By STEVE YAHN, who has been a reporter and editor for national publications
A recent wave of major cyber attacks on South Korean banks and media companies almost surely involved activity by North Korea, say cyber security experts.
"The balance of probability points to North Korea using cyber warfare tactics as part of its recent sabre rattling," said Alex Fidgen, director of MWR InfoSecurity, a British IT security firm.
Added Richard J. Bortnick, shareholder specializing in cyber technology and privacy at Cozen O'Connor law firm in Philadelphia: "The likelihood that North Korea has launched cyberattacks is 100 percent. I would say there's not even a 99 percent probability."
Computers at TV stations Korean Broadcasting System, Munhwa Broadcasting Corporation and Your True Network in South Korea were shut down last week. As of press time, the KBS site was still shut down.
The online and automated teller machines of Shinhan Bank, South Korea's fourth-largest banking group, were shut down for several hours, causing disruption with its consumer customers, according to ABC News.
"In some ways these cyberattacks are more serious than a nuclear threat," said Bortnick, "because there would be no loss of life, just loss of infrastructure. Cyberattacks have become offensive warfare weapons."
North Korea's cyber warfare program is not technically sophisticated compared to the United States, Britain, Taiwan, South Korea, Russia, China and other countries, said Tim Junio, a cybersecurity fellow at Stanford University who focuses on the relationship between IT and national security.
"However, they are more aggressive than other states in that North Korea has decided to use cyber capabilities for attack purposes, meaning they disrupt network services or destroy data, rather than focus on espionage or developing capabilities as a hedge against future conflict," said Junio. "The latter has been the focus of almost every other country, with a very small number of exceptions."
Junio observed that most cyber attacks inflicted on South Korea have been nuisance threats and impose costs on the country's consumers, companies and its government. "These attacks by North Korea have not yet been at a level of technical sophistication or consequence that rival their other belligerent acts," he said.
While it is certainly important when South Koreans cannot access their bank accounts, and have the psychological cost of decreased confidence in the infrastructure required to keep their economy going, these kinds of incidents are less severe than the North's torpedoing of the South Korean ship Cheonan in which dozens of sailors died in 2010.
Junio observed that cyberattacks are also a relatively cheap capability, and are of particular value against targets with high levels of IT development, like South Korea and the United States. "So the probability of North Korea using its offensive cyber capabilities is higher than for other kinds of conflict, and is a reason to care very deeply about it," Junio said.
MFR InfoSecurity's commercial director Alex Fidgen warned that businesses with strong links to countries being targeted by cyberattacks are increasingly likely to be affected as a result of geo-political tensions, especially if they are seen as "standard bearers" for the nation that is being targeted. Modern sophisticated attacks are designed to bypass many of the technical security controls that have been traditionally relied upon.
"We are already at war, the cyber war," said Cozen's Bortnick. "Cyberattacks have become an offensive weapon. The Koreans realize it's a lot easier to attack anonymously through the Internet and other cyber means than to use traditional military methods."
At this point in the global economy, information has become power, Bortnick added. "All that information is stored on a platform somewhere," he said. "If people get into the servers they become more powerful than their adversaries."
The more covert the action, the more complex the algorithm employed in the software and programs being generated. "It could take a minute to create a breach if it's a simple program or it could take years to make a sophisticated breach program that won't be easily identified," he added.
Cyber warfare is the new frontier for worldwide combat, said Avivah Litan, Washington, D.C.-based security analyst for the Gartner Inc. technology research firm.
"We're seeing that come out in the Middle East, attacks from China that are politically motivated and now more and more from North Korea," she said. "I think every country that has a regular army already has a cyberarmy, so we're going to see a lot more cyber warfare."
Litan noted that companies and governments need to take cyberwarfare very seriously because the cyberattacks are pretty mild now compared to what they could be. "They could shut down a national grid, or a telecom infrastructure or a financial services infrastructure," she noted.
The primary problem with cyber attacks on South Korea to date is that the aggressors, particularly North Korea, have not paid a price for their misdeeds. "I worry that North Korea will perceive the latest cyber attacks to have successfully imposed costs on South Korea, and that whoever is responsible will escape penalties, either because high-confidence attribution ends up being too difficult to achieve or because South Korea is unable to sanction the North or retaliate," said Junio.
Also worrisome to Junio is the fact that North Korea sends IT specialists to China to study computer programming and work in the IT sector. "If these personnel are associated with North Korean state cyberwarfare programs," said Junio, "then this is one way in which their skills could improve dramatically."
March 26, 2013
Copyright 2013© LRP Publications