How to bring North Korea to its cyber-knees
President Barack Obama, during his year-end news conference, promised a proportional response to North Korea’s cyber-attack on Sony Pictures Entertainment. “They caused a lot of damage,” Obama said, referring to the theft and exposure of corporate records and private emails. “And we will respond. We will respond proportionally, and we’ll respond in a place and time and manner that we choose.”
That proportional response could take many forms. It might be more sanctions or putting North Korea back on the state-sponsored terror list. But the Sony hack is less like terrorism and more about serious theft. Proportional response is likely a cyber-attack in kind against North Korea — an attack that may already be underway.
There are many ways Washington could strike Pyongyang in cyber space. It could disrupt the cyber black markets where hackers likely purchased the software used in the attack. It can start bullying the hackers online and off. It could even make sure as many North Koreans as possible see The Interview.
One effective tactic would be to go after the black markets where hackers trade dangerous software. The Sony hack, as most people now know, was relatively unsophisticated. The tools used were crude and readily available on the Internet. Which means these tools will be hard to eliminate.
Hard but not impossible. Washington could learn something from the music industry.
In 2001, when Napster, the file-sharing service, was at the height of popularity, the music industry flooded the site with broken songs and obnoxious repetitive sounds dressed up to look like popular music. It worked. Millions of people downloaded files that hurt their ears. Washington could do something similar to the online black markets used by hackers.
Shutting down these markets, on the other hand, would have little effect. Users would quickly move to another location. Peter W. Singer, a cyber-warfare expert and senior fellow at New America Foundation, told Reuters he wants to see Washington take a page from the music industry’s playbook. “I wouldn’t aim at taking them down,” he stated, “I’d aim at poisoning the well.”
This could mean flooding black markets with faulty software, malware and broken tools. The files would look like regular malicious software — but either wouldn’t work or would be engineered to backfire on the hackers.
U.S. cyber teams could also go after the hackers aligned with Pyongyang and make their lives miserable. It’s an effective tactic. Bullies are notoriously susceptible to bullying.
Since the FBI has declared that the attack came from North Korea, there’s a good chance the bureau’s experts know which computers and even which hackers it came from. Hackers generally have robust online lives. They use social networks, maintain a presence in online forums and chatrooms and transfer money using Bitcoin or other cryptocurrencies. Washington could make their lives uncomfortably complicated.
It could break into the hackers’ email accounts and publish them — just as the hackers did to Sony Pictures executives. It could ban their Internet protocol addresses or infect their computers with destructive viruses and malware that could store every keystroke the hackers type. Every password, email, website visited would be recorded and stored in a U.S. database. It might only sideline the hackers, by making them spend time and energy fixing the problem or even force them to buy entirely new hardware — a hacker’s worst case scenario.
U.S. cyber teams could also pose online as commentators and ruin the hackers’ reputations among any communities they belong to. For example, they could upload faulty software to the black markets as the Guardians of Peace.
Of course, some security experts insist that the attack did not originate in North Korea, but was routed through it.
One group of expat North Korean hackers, known as Chongryon, is based in Japan. Their actions are crucial to Pyongyang, which uses the group’s grifts and hacks to spread propaganda and bring money to the state.
“The Chongryon are vital to North Korea’s military budget,” a recent report from HP Security analysts explained, “raising funds via weapons trafficking, drug trafficking and other black market activities.” .
Chongryon is just one of many groups that do Pyongyang’s dirty work while operating outside North Korea. Washington could work with its partners in other countries to pursue such North Korea’s satellite hackers and shut them down.
Richard Haass, president of the Council on Foreign relations, suggested attacking Pyongyang’s Internet infrastructure. A response-in-kind, for Haass, is an attack on North Korea’s political and military networks.
Yet disrupting North Korea’s internal networks is not a proportional response. The Guardians of Peace attacked Sony — not the Pentagon.
It would also be incredibly difficult if not impossible. Most of North Korea’s military communications are on “wired circuits that are not connected to international networks,” Martyn Williams, senior correspondent at IDG News Service who writes about Pyongyang for the blog North Korea Tech, told Reuters.
Those military and political pillars Haass advocates attacking probably aren’t even hooked up to the Internet. It’s all internal, and so almost impossible to breach.
Though North Korea isn’t as wired as the United States, some of its people do have access to the Internet. That connection is slow, unstable and heavily censored by the state.
It’s possible for the United States to breach that connection and shut it down. All the connections run through China, however, and Washington would need to work with Beijing to make it happen. And Washington already has its own problems with Chinese hackers linked to the People Liberation Army.
Taking North Korea offline would be counterproductive in any case. The U.S. intelligence community monitors all Internet traffic moving through North Korea. Shut down the country’s Internet and you shut off Washington’s ability to listen in.
That said, North Korea’s Internet already seems to be the subject of attack. On Dec. 22, U.S. North Korea watchers monitored service interruptions across the country’s Internet.
North Korea’s Internet is notoriously spotty. But since Obama’s news conference, there has been a sharp degree of difference. Outages have lasted for many hours. “Usually there are isolated blips, not continuous connectivity problems,” Doug Mandory, director of Internet analysis at Dyn Research, told Williams. “I wouldn’t be surprised if they are absorbing some sort of attack.”
Shutting down the country’s Internet might be the proportional response Obama mentioned. It might also, however, be a sign that China is punishing the country for its recent cyber activities. Beijing isn’t above reining in Pyongyang when it needs to.
But another sort of U.S. retaliation would be to get The Interview into North Korea. So much of the fuss surrounding this hack concerns the film and Pyongyang’s reaction to it. Making it free online or uploading it into North Korea’s networks would take away one of the biggest gains the country got from the attack — getting the movie withdrawn from public view.
One human-rights group plans to achieve just this. This organization, Fighters for a Free North Korea, routinely airdrops over North Korea hydrogen balloons carrying DVDs. They aim to airdrop The Interview as soon as it’s available.
Still, disrupting the black markets and hounding the hackers responsible remain the two best options. It’s a direct punishment levied against the individuals responsible — and has the added effect of slowing down or stopping more attacks.
PHOTO (TOP): North Korean leader Kim Jong Un (C) smiles as he gives field guidance at the Kim Jong Suk Pyongyang Textile Mill in this undated photo released by North Korea’s Korean Central News Agency (KCNA) in Pyongyang, December 20, 2014. REUTERS/KCNA
PHOTO (INSERT): North Korean leader Kim Jong Un gives field guidance during a visit to the Pyongyang Catfish Farm in this undated photo released by North Korea’s Korean Central News Agency (KCNA) in Pyongyang, December 23, 2014. REUTERS/KCNA