By: Denise Simon| Founders Code Primer: South Korean surgeons operating on a North Korean defector who escaped across the Demilitarized Zone between the two countries under a hail of gunfire on Nov. 13 have found a parasite in the man’s stomach unlike any other they had seen. The defector, who was shot
South Korean surgeons operating on a North Korean defector who escaped across the Demilitarized Zone between the two countries under a hail of gunfire on Nov. 13 have found a parasite in the man’s stomach unlike any other they had seen.
The defector, who was shot five times, remained in critical condition after hours in two rounds of surgery, according to an article in the Korea Biomedical Review published on Nov. 15.
Over the past 10 years, the escapades of various nation-state actors in the cyber realm have exploded onto the pages of top-tier media, and into prime time network news. Russian espionage against political targets during the 2016 US presidential election, wide reaching Chinese espionage against Western commercial targets, disruptive attacks against the US financial sector associated with Iran, and the destructive attacks against Sony Pictures Entertainment (SPE) are some of the premier examples of mainstream coverage of ‘cyber.’
Behind every single offensive cyber action conducted in the interest of the capable nation-states is a doctrine,[1] and North Korea, like many other nation-states, has incorporated cyber operations within their own broader military doctrine and has conducted numerous offensive operations in the furtherance of their national agenda. What is particularly alarming about DPRK operations is their willingness to initiate escalatory actions, such as their likely connections to the now infamous WannaCry ransomware, and their targeting of the global financial system.
North Korea’s disregard for the consequences of its actions sets them apart from other nation-states, and is particularly dangerous.
North Korean offensive cyber operations have been conducted to collect sensitive political and military intelligence information, to lash out at enemies who threaten their beliefs and interests, and most interestingly, to generate revenue.
This revenue generation aspect of North Korean operations was thrust into the international spotlight when, in early 2016, unauthorized transfers of funds from the Bangladesh Central Bank were issued using the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network for global banking. The attempted transfers amounting to over $950 million USD sought to move funds to entities in locations such as Sri Lanka and the Philippines; ultimately $81 million USD in funds disappeared into the ether.
The subsequent investigation revealed that the perpetrators of the attack used tools to securely delete records from the SWIFT terminals that would alert Bangladesh Central Bank employees of the transfers. Commonly referred to as a “wiper,” this secure deletion tool contained code that was linked by many in the computer security industry to one used in attacks associated with North Korea, notably the attack on SPE through a US Computer Emergency Response Team (USCERT) alert. The revelation that a state would engage in such a flagrant violation of international norms came as a surprise to many in the information security arena.
