Information Warfare: Kimsuky And The Secret Menace

Archives

October 21, 2013: Internet security researchers recently announced they had identified a new group of hackers operating out of North Korea. Calling this group Kimsuky, it has been active for about six months and has targeted universities, shipping companies, and groups encouraging Korean unification. What made Kimsuky stand out was the amateurish behavior of its personnel. The malware (to secretly steal passwords and other ID data) were crudely done and the group was sloppy (or just new to all this) in how they carried out their attacks. This sloppiness made it possible to track the attacks back to North Korea. Kimsuky may be a team formed from newly graduated Cyber War specialists who are out to show they can produce. They can, but not very effectively and not with the stealth required to carry out the most effective attacks.

Earlier this year South Korean security researchers concluded that nearly all the Internet based attacks since 2009 were the work of one group of 10-50 people called DarkSeoul. Given the extent of the attacks, the amount of work required to carry them out, and the lack of an economic component (no money was being stolen), it appeared to be the work of a national government. That coincides with earlier conclusions that North Korean, not Chinese, hackers were definitely responsible for several attacks on South Korean networks. The most compelling bit of evidence came from an incident where a North Korean hacker’s error briefly made it possible to trace back to where he was operating from. The location was in the North Korean capital at an IP address belonging to the North Korean government. Actually, very few North Korean IP addresses belong to private individuals and fewer still have access to anything outside North Korea.

Kimsuky and DarkSeoul appear unrelated, other than the fact that both are coming from North Korea. This indicates that the North Korean Cyber War effort has become so large that several organizations are now planning and carrying out attacks. North Korea appears to be grooming its Cyber Warriors to be major operatives in any future war. More likely the North Korean Cyber War efforts are leading up to some very damaging attacks that North Korea will deny responsibility for and that, if done right, cannot definitively be traced back to North Korea. The South Koreans may not put up with that, in which case the north can play the victim and gain some more enthusiasm for a war from its bedraggled people and substantial military aid from China.