Will Cyber Warfare Remove Kim From N. Korea?

Uploaded on 2017-09-11 in INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, NEWS-Cybersecurity News

Military invasion. Sending in a hit squad. Tougher sanctions. Over the past months, with increasing alarm, world leaders have analysed every option in the battle to halt Kim Jong-un and his nuclear ambitions.

But after his latest military exercise, another strategy is being discussed: cyber-warfare. Just days ago, UK  Prime Minister Theresa May refused four times to rule out whether our Government would employ such covert techniques to attack and sabotage North Korea’s computer networks by using viruses.

Her caginess is, of course, understandable. When dealing with maverick dictators such as Kim Jong-un, it makes no sense to tell the world what cards you hold, or indeed, whether you are considering playing them.

However, what is the reality of Britain’s cyber-warfare capabilities? Is the Government really capable of mounting sophisticated electronic attacks that could cripple Kim’s nuclear missile programme? How exactly would we do it? And who else would be doing it?

Naturally, the world of state-operated cyber-warfare is highly secret. But it is possible to make some educated suppositions about what we and the Americans are capable of, and to make a reasonable assessment about whether we could use cyber-warfare against Kim. Although experts are divided about many specific issues, they agree on one thing, cyber-warfare against the North Koreans is already taking place.

Three years ago, President Obama ordered Pentagon officials to step up such attacks on North Korea’s missile programme to sabotage test launches in the moment after lift-off. It was not long before a number of Kim’s military rockets exploded, veered off course, disintegrated in midair and plunged into the sea.

Such operations are undoubtedly being masterminded by America’s clandestine Office of Tailored Access Operations, or TAO, which is part of the National Security Agency (NSA).

Much of what is known about it comes from the documents stolen by renegade former NSA contractor Edward Snowden. 
With several hundred employees, many being the most elite computer hackers on the planet, TAO is thought to have already carried out successful cyber-attacks that have gathered intelligence from North Korea.

What is unclear is whether British agencies such as GCHQ in Cheltenham, or the various units that comprise the military’s Joint Forces Cyber Group, have been assisting with these attacks. ‘We have to assume that the UK has been assisting in some way,’ says Dr Andrew Futter, of the University of Leicester. ‘There are certainly links with GCHQ and the NSA, and Britain is one of the foremost cyber-powers in the world.’

If we assume that Britain and the US are working together to cripple North Korea’s nuclear missile programme, how are they doing it?

The most important thing to bear in mind is that hacking into Kim’s missile facilities is certainly not like hacking a bank or email account. For a start, as the most secretive and isolated state in the world, North Korea is scarcely connected to the Internet, which means that few, if any, of its computers and networks are accessible. Ironically enough, the secretive country’s backwardness is an advantage.

The North Koreans do not use the same technology as the rest of the world,’ says Conor Deane-McKenna, a researcher in cyber-warfare at Birmingham University. ‘Much of it is older and outdated, which means that it can’t even connect to the internet. And there’s no doubt that every computer and person associated with the missile programme won’t be online.’
Thus Korean military teams will physically visit the location of the target network, and connect some form of hardware – such as a USB stick or a laptop – so TAO, for example, can gain access remotely.

This method is thought to have been successfully used by the Americans and the Israelis against Iran’s Natanz nuclear facility in 2012 and 2013, during which a computer ‘worm’ was responsible for crippling scores of uranium enrichment centrifuges.
However, to work against the North Koreans, a human agent would have to be involved.

Of course, if the real world were like Hollywood, that agent would gain access to the regime’s missile programme computers, plug in a memory stick, and watch with satisfaction as Kim’s missiles blew up on their launch pads. Although that may still happen, it’s most likely that there are much more mundane techniques being used. These may involve nearby ships from the US Navy or Royal Navy.

Indeed, the American military has a huge presence in the area – with an estimated 40,000 personnel in Japan and 35,000 in South Korea, while using the island of Guam as a ‘permanent aircraft carrier’.

Reports suggest there are more US military personnel in Japan than in any other country. According to Department of Defense data, they are stationed across 112 bases. Headquartered in Japan, the Seventh Fleet is the largest of the US Navy’s deployed sea forces, with up to 70 ships and submarines, 140 aircraft and about 20,000 sailors in the Indian Ocean and the Pacific. The USS Ronald Reagan, a nuclear-powered aircraft supercarrier, is permanently deployed in Japan, as the fleet’s flagship carrier. 

Dr Futter concedes that this infrastructure could be being used for cyber-warfare. ‘After all,’ he says, ‘it has long been suspected that the Israelis managed to cripple the Syrians’ air defence radar with some sort of drone, so it’s not implausible a ship could be used.’

Some have speculated that the relatively high failure rate of North Korea’s missiles means the Americans or the British have hacked into their systems and sabotaged their efforts.

In any case, cyber-warfare works on two levels. Not only is it a potent weapon, but its very existence gives the enemy a crisis of confidence. ‘You need to think of it as psychological warfare,’ says Dr Futter. ‘You use it to sow the seeds of doubt.
‘So whenever something goes wrong with a missile, the North Koreans are worried whether it is a problem with their engineering, or whether they have actually been cyber-attacked.’

It’s for this reason that Theresa May did not rule out the use of cyber-warfare.

Considering the expertise of the Pentagon and GCHQ, this is surely not a bluff. Indeed, security experts say the public would be shocked to learn the extent of details such organisations can find about the most personal aspects of our daily lives.
Meanwhile, Kim Jong-un and his generals are trying to keep one step ahead – and have their own cyber-boffins trying to sabotage America’s infrastructure.

Earlier this year, a report on cyber vulnerabilities commissioned by the Pentagon warned that North Korea might acquire the ability to cripple the American power grid.

What is certain is that global power is no longer based on economic and military might (even with Pyongyang’s display of hydrogen bomb technology), but on having better cyber experts than your enemies. 

 

Ein News

How Worried Should We Be About a Nuclear War With North Korea?:

Can US Cyber Weapons Stop N. Korea’s Nuclear Missiles?:

 

« Will GDPR Protect Privacy Or Just Lead To More Hacks?
How Dangerous Is ISIS In The Cyber Domain? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Fornetix

Fornetix

Fornetix is a cybersecurity platform enabling Zero Trust while delivering critical encryption automation, access controls, authorization services, machine identity, and ICAM solutions,

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

Quadron Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

TokenEx

TokenEx

TokenEx Cloud Security Platform protects sensitive data to strengthen our clients' security postures while future-proofing their operations.

Istari

Istari

ISTARI is a new kind of cyber risk management company. We’re an agile collective of best-in-class capabilities and experts, who build ongoing partnerships with clients.

SilverEdge Government Solutions

SilverEdge Government Solutions

SilverEdge is a next generation provider of innovative and proprietary cybersecurity, software, and intelligence solutions for the Defense and Intelligence Communities.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.