North Korea celebrated America’s Fourth of July by launching a wide-ranging cyber assault on websites in South Korea and the U.S., including that of the Treasury Department and Secret Service. The attack is not only a significant escalation by the DPRK, but a demonstration of how the U.S. remains vulnerable to a covert operation by a rogue state or terrorists that can be as devastating as a WMD attack.
The North Korean offensive began after Lab 110, a group of top hackers working for the military, were given instructions in May to “destroy” the communication infrastructure of South Korea. One government agency and security firm monitoring the attacks says that more are on the way, and that the next wave would target personal computers and may involve the erasing of hard drives.
The attacks represent only a fraction of North Korea’s total cyber warfare capabilities. A military study in 2006 concluded that North Korea’s hackers could shut down the Pacific Command and cause significant damage to mainland computer networks. One expert says that the DPRK’s hacking abilities now rivals that of the CIA.
Students are being trained in five-year electronic warfare programs at Mirim College, enabling the creation of a force of between 600 and 1,000 expert hackers. One study says that the government has a total force of 12,000 for cyber warfare with an annual budget of $56 million. North Korea was given a ranking of eighth place among all countries with such capabilities.
Cyber attacks seem to be becoming the new preferred method of waging unconventional warfare by adversaries of the U.S. Russia in particular has been very aggressive. Cyber attacks traced back to Russian government servers targeted Estonian websites, including that of the presidency, almost every government agency, banks, and top news websites for three weeks in April 2007. The assault began after Russia expressed its anger over a decision by the Estonian government to move a memorial dedicated to Soviet soldiers in World War Two. Russia also attacked Georgian government websites, including that of the Foreign Ministry during their war in August 2008.
Iran is rated as one of the top five strongest cyber warfare capabilities in the world, with an annual budget of $76 million and a staff of about 2,400 for the purpose. DefenseTech.org states that “Iran has fairly advanced cyber-warfare weapons and offensive plans that include cyber attacks against specific government websites and infrastructure. Iran’s cyber ambitions are ambitious and troubling.”
Cyber attacks from China are said to be increasing as well, as that country is also working aggressively to build up its cyber warfare capabilities. A government report published November 20, 2008 warned that China has become so proficient at such warfare that the U.S. “may be unable to counteract or even detect the efforts.” It also said that an attack on government and economic computer networks “could paralyze the United States.”
The vulnerabilities of the United States’ critical infrastructure to hacking leaves it open to being disabled, creating an economic and humanitarian disaster that could severely hamper military operations and cause a level of damage previously only attributable to biological and nuclear weapons.
The CEO of the computer security company Industrial Defender, for example, has found 34,000 security gaps in sensitive computer networks, the majority belonging to infrastructure. Among the concerns is that control systems for power grids have Internet connections could be exploited, either directly or though penetrating the computer of an employee who operates the systems.
“[We are at risk of] seeing a future where we are transformed periodically into a third-world country by means of digital attacks,” cyber security expert Andrew Colarik said last summer. He added the world’s top businesses have become victims of hacking.
The U.S. Commission on Cybersecurity published a report in December 2008 that also warned of the danger that lies ahead. “We’re playing a giant game of chess now and we’re losing badly,” one commission member warned.
Defense Secretary Gates has created a Cyber Command to bring together all efforts to defend against this quickly rising threat. This is a wise move, but with rogue states moving fast to develop this new type of WMD capability, the U.S. is in an uphill battle to close the vulnerabilities that are giving other countries the capability to deliver a crippling attack at will.