The role of hacktivism in cyber warfare scenario between 2 Koreas

It’s not a surprise South Korean security experts suggest that the North Korea military is training an elite force of “cyber warriors” to involve in cyber attacks against South institutions and companies.

The South intelligence revelations follow continuous menaces of North Korea against U.S. Forces located in the Far East, the dictator Kim Jong-UN enhances the nuclear weapons and speaking to his people considered them as a deterrent to war and as a necessary protection national sovereignty. Due this reason the government of Pyongyang decided to restart the nuclear reactor stopped in 2007.  Despite analysts believe that the regime’s missile arsenal is not able to strike U.S bases in Guam or Hawaii they believe serious menaces could be brought from the cyberspace where North Korea is very active, is known in fact that North Korea has an elite of cyber units already made up of 3,000 hackers trained to cyber espionage and on offensive security.

Andrea Berger, Research Fellow in nuclear analysis of the defense think tank Royal United Services Institute declared:

“It is unlikely that North Korea would be technically capable of carrying out its threats of nuclear attack on the continental United States,”

To avoid internal attacks North Korea recently cut off mobile internet access for visitors to the country, North Korean defector Kim Heung-Kwang claims that the government is training “cyber warriors” to attack Western targets receiving also support by Russia and China cyber groups.

Over the border, South Korea’s defense ministry announced Monday it would start preparing the national army for cyber warfare  in conjunction with the United States.

“We will cooperate with the US to prepare measures in cyber policy, technology and information,”

Recent attacks have found South Korea vulnerable to cyber offensives and risks related to imminent new cyber attacks is high. In 2010 Government of Seoul established Cyber Command composed by 400 personnel and it is aware of the possible consequences of a cyber attack, South Government also menaced North Korean warning on a possible military retaliation in response to military provocation of the adversaries, meantime The Wall Street Journal revealed that the US flew F-22 stealth fighter jets to South Korea on Sunday for joint exercises. The Journal states:

“In a conflict with North Korea, F-22s would likely be the first aircraft used. The hard-to-detect fighters could be sent in to take out air defense missiles and radars in advance of bombers aimed at missile launch sites or other targets. They also could be used to escort nuclear-capable B-2 stealth bombers, should these be used in a strike”

At the same time to increase pressure in the area and discourage North Korea offensive the US Navy is moving a guided-missile destroyer USS Fitzgerald into the Pacific Ocean off the Korean Peninsula, the tension is very high and then the option “cyber attack” would be more appropriate in a context in which neither side wants to start serious hostilities … a cyber attack allows the attackers to remain hidden causing serious damage and paving the way for a successive military strike.

In this difficult scenario there is a third force not negligible, the hacktivism, independent groups of patriots who have high technical skills and take the initiative’s offense against the hostile nation.

Regarding last attacks against South Korea Kaspersky Labs experts declared:

“Obviously, the attacks were designed to be ‘loud’ – the victims are broadcasting companies and banks. This makes us think we are not dealing with a serious, determined adversary but hacktivists looking for quick fame.” 

Roel Schouwenberg, security researcher at Kaspersky Labs added:

“The complete scope of last week’s attacks hasn’t yet been determined. The malware wasn’t particularly complex, but the execution was well done, so it should just be a few people.”
“Conducting basic cyber-attacks isn’t hard at all. So you could potentially be looking at a single motivated attacker who put in a lot of time. Having a bigger team of people would generally reduce the amount of time needed to prepare and execute an attack.” “Given the state of cyber-security, a group of dedicated hacktivists can decide they want to attack a particular company or vertical and are likely to be successful,” “When there are already geo-political tensions this can be cause for serious escalation.”

The declaration is eloquent,  groups of hacktivists could interfere in an instable context with unpredictable results. Do not forget that also in North citizens are keen computer users equipped with everything needed for an attack. In this hours a groups of hackers belonging to Anonymous claims to have penetrated web site Uriminzokkiri.com, the North Korean-run site based in China, stealing over 15000 user records including names, e-mail addresses, birth dates and hashed passwords.  The attack is part of the operation named #OpNorthKorea that targeted the government websites and more attacks are planned on April 19th and June 25th.

Anonymous hacktivist cell identified as Anonymous_Korea launched a series of successful DDOS attacks on various North Korean state websites on Saturday, March 30th, few hours after the North Koreans issued threatening statement declaring that they had entered into a “state of war” with South Korea.

“From this time on, the North-South relations will be entering the state of war and all issues raised between the North and the South will be handled accordingly…”

Within websites attacked there are Korean and English language versions of the Democratic People’s Republic of Korea, the North Korean Committee for Cultural Relations and the state-owned airline Air Koryo. The Manilla Bulletin reports that on March 30th also the sites http://www.friend.com.kp/, http://www.naenara.com.kp/ and http://www.airkoryo.com.kp/ were all unreachable.

The situation is returning to normal after a series of attacks made impossible to access to many websites during the weekend.

The hacktivists proved the attack on Uriminzokkiri.com providing details of six accounts, 3 have Korean names and the others seems to be Chinese, meanwhile 4 users have Chinese email addresses, remaining are a Hotmail address and a South Korean address that apparently belongs to KEPCO KDN, a smart-gird systems provider that’s part of the Korea Electric Power Co.

At the moment there is no evidence that hackers compromised also web and mail servers, following the message of the hacktivists:

“North Korean government is increasingly becoming a threat to peace and freedom. Don’t misunderstand us: As well we disagree with the USA government too – these guys are crooks, USA is a threat to world peace too, and direct democracy (or any kind of democracy) doesn’t exist there. The American government is a target and enemy of Anonymous as well!
This is not about country vs country – This is about we, the people, the 99% (of USA and of North Korea) vs oppressing and violent regimes (like USA gov. and N.K. gov)! We, the people, are gathering together because we are stronger now and we won’t fight your wars anymore, we won’t eat your shit anymore!!!”

“We demand:
– N.K. government to stop making nukes and nuke-threats
– Kim Jong-un to resign
– it’s time to install a free direct democracy in North Korea
– uncensored internet access for all the citizens!

To Kim Jong-un:
So you feel the need to create large nukes and threaten half the world with them?
So you’re into demonstrations of power?, here is ours:
– We are inside your local intranets (Kwangmyong and others)
– We are inside your mailservers
– We are inside your webservers
Enjoy these few records as a proof of our access to your systems (random innocent citizens, collateral damage, because they were stupid enough to choose idiot passwords), we got all over 15k membership records of www.uriminzokkiri.com and many more. First we gonna wipe your data, then we gonna wipe your badass dictatorship “government”.

“To the citizens of North Korea we suggest to rise up and bring these motherfuckers of a oppressive government down!

We are holding your back and your hand, while you take the journey to freedom, democracy and peace.
You are not alone.
Don’t fear us, we are not terrorist, we are the good guys from the internet. AnonKorea and all the other Anons are here to set you free.”

 

Analyzing the events the questions raised are different:

Are these group of hacktivists really independent or there is the concrete risk that they have been infiltrated by governments’ actors?

Worse, is it possible that governments are using hacktivism to hide their offensive?

The fact that the malware used in the attacks against South Korea is not particularly complex could be a thoughtful strategy to hide real responsible, Schouwenberg confirmed it with following statements:

“Nation-state actors may be moving from more to less complex malware in an attempt to make attribution more difficult,”. “After all, only top experts can create top quality code, but a lot more people can produce average quality code.”

The last question is … which could be the role of hacktivist force in a so complex situation? Will it really destabilize an already precarious situation and how?

Cyber warfare for its nature will involve entities, not necessary governments, with which it has never experienced before but that could represent an important player in the arena of the strategists.

Pierluigi Paganini

(Security Affairs – Cyber warfare)