Sony hack: North Korea’s cyber-army has spent years subjecting its enemies to internet warfare

If North Korea is behind the attack, it won’t be the first time it has targeted companies and countries on foreign soil

Click to follow
The Independent Tech

The internet is unknown to most North Koreans — they have enough trouble getting the power and computers needed to get on it. But deep at the secret heart of the company lies one of the most powerful army of cyber-warriors in the world.

What’s more, the technological problems of the country means that there’s very little to hack back. All of the major countries have their own cyber-armies, but there’s very little they can do to North Korea.

The Sony hack — which the FBI and South Korea have publically blamed on North Korea, though it still might be the work of others, too — marks probably the costliest cyber-attack ever on American soil. The US has said that it is the first example of cyber-warfare arrival in the country — but it is nothing new to South Korea.

North Korea has form, at least according to the South. South Korea blames its northern neighbour for at least six high-profile cyberattacks since 2007.


The first was a ‘denial of service’ attack — flooding a site with requests so that it can’t handle them all and buckles — launched on dozens of websites in South Korea and the US government, on July 7, 2009. Like in the Sony hack, North Korea were not confirmed to be behind it, but officials in Seoul see it as the beginning of sustained attacks from the country.

They then ratcheted up in 2011 — when three major attacks hit private companies and governments in South Korea. As well as bringing sites down, they attacked banks and newspapers, in 2012 changing the front page of South Korean daily paper JoongAng Ilbo.

25-KimJongUn-Reuters.jpg In 2013, they brought down government computers and kept banks offline for as much as a week. And that year, on the anniversary of the outbreak of the Korean war between North and South, government and media firms were hit by denial of service attacks and other hacking.

The attacks are carried out by the secretive ‘Bureau 121’ — a group of around 1,000-3,000 hackers, according to a report leaked from North Korea in 2009, and could be even more. It is made up of some of the country’s brightest young students, who go on to be richly rewarded and praised in a country infamous for its low pay.

After being selected — mostly from the top students at the University of Automation each year, according to reports — they are trained in the industrial North Korean city of Hamhung and are also sent to study in China and Russia.

Some of them are still likely to be based in China, and carrying out attacks from there. Early connections with other countries — including the code going through Thai and Italian servers —  are likely to be a result of whoever is really behind the attack, whether North Korean or from elsewhere, disguising their real location.