North Korea, why too many see it as a cyber threat?

In the recent years we have seen increasing attention from governments in the presidium of the cyber space. The concept of cyber warfare has become reality with the materialization of new threats that can strike unpredictably with a real destructive power like conventional weapons.
In a period of radical changes are narrow new alliances and new technologic abilities of small states are able to intimidate the world superpower. Cyberspace, understood as a battlefield in which it is possible to fight an equal against the historical giants. Words like cyber weapon and cyber strategy have become the order of the day, a must be taken into account for each nation.
Hence the race for cyber weapons to countries such as India, North Korea and Iran the same. Right on North Korea I desire to write this article.

A defector has decleared that North Korea has increased its cyber warfare unit to staff 3,000 people and it is massive training its young prodigies to become professional hackers.
Let consider that North Korea has the highest percentage of military personnel in relation to population than any other nation in the world, with approximately 40 enlisted soldiers per 1000 people with a considerable impact on the budge of the country.

Intelligence sources in South Korea believe that the Nation has a large a cyber force that responds to the command of the country’s top intelligence agency, the General Reconnaissance Bureau, and this special units are responsable of the cyber attack done in the last years. They are for example suspected to have moved a cyber attack on a Nonghyup agricultural bank of South Korea. More than 30 million customers of the bank were unable to use ATMs and online services for several days and principal data were destroyed during the atatck, making serious damages. In May 2009, the Noth Korean Lab 110 was involved in a cyber operation to “destroy” South Korean communications systems. In the following months, the North attacked South Korean and American websites, including those of the U.S. Secret Service and Treasury Department.

Once the wars were fought with missiles and other skirmishes, today the conflict is wired and the bullets are the digital bits.

What seems most striking is the attention that the central government reserves for the young hacker giving them the best tools on the market and providing living conditions for them and their families extremely advantageous. The importance assigned to the professional development of new cyber military is indicative of the perception of how the cyber warfare is strategic for the nation.

But what really scares about the growing cyber power? There is no doubt, the answer is unanimous, it is the technological and strategic support to China’s main concern.

That behind the cyber operations of North Korea there is some foreign support there is no doubt. Just few days ago a friend from his blog pointed out that N. Korea does not have Any IXP (Physical Infrastructures Through Which Internet service providers (ISPs) exchange Internet traffic Between Their networks (autonomous systems))

I know who’s using bandwidth Are They? China of course.

It is difficult to be a real cyber army without a pipe to the web only trining young brains. Evidence of Chinese collaboration have been collected during several analysis tracing back the cyber attacks to source addresses. Well regarding several attacks there were no tentatives to hide their origin. Mainly there are two blocks of IP addresses that can be identified as North Korean.

According North Korea’s Chinese IP addresses blog the first is a block of 1,024 addresses that was put into use in 2010 by Star Joint Venture, the Internet service provider venture between the state-run Korea Posts and Telecommunications Co. and Thailand’s Loxley Pacific. This is used to house all the official North Korean websites, such as KCNA, Naenara, the Voice of Korea, and Rodong Sinmun. Computers in North Korea capable of accessing the global Internet, such as those owned by resident foreigners, also use addresses in this range.

The block runs from 175.45.176.0 to 175.45.179.255.
A second, lesser known block of addresses also exists.
It contains 256 addresses and runs from 210.52.109.0 to 210.52.109.255.
Here’s what you get when you query the addresses in the “whois” directory:

inetnum: 210.52.109.0 – 210.52.109.255
netname: KPTC
country: CN
descr: Customer of CNC
admin-c: TC254-AP
tech-c: TC254-AP
status: ASSIGNED NON-PORTABLE
changed: cncipaddr@china-netcom.com 20040803
mnt-by: MAINT-CN-ZM28
source: APNIC

They are owned by China Netcom, one of China’s largest Internet service providers, but they are assigned to the Korea Posts and Telecommunications Co., the government-run telco.
These addresses were used for several North Korean websites and related Internet services including the Chesin e-mail system. Most of the services have moved to the Star JV addresses, but at least one website still uses the Chinese addresses: Chosun Expo. This demonstate that they are still in use for other purposes. Scanning sometimes reveals blank or test websites that appear and disappear within a day, and there are at least three routers connected through the addresses behind which there are likely additional PCs.

As my friend Richard said, try to localize with Google Map the “china dandong – Huawei”, you will notice that it is on the edge of Sinuiju, N.Korea and it is one of the prime spot for Huawei corporation.
Are they providing the pipe?

Pierluigi Paganini