Posts Tagged ‘asymmetric’

Pentagon looks to counter ever-stealthier warfare

March 24, 2018

AFP

© GETTY IMAGES NORTH AMERICA/AFP/File / by Sylvie LANTEAUME | Air Force Secretary Heather Wilson has warned that both Russia and China are experimenting with ways to take out the US military’s satellites

WASHINGTON (AFP) – The US military has for years enjoyed a broad technological edge over its adversaries, dominating foes with superior communications and cyber capabilities.

Now, thanks to rapid advances by Russia and China, the gap has shrunk, and the Pentagon is looking at how a future conflict with a “near-peer” competitor might play out.

Air Force Secretary Heather Wilson recently warned that both Russia and China are experimenting with ways to take out the US military’s satellites, which form the backbone of America’s warfighting machine.

“They know that we are dominant in space, that every mission the military does depends on space, and in a crisis or war they are demonstrating capabilities and developing capabilities to seek to deny us our space assets,” Wilson said.

“We’re not going to let that happen.”

The Pentagon is investing in a new generation of satellites that will provide the military with better accuracy and have better anti-jamming capabilities.

Such technology would help counter the type of “asymmetric” warfare practised by Russia, which combines old-school propaganda with social media offensives and cyber hacks.

Washington has blamed Moscow for numerous cyber attacks, including last year’s massive ransomware attack, known as NotPetya, which paralyzed thousands of computers around the world.

Little Green Men invaded Crimea — Photo: Sergey Ponomarev

US cyber security investigators have also accused the Russian government of a sustained effort to take control of critical US infrastructure systems, including the energy grid.

Russia denies involvement and so far, such attacks have been met with a muted US military response.

– Public relations shutdown –

General John Hyten, who leads US Strategic Command (STRATCOM), told lawmakers the US has “not gone nearly far enough” in the cyber domain.

Image result for General John Hyten, photos

General John Hyten

He also warned that the military still does not have clear authorities and rules of engagement for when and how it can conduct offensive cyber ops.

“Cyberspace needs to be looked at as a warfighting domain, and if somebody threatens us in cyberspace, we need to have the authorities to respond,” Hyten told lawmakers this week.

Hyten’s testimony comes after Admiral Michael Rogers, who heads both the NSA — the leading US electronic eavesdropping agency — and the new US Cyber Command, last month said President Donald Trump had not yet ordered his spy chiefs to retaliate against Russian interference in the 2016 US election.

Russia has also been blamed for the March 4 poisoning of former spy Sergei Skripal and his daughter Yulia, who were found unconscious on a bench outside a shopping center in England.

NATO countries are working to determine when a cyber attack might trigger the alliance’s Article 5 collective defense provision, General Curtis Scaparrotti, the commander of NATO forces in Europe, said this month.

Image result for u.s. satellites, photos

NATO “recognizes the difficulty in indirect or asymmetric activity that Russia is practising, activities below the level of conflict,” Scaparrotti said.

In 2015, the Air Force opened the highly secretive National Space Defense Center in Colorado, where airmen work to identify potential threats to America’s satellite network.

After officials told a local newspaper, The Gazette, that the center had started running on a 24-hour basis, Air Force higher ups grew alarmed that too much information had been revealed.

In an example of how sensitive the issue of cybersecurity now is, the Air Force reacted by putting its entire public operations department on a “stand down” while it reviews how it interacts with journalists.

by Sylvie LANTEAUME
Advertisements

Smoking gun: South Korea finds North Korea hacking codes — Russia reads Obama’s email — Nobody reads Hillary’s email

April 26, 2015

Seoul, South Korea (CNN)On March 20, 2013, a cyberattack brought chaos to several banks and media outlets in South Korea.

Then more ominously on December 23 last year, computers at the country’s nuclear operator were breached. Again cybercrime was suspected.

On the way home from work in South Korea banking computers and other internet systems were shut down due to a hacker attack.

The source of these attacks? North Korea. And South Korean investigators say they have proof — the actual malicious codes used in the attacks. They shared this data with CNN.

The 2013 attack, known as “Dark Seoul,” paralyzed an estimated 48,000 computers at a number of major banks and broadcasters, disrupting network systems and wiping their hard disks clean.

A man walks by a sign July 5 at Cyber Terror Response Center of National Police Agency in Seoul, South Korea.

A man walks by a sign July 5 at Cyber Terror Response Center of National Police Agency in Seoul, South Korea. (Lee Jin-man / AP)

“It would try to delete essentially all your files… then restart the system. You would come back up and nothing would be there,” Joshua James, a digital forensic expert, told CNN.

“If it infected more financial systems, it could have deleted all financial data in Korea. I mean, it is dangerous,” the visiting professor at Chuncheon’s Hallym University added.

ATM machines are idle in South Korea as bank’s computer networks were paralyzed in Seoul, South Korea, Wednesday, March 20, 2013.  (AP Photo/Ahn Young-joon)

Live footage of the breaches showed computer screens at the media companies completely down, while bank customers were unable to make withdrawals, or transfer money online.

Armistice announcement

“Dark Seoul” happened shortly after the North Korean government announced it would end the armistice agreement that brought the three-year Korean War to an end in July 1953 amid growing tensions with its neighbor.

The latest high-profile digital incursion, in December, attempted to steal data from South Korea’s nuclear operator, including plant blueprints and personnel information. Though investigators said no critical data was stolen, the attack raised serious concerns about the safety and security of the 23 nuclear power plants it runs.

The attack itself was described by James as a “spear-fishing” exercise where unsuspecting victims — retired and current employees of the nuclear operator — were prompted to open up a disguised document in their email.

“As soon as you double click on it, it starts running in the background of your computer where you can’t see … it’s also trying to open up your computer — what we call a back door — to give access to the infected system by the attacker,” he told CNN.

The attack, which James said was simpler than “Dark Seoul,” came just a few days after Sony Pictures said their systems has been “hacked,” another attack the South Korean authorities blamed on North Korea.

READ: North Korea denies Sony hack

Proving who did it

“From a law enforcement or investigation side, we’re trying to actually trace back to who did it,” said James.

Seoul announced in mid-March that some of the IP addresses used in December incursion could be traced back to Shenyang, China, which can be easily accessed from the North Korean border. Codes used in the attack were said to be similar in pattern to those used by the North Koreans, South Korean authorities said.

“The malicious codes used in the attack were same in composition and working methods as “Kimsuky” codes known to be used by North Korea,” the prosecutor’s office that leads 17 other government agencies and Internet companies in the investigation said in the statement in March.

Pyongyang has dismissed the claims it launched these attacks, calling them a “plot and fabrication that can never win over the truth.”

But many experts say North Korea appears to be investing more in cyberwarfare because it is cheaper than spending on conventional weapons and can cause significant economic damage to its southern rival. Indeed South Korea’s Defense Ministry estimates that North Korea is operating a “cyberarmy” of 6,000 workers as it focuses on strengthening its asymmetrical warfare capability.

“Hacks are going on all the time, constantly — though how many actually make the news is a very small amount,” said James.

“How many are detected in general? I think the average person would have no clue they’ve been hacked.

“Organizations need to invest the same amount that hackers are investing to protect themselves and right now they’re not,” he added.

Many in South Korea believe not enough effort is being put into defending against cyberattacks. A report by the Korea Institute for Industrial Economics and Trade, a government-funded think tank, estimates that “Dark Seoul” caused about $820 million worth of damage.

Its report, published in 2014, predicted that by 2020, South Korea could be exposed to hacking attacks causing up to $25 billion in economic damage.

READ: NSA will lead fight against future hacks

Includes videos:

http://www.cnn.com/2015/04/22/asia/koreas-cyber-hacking/

Related:

***********************************

White House

Officials quoted by the New York Times say that the White House cyberspace intrusion in October was viewed as a serious security breach

News For Obama Email

Russian hackers who gained access to the White House computer system last year were able to read President Obama’s unclassified emails, the New York Times has reported.

It said the breach was far more intrusive than previously admitted.

Officials have conceded that sensitive information was in the unclassified system the hackers accessed.

The discovery of the hacking in October led to a partial shutdown of the White House email system.

Highly secure

“The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr Obama’s BlackBerry, which he or an aide carries constantly,” the New York Times said.

“But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr Obama regularly communicated. From those accounts, they reached emails that the president had sent and received.”

The paper quoted White House officials as saying that no classified networks were compromised, and that the hackers accessed no classified information.

Many senior officials have two computers in their offices, one which works on a highly secure classified network and another for unclassified communications, the paper said.

But it said that officials have conceded that the unclassified system often contains information that is considered highly sensitive, including schedules, email exchanges with ambassadors and diplomats, debate about policy and forthcoming personnel deployments and legislation.

http://www.bbc.com/news/world-us-canada-32471408

 President Obama uses his Blackberry mobile phone (18 October 2010)
The hackers are not believed to have penetrated closely guarded servers that control the message traffic from Mr Obama’s BlackBerry

********************************

From The New York Times

WASHINGTON — Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.

The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama’s BlackBerry, which he or an aide carries constantly.

But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation.

White House officials said that no classified networks had been compromised….

Read the rest:

http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclassified-emails-officials-say.html?ref=us&_r=1#story-continues-2

Related:

********************************

News for Hillary Clinton

John Boehner said he is thinking about holding a full house, to vote for an order for, Hillary Clinton to attend court, in regards to she not releasing who her email server is. Boehner’s argument was formulated in a previous interview with Bloomberg Politics, where he stated Clinton, broke the law.

Clinton broke the law according to Boehner because she is not using her own server to do handle personal business matters. Recently Clinton has used a private email server after Rep. Trey Gowdy (R-SC), when he changed the number of court hearings she needed to attend from one to two. Clinton’s lawyer responded to Gowdy in a letter stating Clinton answer all of the questions about her use of email, but Gowdy refused to accept the response.

Boehner is trying to accuse Clinton for breaking the law, during her run for the 2016 election.

image: http://images.intellitxt.com/ast/adTypes/icon1.png

Her campaign has been stirring everyone’s anger because they have postponed the release of the Benghazi report to be released right before the election….

By Krystle Mitchell

Sources:

IJ Review

http://guardianlv.com/2015/04/john-boehner-accuses-hillary-clinton-for-breaking-the-law/

U.S. and allies can intercept North Korean missile but may opt not to: admiral

April 9, 2013
U.S. Navy Admiral Samuel Locklear testifies before the Senate Armed Services Committee hearing on the U.S. Pacific Command and U.S. Forces Korea in review of the Defense Authorization Request for FY2014 in Washington April 9, 2013. REUTERS/Gary Cameron

U.S. Navy Admiral Samuel Locklear testifies before the Senate Armed Services Committee hearing on the U.S. Pacific Command and U.S. Forces Korea in review of the Defense Authorization Request  for FY2014 in Washington April 9, 2013. REUTERS/Gary Cameron

By Phil Stewart

WASHINGTON (Reuters) – The United States is capable of intercepting a North Korean missile, should it launch one in the coming days, but may choose not to if the projected trajectory shows it is not a threat, a top U.S. military commander told Congress on Tuesday.

Admiral Samuel Locklear, the commander of U.S. forces in the Pacific region, said the U.S. military believed North Korea had moved to its east coast an unspecified number of Musudan missiles, with a range of roughly 3,000-3,500 miles.

An Obama administration official, speaking on condition of anonymity, told Reuters “our working assumption is that there are two missiles that they may be prepared to launch” – which was in line with South Korean media reports.

Locklear said the Musudan’s range was far enough to put Guam, a U.S. territory, at risk but not Hawaii or the U.S. mainland.

“If the missile was in defense of the homeland, I would certainly recommend that action (of intercepting it). And if it was defense of our allies, I would recommend that action,” Locklear told a Senate hearing.

Asked whether he would recommend shooting down any missile fired from North Korea, regardless of its trajectory, Locklear said: “I would not recommend that.”

The comments by Locklear came amid intense speculation that Pyongyang may be preparing for a missile test – something the White House says would not be a surprise – or another provocation that could trigger a military response from Seoul.

The Aegis destroyer Myoko, front, and Kongo depart from Sasebo Port on Dec. 6, 2012, to monitor a potential North Korean missile launch. (Asahi Shimbun file photo)

The Aegis destroyer Myoko, front, and Kongo depart from Sasebo Port to monitor a potential North Korean missile launch. (Asahi Shimbun)

The Pentagon has in recent weeks announced changes to its posture to respond to the North Korean threat, including the positioning of two, Aegis-class guided-missile destroyers in the western Pacific and deployment of a missile defense system to Guam.

Any U.S. or South Korea response to a North Korean provocation has the potential to further escalate tensions on the peninsula, just as North Korea intensifies threats of imminent conflict. Pyongyang warned to foreigners on Tuesday to evacuate South Korea to avoid being dragged into “thermonuclear war”.

The guided-missile destroyer USS John S. McCain approaches the aircraft carrier USS George Washington for a fueling at sea in this December 5, 2010 handout photo courtesy of the U.S. Navy. REUTERS/U.S. Navy/Mass Communication Specialist Seaman Cheng S. Yang/Handout

The guided-missile destroyer USS John S. McCain approaches the aircraft carrier USS George Washington for a fueling at sea in this December 5, 2010 handout photo courtesy of the U.S. Navy.  REUTERS/U.S. Navy/Mass Communication Specialist Seaman Cheng S. Yang

NO ‘OFF-RAMP’ TO TENSIONS

The North’s latest message belied an atmosphere free of anxiety in the South Korean capital, where the city center was bustling with traffic and offices operated normally.

Despite the heated rhetoric, Pyongyang has shown no sign of preparing its 1.2 million-strong army for war, indicating the threat could be aimed partly at bolstering Kim Jong-un, 30, the third in his family to lead the country.

Locklear said the U.S. military believed the younger Kim was more unpredictable than his father or grandfather, who always appeared to factor into their cycle of period provocations “an off-ramp of how to get out of it.”

“And it’s not clear to me that he has thought through how to get out of it. And so, this is what makes this scenario, I think, particularly challenging,” Locklear said.

Lawmakers at the hearing were extremely critical of China, the North’s major benefactor, and Locklear acknowledged that the United States wanted Beijing to do more to influence the North to dial-back its aggressive posture.

Asked at one point in the hearing whether China was a friend or foe, Locklear responded: “Neither.”

“I consider them at this point in time, someone we have to develop a strategic partnership with to manage competition between two world powers,” he said.

(Reporting by Phil Stewart; editing by Jackie Frank)

Photo: A Japan Maritime Self Defense Force (JMSDF) ship tests an anti-ballistic missile. Ships with the AEGIS weapon system capable of shooting down ballistic missiles from the U.S., Japan and South Korea are at sea to defend South Korea, Japan and U.S. bases in the region such as Guam.

********************************

Adm. Samuel Locklear, commander of U.S. Pacific Command, told the Senate Armed Services Committee that Kim Jong Un has used the past year to consolidate his power.

By: Donna Cassata, Associated Press

WASHINGTON — U.S. defenses could intercept a ballistic missile launched by North Korea, the top U.S. military commander in the Pacific said today, as the relationship between the West and the communist government hit its lowest ebb since the end of the Korean War.

Adm. Samuel Locklear, commander of U.S. Pacific Command, told the Senate Armed Services Committee that Kim Jong Un, the country’s young and still relatively untested new leader, has used the past year to consolidate his power.

The admiral said Pyongyang’s pursuit of nuclear weapons and long-range ballistic missiles represents a clear threat to the United States and its allies in the region.

During an exchange with Sen. John McCain, R-Ariz., Locklear said the U.S. military has the capability to thwart a North Korean strike, but he said a decision on whether a missile should be intercepted should be based on where it is aimed and expected to land.

“I believe we have the ability to defend the homeland, Guam, Hawaii and defend our allies,” said Locklear, who added that it wouldn’t take long to determine where a missile would strike.

Locklear concurred with McCain’s assessment that the tension between North Korea and the West was the worst since the end of the Korean War in the early 1950s. But the admiral insisted that the U.S. military and its allies would be ready if North Korea tried to strike.

File:US Navy 100730-N-8539M-181 The Republic of Korea Navy guided-missile destroyer ROKS Sejong the Great (DDG 991) returns to Joint Base Pearl Harbor-Hickam after participating in Rim of the Pacific (RIMPAC) 2010 exercises.jpg

South Korea’s ROKS Sejong the Great (DDG 991)

He said North Korea is keeping a large percentage of its combat forces along the demilitarized zone with South Korea, a position that allows the North to threaten U.S. and South Korean civilian and military personnel.

Locklear told the panel, “The continued advancement of the North’s nuclear and missile programs, its conventional force posture and its willingness to resort to asymmetric actions as a tool of coercive diplomacy creates an environment marked by the potential for miscalculation. …”

Increasingly bellicose rhetoric has come from Pyongyang and its leader, with North Korea urging foreign companies and tourists to leave South Korea and warning that the countries are on the verge of a nuclear war.

Senate Armed Services Committee Chairman Carl Levin, D-Mich., told Locklear that the North Korean government’s threats “appear to exceed its capabilities, and its use of what capabilities it has against the U.S. or our allies seems highly unlikely and would be completely contrary to the regime’s primary goal of survival.”

“Nonetheless, its words and actions are not without consequences,” Levin said.

The Democrat questioned the Obama administration’s decision to delay a long-scheduled operational test of an intercontinental ballistic missile amid the North Korea rhetoric.

Locklear said he agreed with the decision to delay the test.

“We have demonstrated to the people of the region, demonstrated to the leadership of North Korea, our ability and willingness to defend our nation, our people, our allies and our forward deployed forces,” Locklear said, citing other steps the U.S. military has taken in recent weeks.

The U.S. has moved two of the Navy’s missile-defense ships closer to the Korean peninsula, and a land-based system is being deployed to the Pacific territory of Guam. The U.S. also called attention to the annual U.S.-South Korean military exercise that included a practice run over South Korea by B-2 stealth bombers.

Levin mentioned that President Barack Obama recently talked to China’s new president, Xi Jinping, about the U.S. efforts to deal with North Korea. Locklear said he has not had similar conversations with his Chinese counterparts.

In an exchange with Sen. Angus King, I-Maine, Locklear acknowledged a hotline connection between Washington and Beijing similar to what existed with Moscow during the Cold War, and said both sides need to move forward in continuing conversations.

Locklear told Levin that he would explore the possibility of making direct contact with his military counterparts in China and communicate with them the seriousness of the situation on the Korean peninsula.

Sen. Tim Kaine, D-Va., insisted that North Korea’s nuclear program could come to a “grinding halt” if China pressured Pyongyang.

Reflecting the uneasy relationship, Sen. Lindsey Graham, R-S.C., asked Locklear if he considers China a “friend or a foe.” Locklear said neither.

“I consider (China), at this point in time, someone we have to develop a strategic partnership with to manage competition between two world powers,” Locklear said.

Locklear said Kim Jong Un has adopted pages from the playbook used by his father, Kim Jong Il, but his approach differs in a significant way. Kim Jong Un’s father, as well as his grandfather, Kim Il Sung, made sure they had “off ramps” that gave them a way to exit a confrontation, particularly if the U.S. and its allies were willing to offer concessions. Kim Jong Un, Locklear said, appears not to have given himself channels that would help him ratchet down the tensions.

The admiral described Kim Jong Un as “an impetuous young leader (who) continues to focus on provocation rather than on his own people.”

The scope of Locklear’s responsibilities as the top officer at Pacific Command extend beyond the Korean peninsula, and he told the committee that his command is closely watching the proliferation of submarines among countries including China and Vietnam. Locklear said there are an estimated 300 submarines being operated around the world, although he noted that no country there has an undersea force as capable as the United States’.

Both Russia and China are expected soon to deploy new ballistic missile submarines capable of threatening the United States, Locklear said. India is also expanding its submarine force, and Australia, Singapore, Indonesia, Malaysia, Vietnam, and South Korea have launched, or soon will, modern submarines.

Japanese Maritime Self Defense Force  (MSDF) ship Kongo is equipped with the advanced Aegis combat system

*****************************

By YOSHIHIRO MAKINO/ Correspondent

Japan, the United States and South Korea will deploy seven radar-equipped ships in the Sea of Japan to monitor, and possibly destroy, any ballistic missiles launched by North Korea.

The ships are all equipped with the Aegis Combat System, a weapons array that uses computers and radar to track and guide weapons to destroy enemy targets.

Japan dispatched two destroyers of the Maritime Self-Defense Force to the Sea of Japan by April 9. The U.S. Navy also sent three Aegis destroyers not only to waters near Japan, but also in the vicinity of Guam to protect that U.S. territory.

According to government sources of the three allies, the Kongo and Kirishima destroyers, belonging to the MSDF, have been deployed to the Sea of Japan. One will likely be positioned to cover the northeastern part of Japan, while the other assigned closer to western Japan.

One U.S. Aegis destroyer has been sent near the waters of Guam, while another is being deployed off the eastern coast of the Shimokita Peninsula in northern Japan.

The USS Shiloh, a guided missile cruiser that has advanced interceptor missile capability, departed from Yokosuka Naval Base on April 8.

The two South Korean Aegis-equipped ships will be deployed off the coasts to the east and west of the Korean Peninsula.

The medium-range ballistic missile Musudan, which North Korea has been moving in recent days for a possible launch, has a range of about 3,000 kilometers (1,864 miles). That was estimated based on the diameter and overall length of the missile that has been displayed in public, as well as from the capability of the SSN-6 submarine-launched ballistic missile developed by the former Soviet Union on which the Musudan is modeled on.

However, the specific capabilities of the Musudan remain unknown because it has not been test-launched in the past.

Another major problem facing Japan and its two allies is the fact the Musudan missile has been placed on a mobile launch pad. That means it will be extremely difficult to determine the target of the missile until immediately before its launch.

Experts believe the missile could reach the vicinity of Japan about 10 minutes after it is launched.

For those reasons, Japan and the United States have deployed one Aegis destroyer each in waters to the east and west of northeastern Japan. That decision was made based on the experience in April 2009 when a long-range ballistic missile launched by North Korea flew over Akita and Iwate prefectures in northern Japan.

The main objective of the two Aegis destroyers near northern Japan will be to gather intelligence on the Musudan, but they may be called on to shoot down a missile if it becomes clear that it could land in either Japan or Hawaii.

The United States has also deployed an Aegis destroyer in the vicinity of Guam because of the need to protect that island. One of the MSDF Aegis destroyers will gather intelligence while keeping in mind the possibility that a Musudan could be targeted at Guam. The SDF will have a data-link with the U.S. military to share information gathered.

The two South Korean Aegis destroyers do not have the capability to intercept ballistic missiles, nor do they have sufficient data-link capability with the U.S. military. Those destroyers will likely focus on gathering intelligence to prepare for an analysis of the capability of the Musudan.

Meanwhile, Prime Minister Shinzo Abe talked to reporters on April 9 about the recent moves by North Korea.

“We are calmly doing what we have to, while also cooperating with the relevant nations,” Abe said. “There will be a need to implement the economic sanctions included in the recently passed U.N. (Security Council) resolution. We will take every precaution to protect the lives and safety of the public.”

http://ajw.asahi.com/article/asia/korean_peninsula/AJ201304090084

Experts: NKorea training teams of ‘cyber warriors’

March 24, 2013

FILE - In this Jan. 9, 2013 file photo, North Koreans work at computer terminals inside the Grand People's Study House in Pyongyang, North Korea. Investigators have yet to pinpoint the culprit behind a synchronized cyberattack in South Korea last week. But in Seoul, the focus remains fixed on North Korea, where South Korean security experts say Pyongyang has been training a team of computer-savvy “cyber warriors” as cyberspace becomes fertile battlegrounds in the standoff between the two Koreas. (AP Photo/David Guttenfelder, File)

North Koreans work at computer terminals inside the Grand People’s Study House in Pyongyang, North Korea. Investigators have   yet to pinpoint the culprit behind a synchronized cyberattack in South Korea last week. But in Seoul, the focus remains fixed on North Korea, where South Korean security experts say Pyongyang has been training a team of computer-savvy “cyber warriors” as cyberspace becomes fertile battlegrounds in the standoff between the two Koreas. (AP Photo/David Guttenfelder, File)

By YOUKYUNG LEE | Associated Press 

SEOUL, South Korea (AP) — Investigators have yet to pinpoint the culprit behind a synchronized cyberattack in South Korea last week. But in Seoul, the focus remains fixed on North Korea, where South Korean security experts say Pyongyang has been training a team of computer-savvy “cyber warriors” as cyberspace becomes a fertile battleground in the standoff between the two Koreas.

Malware shut down 32,000 computers and servers at three major South Korean TV networks and three banks last Wednesday, disrupting communications and banking businesses, officials said. The investigation into who planted the malware could take weeks or even months.

South Korean investigators have produced no proof yet that North Korea was behind the cyberattack, and on Friday said the malware was traced to a Seoul computer. But South Korea has pointed the finger at Pyongyang in six cyberattacks since 2009, even creating a cyber security command center in Seoul to protect the Internet-dependent country from hackers from the North.

It may seem unlikely that impoverished North Korea, with one of the most restrictive Internet policies in the world, would have the ability to threaten affluent South Korea, a country considered a global leader in telecommunications. The average yearly income in North Korea was just $1,190 per person in 2011 — just a fraction of the average yearly income of $22,200 for South Koreans that same year, according to the Bank of Korea in Seoul.

But over the past several years, North Korea has poured money and resources into science and technology. In December, scientists succeeded in launching a satellite into space aboard a long-range rocket from its own soil. And in February, North Korea conducted an underground nuclear test, its third.

“IT” has become a buzzword in North Korea, which has developed its own operating system called Red Star. The regime also encouraged a passion for gadgets among its elite, introducing a Chinese-made tablet computer for the North Korean market. Teams of developers came up with software for everything from composing music to learning how to cook.

But South Korea and the U.S. believe North Korea also has thousands of hackers trained by the state to carry its warfare into cyberspace, and that their cyber offensive skills are as good as or better than their counterparts in China and South Korea.

“The newest addition to the North Korean asymmetric arsenal is a growing cyber warfare capability,” James Thurman, commander of the U.S. forces in South Korea, told U.S. legislators in March 2012. “North Korea employs sophisticated computer hackers trained to launch cyber-infiltration and cyber-attacks” against South Korea and the U.S.

In 2010, Won Sei-hoon, then chief of South Korea’s National Intelligence Service, put the number of professional hackers in North Korea’s cyber warfare unit at 1,000.

North Korean students are recruited to the nation’s top science schools to become “cyber warriors,” said Kim Heung-kwang, who said he trained future hackers at a university in the industrial North Korean city of Hamhung for two decades before defecting in 2003. He said future hackers also are sent to study abroad in China and Russia.

In 2009, then-leader Kim Jong Il ordered Pyongyang’s “cyber command” expanded to 3,000 hackers, he said, citing a North Korean government document that he said he obtained that year. The veracity of the document could not be independently confirmed.

Kim Heung-kwang, who has lived in Seoul since 2004, speculated that more have been recruited since then, and said some are based in China to infiltrate networks abroad.

What is clear is that “North Korea has a capacity to send malware to personal computers, servers or networks and to launch DDOS-type attacks,” he said. “Their targets are the United States and South Korea.”

Expanding its warfare into cyberspace by developing malicious computer codes is cheaper and faster for North Korean than building nuclear devices or other weapons of mass destructions. The online world allows for anonymity because it is easy to fabricate IP addresses and destroy the evidence leading back to the hackers, according to C. Matthew Curtin, founder of Interhack Corp.

Thurman said cyberattacks are “ideal” for North Korea because they can take place relatively anonymously. He said cyberattacks have been waged against military, governmental, educational and commercial institutions.

North Korean officials have not acknowledged allegations that computer experts are trained as hackers, and have refuted many of the cyberattack accusations. Pyongyang has not commented on the most recent widespread attack in South Korea.

In June 2012, a seven-month investigation into a hacking incident that disabled news production system at the South Korean newspaper JoongAng Ilbo led to North Korea’s government telecommunications center, South Korean officials said.

In South Korea, the economy, commerce and every aspect of daily life is deeply dependent on the Internet, making it ripe grounds for a disruptive cyberattack.

In North Korea, in contrast, is just now getting online. Businesses are starting to use online banking services and debit cards have grown in popularity. But only a sliver of the population has access to the global Internet, meaning an Internet outage last week — which Pyongyang blamed on hackers from Seoul and Washington — had little bearing on most North Koreans.

“North Korea has nothing to lose in a cyber battle,” said Kim Seeongjoo, a professor at Seoul-based Korea University’s Department of Cyber Defense. “Even if North Korea turns out to be the attacker behind the broadcasters’ hacking, there is no target for South Korean retaliation.”

___

Associated Press writer Jean H. Lee contributed to this story with reporting from Pyongyang, North Korea; Hyung-jin Kim in Seoul also contributed to this report. Follow AP tech writer Youkyung Lee at http://www.twittter.com/YKLeeAP and AP Korea bureau chief Jean H. Lee at http://www.twitter.com/newsjean.