The FBI and Department of Homeland Security announced this week that North Korean hackers were behind a malware attack known as FALLCHILL — just the latest hack blamed on the reclusive country.
FALLCHILL, a type of malware that compromises network systems, was targeted at the aerospace, telecommunications and financial industries, said the security agencies.
In the last few years, North Korean hackers have also been blamed for cyberattacks on media companies like Sony and the U.K.’s Channel Four, international banks and the infamous WannaCry ransomware that shut down various hospitals in the U.K. last spring.
North Korea generally denies all involvement.
It’s difficult to attribute attacks to a specific source, like a country, said Christian Leuprecht, a professor at the Royal Military College of Canada and Queen’s University, but when major cybersecurity corporations and national intelligence agencies are all pointing the finger at North Korea, that’s a “pretty credible” indication that something is going on.
According to Jez Littlewood, assistant professor at Carleton University’s Norman Paterson School of International Affairs, North Korea has three main goals with its cyber program: money, espionage, and maintaining the regime’s image.
The WannaCry ransomware, which told users that their computer data would be deleted unless they sent money, was an example of a way to extort money from international sources, said Littlewood.
North Korea needs the money for things like funding their nuclear program and military and to lessen the impact of sanctions.
“Given the sanctions squeeze that has been sort of growing over North Korea over the last couple of years, the fact that they would turn to another revenue-generation scheme is not too surprising,” he said.
WannaCry didn’t work very well though – it was quickly discovered – but North Korea has had more successful financial hacks.
“The more significant financial aspect was hacking into the bank payment system, the SWIFT. And North Korea was believed to have taken $81 million out of the Bangladesh central bank just last year.”
Espionage and disruption
North Korea also engages in more traditional types of international espionage through hacking, said Littlewood.
They hacked the South Korean defence ministry in Sept. 2016, according to a South Korean lawmaker, and stole a lot of data, including partial plans on how the U.S. and South Korea would attack the North.
“Breaking into and hacking into the South Korean department of defence and their war plans suggests some quite sophisticated capabilities,” said Littlewood.
In some ways, cyberattacks are an ideal weapon for North Korea, thinks Leuprecht.
“This is cheap life insurance,” he said.
“The nuclear program is life insurance for the regime. It’s the cheapest coverage they can buy. And the other cheap way that they can cause a lot of havoc is in the cybersphere because the costs are minimal.”
Not only that, it’s hard for Western countries to fight back.
“China and Russia know if they cause serious havoc in our networks, that we can retaliate by causing massive havoc in their society and their networks.
“Whereas with North Korea because most of the country is not online, because most of the society functions as if it were in the 1950s in terms of infrastructure, the damage that we can do broadly is somewhat limited.”
Nowadays, said Littlewood, most countries realize that armed conflicts are likely to have a cyber dimension as well, and North Korea wanted to develop its capacity in that area. This is something that many countries are doing, he said, not just North Korea.
Protecting Kim Jong-un
But North Korea also has a more unique concern – protecting the image of its leader at home and abroad. That’s likely why it’s been linked to the 2014 hacks at Sony Pictures, which distributed the movie The Interview, about an assassination plot against Kim Jong-un.
North Korea has also been blamed for a hack at Britain’s Channel Four, which was planning to film a television show about a kidnapped British nuclear scientist in Pyongyang. The hack was only recently reported by the New York Times.
“Part of that effort appears to be sort of trying to protect the image of the country, trying to protect the image of the leader, Kim Jong-un, and pushing back in the ways that they can both through cyber disruption activity as well as threats which accompany those,” said Littlewood.