recommended reading

Pentagon: Pyongyang Likely to Seek Foreign Help With Cyberwarfare

Vincent Yu/AP

North Korea is expected to mooch off other nations for cyber offensive tools because it is not plugged into the global Web, according to the Defense Department’s first report to Congress on the regime's military might.

These are some of the spare details describing Pyongyang’s network operations found amidst a larger discussion of the regime's antagonism with South Korea and pursuit of nuclear weapons.

"As a result of North Korea’s historical isolation from outside communications and influence, it is likely to employ Internet infrastructure from third-party nations," states the 26-page report, which Defense Department Secretary Chuck Hagel released on Thursday. 

The unclassified 2012 assessment concludes the Democratic People’s Republic of Korea "probably" has the capability to carry out military computer network operations. Since 2009, the nation has been linked to cyber espionage campaigns and distributed denial of service attacks that externally flood websites with paralyzing traffic, according to the Pentagon. 

Cybersecurity researchers speculated suppliers for North Korean cyber fights could range from Chinese telecommunications giants to unwitting nations with connectivity that is not hard for Pyongyang to steal.

“Two of the world's biggest Internet infrastructure suppliers are Huawei and ZTE and there's a good chance North Korea's Internet infrastructure relies heavily on their equipment,” Martyn Williams, editor of the North Korea Tech website, which chronicles the regime’s use of information technology, said in an email. “Chinese providers are really the only choice as the DPRK can't really interconnect with South Korean or Japanese providers.”

That said, it’s easy for commodity products to take a detour through a third country on their way to sanctioned destinations; that reportedly was the route censorship technology took to Syria. “If, for example, the North Koreans wanted Cisco routers it probably wouldn't be difficult to get them,” Williams added.

North Korea sends military youth to India and China for university training, so both Internet-enabled countries might offer resources, suggested Jeffrey Carr, a cyberwar analyst and author of Inside Cyberwarfare (O'Reilly Media 2009).  

And then there’s the atomic bargaining chip. North Koreans “also have a good relationship with Iran, which would certainly provide the DPRK with whatever they asked in exchange for the DPRK's help with nuclear fuel enrichment,” Carr said.

Congress in 2011 required Defense to produce annual classified and unclassified reports on military development in North Korea. 

Pentagon officials informed lawmakers that the Seoul Central Prosecutor’s office reportedly implicated DPRK in 2011 cyber incidents affecting servers at South Korea's Nonghyup Bank. Remote "actors rendered the bank’s online services inaccessible and deleted numerous files concerning customer bank accounts while removing all evidence" of unauthorized activity on the servers, the Defense report states. 

Several high-profile cyber events involving the regime are not mentioned. For instance, in March, experts worldwide accused North Korea of immobilizing computers at South Korea's key broadcasters and ATMs. This was one of a series of cyber spats between North Korean and South Korean supporters that began when the United Nations imposed sanctions on the northern nation for nuclear tests.

“The report is worded carefully,” Williams said. “You'll note it doesn't accuse North Korea of doing anything, but rather says the South Korean government or local newspapers have reported the DPRK is [behind] the attacks.”

The study indeed acknowledges that proving North Korea responsible for network abnormalities is difficult because of the Web's inherent anonymity and distributed structure.

Williams added, “The evidence is growing that North Korea is behind at least some of these attacks, but everyone is still pretty much guessing.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.