A new army of South Korean soldiers was intently focused on fending off the enemy attack. Where were they coming from? What tactics were they using? And how best to neutralize them?
The attackers were probably North Korean – that’s a given on this divided peninsula, which remains stuck in a state of war – but those manning the defenses weren’t armed conscripts along the demilitarized zone. No, they were some of South Korea’s savviest computer whizzes, and they were dealing with that most 21st century of invasions: the cyberattack.
“I do think about how I’m going to defend us against an attack from North Korea,” said Lee Kyung-won, a 16-year-old high school student from Suwon who was part of a team fighting a hypothetical cyberwar during a “white hat” hacking competition here this week.
Having endured numerous cyberattacks – apparently stemming from North Korea – in recent years, South Korea is bolstering its technological defenses.
The National Intelligence Service and the defense ministry have this month been hosting a competition to find computer geniuses to use their skills for good – hence the “white hats” – by intercepting attacks from nefarious “black hat” hackers.
After several preliminary rounds, 16 teams made it to the finals on Wednesday. The winners, to be announced Monday, will share $60,000 in prize money. They will get preferential treatment when they apply for intelligence or police jobs, and younger ones could work in the cyber command center during their compulsory military service.
While the international community worries about North Korea and its unchecked nuclear weapons program, Kim Jong Un’s regime has in fact proven itself to be much more adept at, and much more willing to use, cyberwarfare. His regime was blamed for the devastating attack on Sony Pictures at the end of last year, which exposed corporate emails and wiped out computer data.
But it is also accused of being behind umpteen attacks on its southern adversary, from paralyzing computer networks at South Korean banks and television stations to hacking into the South’s nuclear reactor operator. Just this month, North Korea was blamed for attempting to break into networks at the presidential Blue House and at lawmakers’ offices.
South Korea, with the fastest Internet and highest broadband penetration in the world, has long been famed for its technological prowess. But North Korea, a closed country where only a handful of elites have access to the Internet, has also proven to be surprisingly skilled with computers, thanks to a dedicated cyberarmy.
Hence Seoul’s need to train “good hackers” capable of defending South Korea’s front lines in cyberspace.
“It’s just like taekwondo,” said Kim Nam-soo of the defense ministry, referring to the Korean martial art. “If you study for many years and you have the skills, you can become a gangster. But if you are trained in a different way, you can use your skills for good purposes. It’s the same with these people. If we raise them as white hat hackers, they can help the government.”
The finals were held in a hotel ballroom, where techies sat on an elevated platform in the middle of the room watching the cyberwar play out. They had infected the competitors’ computers with malware before the day’s events began, then used it to try to attack their networks, first simulating corporate cyberespionage and then an attack on government computers.
The attacks all bore resemblance to ones that South Korea had actually suffered in recent years. From the control station, the organizers watched remotely as the teams tried to defend their networks, awarding and deducting points depending on their skill.
“Their job is to find out what the malware does and then try to stop it,” Kim said.
The “white hat hackers” had managed to turn the ballroom, with its chandeliers and loud carpet, into the stereotypical computer geek’s den.
Electronic music pumped out of the sound system and their tables were littered with empty energy drink cans, half-drunk cups of coffee, candy wrappers. On their screens, rows of text scrolled past. The men – and they were all male, the few female competitors having been knocked out in the early rounds – typed away furiously.
On one side of the room were eight teams of teenagers still at high school, while eight teams of adults, ranging from college freshmen and police academy recruits to 40-something computer experts, battled it out on the other side.
“It’s not as easy as I thought it was going to be,” said Park Ji-hoon, a college senior majoring in computer science, who was on a team with three other men from his cybersecurity club at Catholic University of Korea.
“We’re supposed to be acting like a computer emergency response team at a company, but we’re just students so we haven’t done anything like this before,” he said. “But it’s a great chance to experience what it’s like in the real world.”
On the other side of the room, a team called Nyan_cat, for the Korean sound for “meow,” was doing better. With 800 points, they were at the top of the junior table.
“Everything is so new and so exciting,” said Kim Yong-jin, a 17-year-old high school student from the south of the country, who had teamed up with three others he had met online. “But I’m also feeling nervous. I’m worried that the other teams will catch up with us.”
Kim is part of a generation of South Koreans who have spent a large chunk of their lives at a computer screen. He got interested in IT while at elementary school and started programming in sixth grade, although he has reached a new level of seriousness in the last year. He now spends eight hours a day on his computer during the week and the whole weekend apart from five or so hours each night for sleeping.
Asked if he’d ever used his skills for less noble purposes, Kim hesitated. “I’d be lying if I said I’d never done it (hacking), but I’ve only played practical jokes on my friends, like turning off their computers remotely.”
Lee and his teammates in the Bullet-proof Boys team, named after a popular band, were not doing so well. “I know what the problem is but we are finding it hard to respond to it,” Lee said. His team had 450 points, putting them second to last.
Like Kim, he said he spends every waking hour at his computer. But for school time and four hours’ sleep each night, he is on hacking simulation sites, honing his skills.
“I want to continue studying in the cybersecurity field,” he said. “And I want to be good enough to teach others.”
That’s what the South Korean government is hoping too.