whatever it was that was feeding into their fantasies. Some even know, or highly suspected, he was full of shit but yet they kept him talking. You have at least a similar situation here, a man that defected and left NK and is now telling us all the horror stories of how bad things are and that that soon Lil' Kim is going to kill us with his army of 6000 hackers. Sure ...
http://en.wikipedia.org/wiki/Curveball_(informant) [wikipedia.org]
(Score: 2) by Gravis on Sunday May 31 2015, @08:34PM
the only people seem to learn to secure their systems is after they get attacked. case and point is the Blaster virus which crippled large networks of computers and was the first real step toward everyone getting regular windows updates. i remember it was so bad that my college campus had to shut down their network and have people go dorm-to-dorm to patch and disinfect every machine.
so if it's vulnerable, it should be attacked. maybe then people will start getting sent to jail for criminal negligence and other will actually invest in securing their systems.