North Korea warned the United Nations Security Council on April 7th, 2009 that it would take “strong steps” if the fifteen nation body took any action in response to Pyongyang’s launch of a long-range rocket three days earlier. The United States voiced its displeasure calling the launch a “provocative act” that violated a 2006 Security Council resolution prohibiting Pyongyang from conducting ballistic missile launches.
On April 13th, 2009 the United Nations Security Council in a “Presidential Letter” condemned North Korea’s April 5th rocket launch and demanded that Pyongyang not conduct further tests, saying that it would expand existing sanctions against North Korea. The 15 member Security Council voted unanimously for the statement by the council’s president demanding the country make no more launches. This response was one level below a formal resolution.
On April 17th, 2009 Washington increased pressure on North Korea by warning of “consequences” for its recent rocket launch and the latest decision to kick out nuclear inspectors. A State Department spokesperson said that “North Korea has not listened to the will of the international community, and therefore it’s going to have to face the consequences from its unwillingness to meet the international community’s requirements.”
North Korea quickly responded saying any sanctions or pressure to be put upon it as a declaration of undisguised confrontation and a declaration of a war against the DPRK. The North Korean spokesman reportedly said, “There is no limit to the strike to be made by the revolutionary armed forces of the DPRK.” North Korea has reacted to the criticism with more than just words. They expelled all nuclear weapons inspectors and declared that they will resume work on nuclear weapons.
Most military strategist agree that cyber attacks are an excellent first strike weapon. In these specific circumstances, cyber attacks might be considered by Pyongyang as an appropriate and proportional response to the U.N. Security Council’s condemnation and reinforcement of existing sanctions. High probability targets if DPRK launches cyber attacks include South Korea and the fifteen countries that make up the current U.N. Security Council that include — permanent members-China, France, Russian Federation, the United Kingdom and the United States — and ten non-permanent members Austria, Japan, Uganda, Burkina Faso, Libyan Arab Jamahiriya, Vietnam, Costa Rica, Mexico, Croatia and Turkey. This calls for increased vigilance by cyber security professionals guarding the critical infrastructure of those targets identified above.
North Korean Cyber Capabilities Estimate:
- Unit: 121
- Established: 1998
- Force Size: 12,000 declining
- Cyber Budget: $56+ million.
- Goal: To increase their military standing by advancing their asymmetric and cyber warfare capabilities.
- Experience: Hacked into South Korea and caused substantial damage; hacked into the U.S. Defense Department Systems.
- Threat Rating: North Korea is ranked 8th on the cyber capabilities threat matrix developed in August 2007 and updated February 2009.
- Cyber Intelligence/Espionage: Basic to moderately advanced weapons with significant ongoing development into cyber intelligence.
- Offensive Cyber Weapons: North Korea now has the technical capability to construct and deploy an array of cyber weapons. They have moderately advanced distributed denial of service (DDoS) capabilities with moderate virus and malicious code capabilities. Hacking capabilities are moderate to strong with an experience rating of limited to moderate.
Thanks Brian that was worth the laugh. Totally agree BTW.
The cost to develop advanced cyber attack capabilities is well within reach of every country in the world. All it takes to develop cyber attack capabilities is a few good developers, a computer and a network connection. The cyber attacks North Korea launched in the past several years against South Korea were no laughing matter. We should all remember China is the one pulling the stings of North Korean leaders and they have top rated cyber attack capabilities.
I’m not familiar with North Korea’s cyber capability, although I recently came across this article: http://www.au.af.mil/au/awc/awcgate/nps/cno-dprk.pdf
This could provide an opportunity for other states to test out their cyber capabilities. States, such as Russia or China, could route their activities through North Korea, with or without North Korea’s endorsement.
I see the White House/Melissa Hathaway 60-day cyber review has been completed. Does anyone have a link? Or maybe it won’t be released to the general public.
OMG it’s cyber-Armageddon !
Cant we have Kevin whisked away to a secure location before the attack !?
Say locked in a fridge in his basement ?
He’s scaring children again.
China and Russia, sure. But, the better part of N. Korea has trouble keeping the lights on 24 hours a day, and doesn’t have the world’s best T-1 lines either.
These guys are the Jamacian Bobsled team of cyber-warfare. It is very hard to take their threat seriously.
The ultimate problem is this. Let’s say that we know, 100 percent for sure, that North Korea is launching cyber attacks. Let’s say God comes down to Earth in a giant pillar of fire and tells us that it’s North Korea, and not China or Russia disguising their IP addresses.
So what do we do? Economic sanctions? Done that. Launch our own cyber attacks? Riiight, we’ll take out the 4 Atari 2600s they have. Do we bomb them? Seriously? I don’t think so. I’m as gung ho as they come, but if I were President I wouldn’t launch a hot war over stupid internet attacks. No one is going to order what will amount to the slaughter of millions of NKs unless they start shooting real bullets at us.
I think the US needs to create a “Red Cell” team, if they have not already. Like the Navy’s “Red Cell” team. The US should train/ recruit top hackers and create a team that is twofold.
The first objective, as a defensive unit, is to test our own government’s networks and systems. The second is to be an offensive unit and actively probe/ penetrate foreign government systems.
To be successful, it would need to operate like Marcinko’s original Red Cell, being able to attack targets like a hacker would. They would test network and physical site security.
Unlike the modified Red Cell, after Marcinko, where the team members were forced to wear “Red Cell” t-shirts onsite and forced to tell the target when and where they would attack, the members, with authorization, would have free reign to “attack” friendly sites like a hacker really would.
They would perform site penetration, social engineering, dumpster diving the whole nine yards. Then would then report their findings and correct the problems to make the target more secure.
They would also be active in mapping foreign systems, site penetrations, creating back doors, etc.
Picking the correct leader for the team would be of paramount importance. The original “Red Cell” failed, because Marcinko took things too far. He purposefully embarrassed Navy Admirals. Also, base commanders saw the after-action reports as detrimental to their careers. The Navy clamped down on it and with the modifications implemented, it became static and predictable, instead of a dynamic security tool.
Here is a historical account of North Korea’s cyber capabilities.
http://www.crime-research.org/news/04.10.2004/North_Korea_ready_to_launch_cyber_war/
More nonsense from Cole promoting his business.
What is the maximum internet capacity NoKo has?
Any other country in the world could flood it when needed.
What is there IP address range?
One additional router rule and the problem is solved.
Kevin is either nuts or a bad salesman.
More nonsense from this ‘expert’ who cant point to any of his published research in the field.
I second Brian’s request to Christian. Perhaps the solely internet-attack related stuff could move to a different blog? It adds nothing to Defense Tech, IMO.
Krag
I have noticed a tendency of people on these sites to right off asymmetrical threats. I guess armadas of Russian and Chinese 5th gen fighters are easier for some to wrap their heads around.
write off
Gentlemen,
This is the future of warfare. Most “civilized” countries are less and less willing to “sacrifice” their young no matter what the cause.
As each death is tallied like a score card on main stream media, the “value” of the soldier is going up. Also, with countries like the US, so far ahead in technology, small countries aren’t as willing to enter into physical combat on large scales.
Terror type attacks, media victories and cyber warfare is where they feel that they level the playing field. If you can bog down a whole nation or even a city or two with a small team of computer experts with the budget of an F-22 pilot seat, you have scored a major victory.
If Defensetech.org is truly committed to the future of military, law enforcement and national security, then Kevin’s blog is exactly where it should be.
North Korea is not involved in serious cyber espionage. Also, a few other things:
* The Moon landings were faked
* The Earth is 6000 years old
* China is our friend
* Climate change is a conspiracy
* There are aliens at Area 51 helping the New World Order cabal
* The F-22 was a better aircraft than the Northrop YF-23
But seriously, anyone who doubts North Korea is heavily involved in hacking and cyber-espionage is living in some sheltered, delusional dreamland where the DPRK is a land of puppies and flowers, and where MS Windows is a secure operating system.
If we have cyber security problems due to N. Korea, we had better find out about it now, before something serious comes along.
Kevin’s rantings don’t belong here for two reasons, IMO:
One, his writing style is more National Enquirer than Wall Street Journal, and regardless of his content the style along is enough to make folks do a mouseclick for a different webpage.
Two, his content has little of value for military professionals, former milpros, or even hobby-ists that just follow military affairs. The entirety of his subject is IT, and is more suited to Wired or any IT-focused/themed site.
Regardless of the latest “expert” opinions that this is “the future” of warfare, it won’t be a military program in terms of who the virtual shooters are. Again, this puts it firmly in the IT arena — the US military won’t and can’t compete with the private sector and academia for the talent required for real day-to-day cyberwarfare. Aside from the culture clash of programmers and military discipline, the basic economics of military budgets and constitutional requirements means something as esoteric as cyberwarfare will not become a uniformed function.
The US military already relies on contractors for high end maintenance of gear, and true cyberwarfare capability (not script-kiddie crap) is several echelons of skill above contractor hardware maintenance. Meaning…the whole ball of wax will most likely never become a military affair, but a separate civilian service of “overseers” that rely on business and academia “cyber shooters” for actual operations.
Cyberwarfare is such a fast moving affair, that any attempt the pentagon makes to tackle the problem will be sunk by the ponderous bureaucracy that is the civilian-military administration. The knowledge cycle for software development (and cyberware by extension) means a 24/7 cyberwarfare “unit” requires a tempo and agility that simply cannot exist, at the size required for sustainted operations, in the DoD. The fit is so poor it is beyond laughable.
All of that puts it firmly in the sphere of IT, not military affairs, and thus makes it a poor fit for Defense Tech. IMO of course.
Krag
When national security is at risk and hackers are probing our infrastructure then yes, it is a federal/ military issue.
Also, if you do not like this blog, don’t read it! Save us some frustration.
Fred apparently switched jobs last week. Cause last week he was telling “I am not a security consultant. I work as a consultant in Supply Chain!“
Fred next time you tell someone off you should try to have something to say other than just be insulting. It seems all you are able to do on here is tell people that are dumb or should get a clue. Honestly if you don’t have anything productive to say just don’t say anything is you best bet. But if you can’t do that, please at least try not to be mean to people all the time.
>Fred apparently switched jobs last week. Cause last week he was telling “I am not a security consultant. I work as a consultant in Supply Chain!“
Fred must be a supply chain security consultant — you can probably find him on the job, doing the rounds of a Walmart most evenings.
Why would anyone knowledgeable claim to be a security consultant anywasy — when consultants and inside jobs are the greatest threat to IT security. The only thing worse would be to claim to be an Israeli security consultant.
Some people hold onto their fears with an iron grip, when you tell them it’s just as likely they will be hit by flying pigs they demand you respect their right to be scared shitless.
I took some advice and used Google. Kevin was right! This was one of many accounts of North Korea using cyber weapons.
http://74.125.47.132/search?q=cache:aX9J-To4dtkJ:news.softpedia.com/news/South-Korean-Military-Equipment-Development-Secrets-Compromised-by-Hackers-94876.shtml+north+korea+building+cyber+weapons&cd=21&hl=en&ct=clnk&gl=us&client=firefox-a
Good Morning Folks,
Since the story on hacking at Lockheed Martin’s F-35 project has disappeared here, some of you may be wondering what happened.
Well the story was a hoax. In todays WSJ and NYT Lockheed, hell I will just quote Lockheed Martin here: “…incorrect in it’s representation of cyber attacks”…“To our knowledge, there has never been any classified information breach,…“
So where did this cyber crap come form? Surprise, none other the general Mike McConnell, Bush’s 1st. spook. It appears that General McConnell is now a free lance consultant for Lockheed Martin, duh! Here he quickly over stepped his authority, old Generals tend to do that once in the world.
So what is this goofy retired General going for. Well it appears since he has few hopes in the real world he wants to put on his uniform again and head a new $17 billion Cyber Command. President Obama would be well advised to think had about another separate command that has no line of authority, intelligence already is to screwed up as it is and for certain don’t get General McConnell involved, he is a great part of the problem, not the solution.
ALLONS,
Byron Skinner
Many of you need to understand the term research! F35 compromise identified by IG nearly 1 year ago.
In May 2008, POGO obtained a Department of Defense (DoD) Inspector General (IG) report suggesting that
“It looks like we know who the novices are on here and who the expert is. Read below. As Fred said, Kevin is a recognized expert. How many of us can say we have been asked to testify on cyber warfare? “
It’s a ridiculous statement. Kevin doesn’t follow evidence — he tells politicians what they want to hear so they can justify the new cybersecurity plans, such as the cybersecurity act of 2009, as well as the newly established offensive cyberwarfare unit by the Pentagon.
There is not a shred of evidence about the perpetrators of the attack, but ‘experts’ such as Kevin do not hesitate to give their opinion. And that’s all it is. An opinion, without any factual proof.