, The Associated Press 2004-10-05
Communist North Korea is believed to have trained up to 600 computer hackers to launch cyberattacks against countries such as the United States and South Korea, according to South Korea's Defense Ministry.Computers are a rarity and Internet access is almost nonexistent for most people in the impoverished North Korea, but the Defense Ministry said in a report submitted to the National Assembly's national defense committee that it believes North Korea's intelligence warfare capabilities have already reached the level of those in advanced countries.
Computer experts in North Korea are trained in a five-year university course, and computer hackers are selected from these experts, it said.
One of their duties is to gather military intelligence from the countries such as the United States, South Korea and Japan, and to launch cyberattacks.
Hackers, possibly based in China, attacked computers at South Korea's National Assembly and the Korea Institute for Defense Analyses in July, raising concerns about national security.
"We believe that North Korea's military intelligence warfare capabilities have reached the level of advanced countries," the Defense Ministry report said on Monday.
In 2002, then-White House technology adviser Richard Clarke told a U.S. Congressional panel that North Korea, Iraq, Iran China and Russia were training people for Internet warfare.
A spokesman for the State Department said the agency was looking into the report, but had no immediate assessment.
Oxblood Ruffin, an expert on computer security and hacking, said Tuesday that he was worried about North Korea's potential for damage. Ruffin founded the human rights group Hactivismo that helps activists encrypt Internet communications from China and other authoritarian societies.
Ruffin called South Korea's hackers "some of the most talented and relentless technologists I've encountered, so it makes me think that going North there is a similar, if nascent, group of enthusiasts, possibly even more motivated."
"The fact that some of the network activity was traced back to China makes me think that there is some possible collusion with the PRC," Ruffin told The Associated Press in an e-mail.
"I can't imagine that the Chinese would tolerate an intrusion on their sovereignty. We do know that the Chinese have extremely refined Netwar capabilities, so why not their clients? The North Koreans might even have instructors from China," he added.
But Toshi Yoshihara, a visiting professor at the Air War College, at Montgomery, Ala., noted that it takes practice and initiative to develop top hacking skills.
"In a country as closed to the outside world as is North Korea, where the freedom of the individual is curtailed greatly, the pool of talent is limited," he told AP.
He noted that China and Taiwan have attempted hacking attacks on each other, by both official programmers and devoted amateurs, but achieved little real damage.
"It's fairly low-level," he said. "It sort of slows things down a little bit," the way denial-of-service attacks gum up commercial sites.
He noted that in the event of an attack, "We do have to distinguish between civilian and government installations. Government computers are much more secure, redundant and robust."
South Korea is one of the world's most wired countries, with nearly 70 percent of all households having high-speed broadband access to the Internet, and computer hacking has increased dramatically in recent years, government statistics show.
Reports of hacking from South Korea into computers in other countries increased from 6,531 in 2002 to 14,063 in 2003, and then to 10,634 in the first half of 2004, the Korea Information Security Agency said in a report earlier this year.
North Korea's purported cyber warfare program has a powerful sponsor: paramount leader Kim Jong Il. He visited software labs and high-tech hubs during his rare trips to China and Russia in 2000 and 2001, and under his rule, North Korea has opened computer labs and made computer education compulsory at schools.
Ruffin, who is also a member of the Cult of the Dead Cow, a group or programmers that monitors hacking activity, saw that as an unhealthy interest in computers.
"Recently the IAEA has warned of cyberattacks against nuclear facilities," he said, referring to the U.N. watchdog International Atomic Energy Agency.
"They don't need physical nukes to create problems," he added. "They could just exploit our network vulnerabilities. It's completely doable. Poo-pooing the North Koreans is easy, but is it wise?"