An Assessment of North Korean Threats and Vulnerabilities in Cyberspace

Total Page:16

File Type:pdf, Size:1020Kb

An Assessment of North Korean Threats and Vulnerabilities in Cyberspace BearWorks MSU Graduate Theses Fall 2017 An Assessment of North Korean Threats and Vulnerabilities in Cyberspace Jeremiah van Rossum Missouri State University, [email protected] As with any intellectual project, the content and views expressed in this thesis may be considered objectionable by some readers. However, this student-scholar’s work has been judged to have academic value by the student’s thesis committee members trained in the discipline. The content and views expressed in this thesis are those of the student-scholar and are not endorsed by Missouri State University, its Graduate College, or its employees. Follow this and additional works at: https://bearworks.missouristate.edu/theses Part of the Defense and Security Studies Commons Recommended Citation van Rossum, Jeremiah, "An Assessment of North Korean Threats and Vulnerabilities in Cyberspace" (2017). MSU Graduate Theses. 3212. https://bearworks.missouristate.edu/theses/3212 This article or document was made available through BearWorks, the institutional repository of Missouri State University. The work contained in it may be protected by copyright and require permission of the copyright holder for reuse or redistribution. For more information, please contact [email protected]. AN ASSESSMENT OF NORTH KOREAN THREATS AND VULNERABILITIES IN CYBERSPACE A Master’s Thesis Presented to The Graduate College of Missouri State University In Partial Fulfillment Of the Requirements for the Degree Master of Science, Defense and Strategic Studies By Jeremiah Adam van Rossum December 2017 Copyright 2017 by Jeremiah Adam van Rossum ii AN ASSESSMENT OF NORTH KOREAN THREATS AND VULNERABILITIES IN CYBERSPACE Defense and Strategic Studies Missouri State University, December 2017 Master of Science Jeremiah Adam van Rossum ABSTRACT This thesis answers the fundamental questions of what North Korean capabilities and intent in cyberspace are and what North Korean threats and vulnerabilities are associated with these. It argues that although North Korea’s cyberspace resources and capabilities have increased and reached a level that represents an advanced persistent threat, its cyberspace operations have remained restrained and regional. It also argues that North Korea’s valuable assets include its ability to control cyberspace within North Korea and its ability to engage in cyberspace activities and operations from abroad. The thesis recommends that the United States government exploit these assets by denying and disrupting the use of cyberspace by covert cyber units outside of North Korea, as well as by enabling and ensuring the less monitored and less controlled use of cyberspace by civilians inside of North Korea. KEYWORDS: North Korea, South Korea, cyberspace, cyber conflict, offensive cyberspace operation, cyberattack, cyber espionage, DarkSeoul Gang, Lazarus Group, advanced persistent threat This abstract is approved as to form and content _______________________________________ Brian Mazanec, PhD Chairperson, Advisory Committee Missouri State University iii AN ASSESSMENT OF NORTH KOREAN THREATS AND VULNERABILITIES IN CYBERSPACE By Jeremiah Adam van Rossum A Master’s Thesis Submitted to the Graduate College Of Missouri State University In Partial Fulfillment of the Requirements For the Degree of Master of Science, Defense and Strategic Studies December 2017 Approved: _______________________________________ Brian Mazanec, PhD: Professor, Department of Defense and Strategic Studies _______________________________________ David Peck, MA: Professor, Department of Defense and Strategic Studies _______________________________________ Andrei Shoumikhin, PhD: Professor, Department of Defense and Strategic Studies _______________________________________ Julie Masterson, PhD: Dean, Graduate College In the interest of academic freedom and the principle of free speech, approval of this thesis indicates the format is acceptable and meets the academic criteria for the discipline as determined by the faculty that constitute the thesis committee. The content and views expressed in this thesis are those of the student- scholar and are not endorsed by Missouri State University, its Graduate College, or its employees. iv ACKNOWLEDGEMENTS I would like to thank the faculty and staff in the Department of Defense and Strategic Studies for their immense support during my graduate studies. Although difficult at times, I have gained much through this program, academically, professionally, and personally. In particular, I would also like to thank my first reader, Dr. Brian Mazanec, as well as my second and third readers, Prof. David Peck and Dr. Andrei Shoumikhin, for their guidance and feedback. I dedicate this thesis to my niece, Lily Poole. v TABLE OF CONTENTS Chapter I: Introduction ........................................................................................................ 1 Arguments ............................................................................................................... 2 Research Approaches and Challenges .................................................................... 3 Significance............................................................................................................. 4 Chapter II: Background....................................................................................................... 6 Conflict in Cyberspace ............................................................................................ 6 North Korean National Security Environment ..................................................... 10 North Korean Conventional Capabilities and Strategy ......................................... 12 Chapter III: Frameworks and Methodologies ................................................................... 15 Conceptualizing Risk ............................................................................................ 15 Defining Cyberspace and Cyberspace Operations ................................................ 17 Characterizing the Cyber Threat ........................................................................... 22 Analyzing the Target............................................................................................. 28 Chapter IV: Analysis of Cyber Power .............................................................................. 29 Civilian Cyber Resources and Activities .............................................................. 30 Military Cyber Resources and Operations ............................................................ 36 Cyber Strategy ...................................................................................................... 40 Assessment of Cyberpower................................................................................... 42 Chapter V: Analysis of Cyberspace Capabilities and Intent ............................................. 46 Cyberspace Operations by North Korea ............................................................... 48 Cyberspace Operations against North Korea ........................................................ 66 Assessment of Cyberspace Capabilities................................................................ 70 Chapter VI: Conclusion .................................................................................................... 74 Results ................................................................................................................... 74 Counterarguments ................................................................................................. 81 Chapter VII: Discussion .................................................................................................... 83 National Security Implications ............................................................................. 83 Policy Recommendations...................................................................................... 86 Directions for Future Research ............................................................................. 90 Works Cited ...................................................................................................................... 92 vi LIST OF TABLES Table 1. Operational Threat Assessment Generic Threat Matrix. .................................... 23 Table 2. Valeriano and Maness Methods of Cyberspace Operations. .............................. 27 Table 3. Cyberpower and Ranking According to Clark. .................................................. 43 Table 4. Cyberpower and Ranking According to Valeriano and Maness. ........................ 43 Table 5. Cyberpower and Ranking According to Australian Strategic Policy Institute. .. 44 Table 6. Assessment of Cyberspace Operations by North Korea. .................................... 65 Table 7. Valeriano and Maness Assessment of Cyberspace Operations by North Korea. 66 Table 8. Assessment of Cyberspace Operations against North Korea.............................. 70 Table 9. North Korean Threat Profile as of April 2011 .................................................... 71 Table 10. North Korean Threat Profile as of May 2017 ................................................... 72 vii LIST OF FIGURES Figure 1. Department of Homeland Security Elements of Risk. ...................................... 16 Figure 2. Factors and Types for Dyadic Cyber Incident and Dispute Dataset. ................ 25 Figure 3. Cyber Units under the Reconnaissance General Bureau. .................................. 38 Figure 4. Cyber Units under the General
Recommended publications
  • The Evolution of North Korean Cyber Threats
    The Evolution of North Korean Cyber Threats 2019-03 Chong Woo Kim, Senior Fellow The Asan Institute for Policy Studies Carolina Polito1 University of Bologna 2019.02.19 Introduction In North Korea, only a few people are allowed access to Kwangmyong, the national intranet service, as global internet access is restricted to a group of selected people, and the country has one of the weakest internet infrastructures in the world.2 Nonetheless, North Korea is a formidable cyber power, standing alongside major players like the United States, China, Russia, the United Kingdom, Israel and Iran.3 North Korea has been increasing resources to enhance and expand its cyber capabilities, as testified by the intensification of the regime-sponsored attacks that the world has witnessed in the last 10 years. Amongst the most blatant offensive cyber-attacks allegedly linked to hacker groups close to North Korea are the Sony Pictures attack, the WannaCry attack, and the DarkSeoul attack, despite the North’s constant denial of any involvement with these attacks or the damage suffered by them. North Korea’s cyber army consists of approximately 7,000 hackers,4 performing a wide range of activities including theft, denial of service (DDoS), espionage and sabotage. 5 These types of operations have proved to be very useful as part of North Korea’s asymmetric strategy towards the ROK-U.S. Combined Forces Command. Cyber operations are low-cost and low-risk, allowing North Korea to counter countries which have highly computer-dependent infrastructure, with little fear of retaliation. Due to their low-intensity, these attacks often lie beneath the threshold of an armed attack, reducing the risk of escalating the conflict to an unaffordable level.
    [Show full text]
  • Blas, Zach. 2016. Contra-Internet. E-Flux Journal, 74, ISSN 2164-1625
    Blas, Zach. 2016. Contra-Internet. e-flux journal, 74, ISSN 2164-1625 [Article] https://research.gold.ac.uk/id/eprint/18595/ The version presented here may differ from the published, performed or presented work. Please go to the persistent GRO record above for more information. If you believe that any material held in the repository infringes copyright law, please contact the Repository Team at Goldsmiths, University of London via the following email address: [email protected]. The item will be removed from the repository while any claim is being investigated. For more information, please contact the GRO team: [email protected] Zach Blas 1 of 5 e-flux journal #74 (2016) CONTRA-INTERNET 1. Killing the Internet On January 28th, 2011, only a few days after protests had broken out in Egypt demanding the overthrow of then President Hosni Mubarak, the Egyptian government terminated national access to the internet. This state-sponsored shutdown became known as flipping the internet’s“kill switch.” Intentions motivating the killing of the internet in Egypt were to block protestors from coordinating with one another and the dissemination of any media about the uprising, especially to those outside of the country. Peculiarly, it is a death that only lasted five days, as internet access was soon reinstated. More precisely, the internet kill switch unfolded as a series of political demands and technical operations. Egyptian Internet Service Providers, such as Telecom Egypt, Raya, and Link Egypt, were ordered to cancel their routing services, which had the effect of stymying internet connectivity through these major companies.
    [Show full text]
  • Digital Trenches
    Martyn Williams H R N K Attack Mirae Wi-Fi Family Medicine Healthy Food Korean Basics Handbook Medicinal Recipes Picture Memory I Can Be My Travel Weather 2.0 Matching Competition Gifted Too Companion ! Agricultural Stone Magnolia Escpe from Mount Baekdu Weather Remover ERRORTelevision the Labyrinth Series 1.25 Foreign apps not permitted. Report to your nearest inminban leader. Business Number Practical App Store E-Bookstore Apps Tower Beauty Skills 2.0 Chosun Great Chosun Global News KCNA Battle of Cuisine Dictionary of Wisdom Terms DIGITAL TRENCHES North Korea’s Information Counter-Offensive DIGITAL TRENCHES North Korea’s Information Counter-Offensive Copyright © 2019 Committee for Human Rights in North Korea Printed in the United States of America All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior permission of the Committee for Human Rights in North Korea, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. Committee for Human Rights in North Korea 1001 Connecticut Avenue, NW, Suite 435 Washington, DC 20036 P: (202) 499-7970 www.hrnk.org Print ISBN: 978-0-9995358-7-5 Digital ISBN: 978-0-9995358-8-2 Library of Congress Control Number: 2019919723 Cover translations by Julie Kim, HRNK Research Intern. BOARD OF DIRECTORS Gordon Flake, Co-Chair Katrina Lantos Swett, Co-Chair John Despres,
    [Show full text]
  • Monday, November 28, 2016 the Opening of the North Korean Mind Pyongyang Versus the Digital Underground Jieun Baek
    12/2/2016 The Opening of the North Korean Mind Home > The Opening of the North Korean Mind Monday, November 28, 2016 The Opening of the North Korean Mind Pyongyang Versus the Digital Underground Jieun Baek JIEUN BAEK is the author of North Korea’s Hidden Revolution: How the Information Underground Is Transforming a Closed Society (Yale University Press, 2016), from which this essay is adapted. From 2014 to 2016, she was a Fellow at the Belfer Center for Science and International Affairs at Harvard University. Follow her on Twitter @JieunBaek1. On a cold, clear night in September 2014, a man I’ll call Ahn walked up to the edge of the Tumen River on the Chinese side of the heavily guarded border between China and North Korea. At its narrowest points, the Tumen measures a little over 150 feet wide, and Ahn could easily see the North Korean side from where he stood. In two bags, he was carrying 100 USB drives filled with films, television shows, music, and e­books from around the world. Almost anywhere else, such material would be considered completely innocuous. At this border, however, it constitutes highly illicit, dangerous contraband. In the totalitarian state of North Korea, citizens are allowed to see and hear only those media products created or sanctioned by the government. Pyongyang considers foreign information of any kind a threat and expends great effort keeping it out. The regime’s primary fear is that exposure to words, images, and sounds from the outside world could make North Koreans disillusioned with the state of affairs in their own country, which could lead them to desire—or even demand—change.
    [Show full text]
  • Current Affairs in North Korea, 2010-2017: a Collection of Research Notes
    235 Current Affairs in North Korea, 2010-2017: A Collection of Research Notes Rudiger Frank Abstract Starting with the public introduction of Kim Jong-un to the public in autumn of 2010 and ending with observations of consumerism in February 2017, this collection of 16 short research notes that were originally published at 38North discusses some of the most crucial issues, aside from the nuclear problem, that dominated the field of North Korean Studies in the past decade. Left in their original form, these short articles show the consistency of major North Korean policies as much as the development of our understanding of the new leader and his approach. Topics covered include the question of succession, economic statistics, new ideological trends such as pyŏngjin, techno- logical developments including a review of the North Korean tablet computer Samjiyŏn, the Korean unification issue, special economic zones, foreign trade, parliamentary elections and the first ever Party congress since 1980. Keywords: North Korea, DPRK, 38North Frank, Rudiger. “Current Affairs in North Korea, 2010-2017: A Collection of Research Notes” In Vienna Journal of East Asian Studies, Volume 9, eds. Rudiger Frank, Ina Hein, Lukas Pokorny, and Agnes Schick-Chen. Vienna: Praesens Verlag, 2017, pp. 235–350. https://doi.org/10.2478/vjeas-2017-0008 236 Vienna Journal of East Asian Studies Hu Jintao, Deng Xiaoping or another Mao Zedong? Power Restruc- turing in North Korea Date of original publication: 5 October 2010 URL: http://38north.org/2010/10/1451 “Finally,” one is tempted to say. The years of speculation and half-baked news from dubious sources are over.
    [Show full text]
  • The Dprk As an Example of the Potential Utility of Internet Sanctions
    \\server05\productn\B\BIN\25-1\BIN104.txt unknown Seq: 1 31-MAR-08 10:18 USING INTERNET “BORDERS” TO COERCE OR PUNISH: THE DPRK AS AN EXAMPLE OF THE POTENTIAL UTILITY OF INTERNET SANCTIONS BENJAMIN BROCKMAN-HAW E * INTRODUCTION ................................................... 163 R I. BACKGROUND INFORMATION .............................. 166 R A. Escalation ............................................. 167 R B. The Internet in North Korea ........................... 173 R II. SANCTIONS ................................................ 181 R A. General Information ................................... 182 R B. Telecommunications Sanctions Already Considered .... 184 R C. Multilateral Sanctions In Place Against the DPRK ..... 187 R III. THE UTILITY OF INTERNET SANCTIONS .................... 187 R A. Obtaining a desired result through the imposition of Internet sanctions ...................................... 187 R B. The Benefits and Costs of Imposing Internet Sanctions . 198 R C. General Concerns Associated with the Use of Internet Sanctions .............................................. 200 R 1. International Human Rights ....................... 200 R 2. Internet sanctions could harm regime opponents . 203 R 3. Internet sanctions could impair the ability of UN operations and NGO’s to function within the target country ..................................... 204 R IV. CONCLUSION .............................................. 205 R INTRODUCTION Speech is civilization itself. The word. preserves contact—it is silence which isolates. - Thomas Mann1 * J.D. Candidate 2008, Boston University School of Law. This article is dedicated to the memory of Dr. Robert Brockman, a man who surveyed this new world with the eyes of an old soul. 1 THOMAS MANN, THE MAGIC MOUNTAIN (1924) quoted in CHARLES R. BURGER & JAMES J. BRADAC, LANGUAGE AND SOCIAL KNOWLEDGE 112 (Edward Arnold Publishers Ltd. 1982). 163 \\server05\productn\B\BIN\25-1\BIN104.txt unknown Seq: 2 31-MAR-08 10:18 164 BOSTON UNIVERSITY INTERNATIONAL LAW JOURNAL [Vol.
    [Show full text]
  • Digital Methods for Circumventing UN Sanctions a Case Study of the Democratic People’S Republic of Korea’S Cyber Force
    Compliance & Capacity Skills International, LLC Sanctions Practitioners 12 July 2019 Compliance Trainers Digital Methods for Circumventing UN Sanctions A Case Study of the Democratic People’s Republic of Korea’s Cyber Force By Ashley Taylor Introduction The cyber sphere is a new frontline in the implementation and circumvention of UN sanctions. Because the Internet provides a virtual space for instantaneous communication and transaction, it inherently opens cheaper and unregulated avenues for rogue actors to violate international norms. Illicit uses of digital technologies outpace the advancements of licit technologists, who generally do not prioritize international security in their business. The Democratic People’s Republic of Korea (DPRK) in particular has become increasingly adept at employing digital tools to circumvent sanctions. They have developed digital techniques to generate revenues to fund their illegal proliferation efforts, gain intelligence and technical know- how, and harm the business and reputation of their foreign adversaries, including to disrupt those that monitor the implementation of the DPRK sanctions regime adopted with UN resolution 1718 in October 2006. Kim Jong-un recently boasted that “cyber warfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our military’s capability to strike relentlessly."1 A North Korean military defector has reported that the cyber force is viewed as the strongest weapon in the “Secret War”2 and its members are considered part of the elite, being one of few well-paid positions. Where will they go from here? Evidence suggests that North Korean state actors and non-state proxies are increasingly making use of new anonymizing technologies like cryptocurrencies, the dark web, encryption, and advanced hard-to-detect cyberattacks.
    [Show full text]
  • North Korea Security Briefing
    Companion report HP Security Briefing Episode 16, August 2014 Profiling an enigma: The mystery of North Korea’s cyber threat landscape HP Security Research Table of Contents Introduction .................................................................................................................................................... 3 Research roadblocks ...................................................................................................................................... 4 Ideological and political context .................................................................................................................... 5 Juche and Songun ...................................................................................................................................... 5 Tension and change on the Korean Peninsula .......................................................................................... 8 North Korean cyber capabilities and limitations ......................................................................................... 10 North Korean infrastructure.................................................................................................................... 10 An analysis of developments in North Korean cyberspace since 2010 .................................................. 14 North Korean cyber war and intelligence structure ................................................................................ 21 North Korean cyber and intelligence organizational chart ....................................................................
    [Show full text]
  • I Why Hasn't North Korea Collapsed?
    Why Hasn’t North Korea Collapsed? Rational Choices in East Asia By Eric Dean Tesar i Chapter 1 Introduction There are enough places in this world where war is only moments away from breaking out, but there is only one place that calls the attention of the world’s largest powers to such a small set of circumstances that can decide the fate of an entire region. The Democratic People’s Republic of Korea is just such a place. Ruled by a single person with nuclear capabilities and a provocative style, North Korea is a focal point for East Asian affairs. It is China’s communist brother, but also an economic investment and a military buffer zone to the Western powers. For South Korea, it is long lost family but also a direct threat to their security, be it social, economic, or military. The provocations of North Korea have constructed a unique relationship with the rest of East Asia, one that begs the question of why there is support in the form of economic aid and agreements despite an overwhelming distrust, and unity despite the variety of interests. It is in this region that we see states that have produced some of the greatest advances in technology, while there are others that are more cut off from the outside than almost anywhere else in the world. This dynamic has not always been the case. Before there was North and South Korea, the country was one. The people were family and the only real difference was geographical. Today, the story has taken a much more dramatic course.
    [Show full text]
  • Syria: Syrian Telecommunications Establishment, Syrian Computer Society
    2 ENEMIES OF THE INTERNET / 12 MARCH 2014 //////////////////////////////////////////////////////////////////////////////////////// INTRODUCTION ........................................................................................................... 4 EUROPE AND CENTRAL ASIA .................................................................................. 8 Belarus: Operations and Analysis Centre ....................................................... 8 Russia: Federal Security Service ............................................................................ 10 Turkmenistan: TurkmenTelecom ............................................................................. 12 United Kingdom: Government Communications Headquarters ....................... 13 Uzbekistan: Expert Commission on Information and Mass Communication ................................................................................. 16 AMERICAS .................................................................................................................... 18 Cuba: Ministry of Informatics and Communications ............................................ 18 USA: National Security Agency ............................................................................... 20 MIDDLE EAST AND NORTH AFRICA ............................................................................... 23 Bahrain: Ministry of Interior, National Security Apparatus ............................................................................ 23 Iran: Supreme Council for Cyberspace, Working Group
    [Show full text]
  • In Chinas Shadow
    In China’s Shadow Exposing North Korean Overseas Networks About C4ADS About The Asan Institute for Policy Studies C4ADS (www.c4ads.org) is a 501(c)(3) nonprofit organization dedicated to The Asan Institute for Policy Studies was founded with a mission to become data-driven analysis and evidence-based reporting of conflict and security an independent think tank that provides effective policy solutions to issues issues worldwide. We seek to alleviate the analytical burden carried by public which are critical to Korea, East Asia, and the rest of the world. sector institutions by applying manpower, depth, and rigor to questions of conflict and security. The Institute aims to foster wide-ranging and in-depth public discussions which are essential for a healthy society. By focusing on areas including Our approach leverages nontraditional investigative techniques and emerging foreign affairs, national security, public governance, energy, and the analytical technologies. We recognize the value of working on the ground, environment, it strives to address some of the major challenges that our capturing local knowledge, and collecting original data to inform our analysis. society faces today. At the same time, we employ cutting-edge technology to structure and analyze that data. The result is an innovative analytical approach to conflict prevention The Institute addresses these challenges not only by supplying in-depth and mitigation. policy analysis, but also by endeavoring to promote a global and regional environment favorable to peace, stability, and prosperity on the Korean Peninsula. In addition to policy analysis and research, the Institute undertakes the training of specialists in public diplomacy and related areas in an effort to contribute to Korea’s ability to creatively shape its own future.
    [Show full text]
  • The Future of Cybersecurity Across the Asia-Pacific
    asia policy, volume 15, number 2 (april 2020), 57–114 • http://asiapolicy.nbr.org • roundtable The Future of Cybersecurity across the Asia-Pacific Adam Segal Valeriy Akimenko and Keir Giles Daniel A. Pinkston James A. Lewis Benjamin Bartlett Hsini Huang Elina Noor © The National Bureau of Asian Research, Seattle, Washington asia policy Introduction onventional security and warfare have been thoroughly mutated in C the information age, and Asian nations are at the forefront of the technological developments that are driving these changes. China is investing heavily in technologies such as artificial intelligence (AI) and 5G and exporting many of its technological products regionally and globally, while limiting the cyber capabilities of foreign countries and companies within its borders. In the recent presidential elections in the United States and Taiwan, coercive tactics involving cyberattacks and information warfare were prevalent. As a result, many countries have recognized the need for new cybersecurity measures to protect the integrity of the democratic electoral process. Securing digital markets and other interests is also a priority. The Association of Southeast Asian Nations (ASEAN), for example, held a cybersecurity summit in 2018, and Singapore launched the ASEAN-Singapore Cybersecurity Centre of Excellence in October 2019 to conduct research and train personnel for responding to cybersecurity threats. This roundtable examines the cyber policies of the United States and its key adversaries and partners in Asia from a variety of perspectives, including their offensive and defensive cyber capabilities and the military applications of these tools. Adam Segal opens the roundtable by discussing China’s cyber capabilities as well as its vulnerabilities.
    [Show full text]