recommended reading

Pentagon: Pyongyang Likely to Seek Foreign Help With Cyberwarfare

Vincent Yu/AP

North Korea is expected to mooch off other nations for cyber offensive tools because it is not plugged into the global Web, according to the Defense Department’s first report to Congress on the regime's military might.

These are some of the spare details describing Pyongyang’s network operations found amidst a larger discussion of the regime's antagonism with South Korea and pursuit of nuclear weapons.

"As a result of North Korea’s historical isolation from outside communications and influence, it is likely to employ Internet infrastructure from third-party nations," states the 26-page report, which Defense Department Secretary Chuck Hagel released on Thursday. 

The unclassified 2012 assessment concludes the Democratic People’s Republic of Korea "probably" has the capability to carry out military computer network operations. Since 2009, the nation has been linked to cyber espionage campaigns and distributed denial of service attacks that externally flood websites with paralyzing traffic, according to the Pentagon. 

Cybersecurity researchers speculated suppliers for North Korean cyber fights could range from Chinese telecommunications giants to unwitting nations with connectivity that is not hard for Pyongyang to steal.

“Two of the world's biggest Internet infrastructure suppliers are Huawei and ZTE and there's a good chance North Korea's Internet infrastructure relies heavily on their equipment,” Martyn Williams, editor of the North Korea Tech website, which chronicles the regime’s use of information technology, said in an email. “Chinese providers are really the only choice as the DPRK can't really interconnect with South Korean or Japanese providers.”

That said, it’s easy for commodity products to take a detour through a third country on their way to sanctioned destinations; that reportedly was the route censorship technology took to Syria. “If, for example, the North Koreans wanted Cisco routers it probably wouldn't be difficult to get them,” Williams added.

North Korea sends military youth to India and China for university training, so both Internet-enabled countries might offer resources, suggested Jeffrey Carr, a cyberwar analyst and author of Inside Cyberwarfare (O'Reilly Media 2009).  

And then there’s the atomic bargaining chip. North Koreans “also have a good relationship with Iran, which would certainly provide the DPRK with whatever they asked in exchange for the DPRK's help with nuclear fuel enrichment,” Carr said.

Congress in 2011 required Defense to produce annual classified and unclassified reports on military development in North Korea. 

Pentagon officials informed lawmakers that the Seoul Central Prosecutor’s office reportedly implicated DPRK in 2011 cyber incidents affecting servers at South Korea's Nonghyup Bank. Remote "actors rendered the bank’s online services inaccessible and deleted numerous files concerning customer bank accounts while removing all evidence" of unauthorized activity on the servers, the Defense report states. 

Several high-profile cyber events involving the regime are not mentioned. For instance, in March, experts worldwide accused North Korea of immobilizing computers at South Korea's key broadcasters and ATMs. This was one of a series of cyber spats between North Korean and South Korean supporters that began when the United Nations imposed sanctions on the northern nation for nuclear tests.

“The report is worded carefully,” Williams said. “You'll note it doesn't accuse North Korea of doing anything, but rather says the South Korean government or local newspapers have reported the DPRK is [behind] the attacks.”

The study indeed acknowledges that proving North Korea responsible for network abnormalities is difficult because of the Web's inherent anonymity and distributed structure.

Williams added, “The evidence is growing that North Korea is behind at least some of these attacks, but everyone is still pretty much guessing.”

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.