Cyberwarfare

Cyberwarfare (사이버전쟁/網上戰爭) refers to politically motivated hacking being conducted in the cyberspace between hostile countries. The social and economic infrastructure in Korea is well equipped with advanced information and communications technologies. The national security is more often than not threatened as much by cyberwarfare between the North Korea.

It is a form of information warfare sometimes seen as analogous to conventional warfare. Cyberwarfare was defined by a U.S. government security expert, Richard A. Clarke, in his book Cyber War (May 2010) as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption."

Key words
cyberwar, cybersecurity, national security, DoS

Cyberwarfare by country
According to Wikipedia, the Internet security company McAfee stated in their 2007 annual report that approximately 120 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities.

United States
Cyberwarfare in the United States is the United States military strategy of proactive cyber defence and the use of cyberwarfare as a platform for attack. The new United States military strategy, makes explicit that a cyberattack is casus belli just as a traditional act of war

In 2009, President Barack Obama declared America's digital infrastructure to be a "strategic national asset," and in May 2010 the Pentagon set up its new U.S. Cyber Command (USCYBERCOM), headed by General Keith B. Alexander, director of the National Security Agency (NSA), to defend American military networks and attack other countries' systems. The EU has set up ENISA (European Network and Information Security Agency) which is headed by Prof. Udo Helmbrecht and there are now further plans to significantly expand ENISA's capabilities. The United Kingdom has also set up a cyber-security and "operations centre" based in Government Communications Headquarters (GCHQ), the British equivalent of the NSA. In the U.S. however, Cyber Command is only set up to protect the military, whereas the government and corporate infrastructures are primarily the responsibility respectively of the Department of Homeland Security and private companies.

China
China’s development of cyber capabilities have been correlated with the country’s overall economic, political, and social development as a newly industrialized nation. Alongside its development China has pursued the acquisition of foreign military technology and many recent news reports link China’s technological capabilities to the beginning of a new ‘cyber cold war.’

In this connection, China continues to be held responsible for a string of cyber-attacks on a number of public and private institutions in the United States, India, Russia, Canada, and France. The Chinese government denies any involvement in cyber-spying campaigns. The administration maintains the position that China is not the threat but rather the victim of an increasing number of cyber-attacks.

North Korea
북한의 사이버전 능력은 세계 최고 수준인 것으로 알려졌다. 북한은 1990년대부터 사이버 전사(해킹 요원)들을 체계적으로 양성해왔다. 금성 제1·2 중학교 졸업생 중 톱클래스의 수재들을 과학 영재로 선정해 미래 사이버 전사로 키운다. 이들에게는 컴퓨터 분야를 전문적으로 가르치고, 실력이 뛰어난 학생들을 선발해 김책공대나 김일성종합대에 진학시킨다. 졸업 후에는 정찰총국 등 사이버 부대에 실전 배치한다. 현재 북한의 사이버 전사는 1000명에서 3000명에 달한다고 한다.

North Korean cyber warriors are classified into four groups.
 * 국방위원회 최고사령부 작전조 산하의 총참모부 정찰국(121국 해커 부대): 남한의 군과 국가 전략기관에 대한 정보 해킹
 * 총참모부 적공국(204 사이버 심리 부대): 남한에 대한 사이버 심리전
 * 중앙당 조사부(기초조사자료실): 남파 간첩들과의 정보 교신, 기타 사이버 공간에서의 활동
 * 통일 전선부: 남한에 조작된 정보와 여론 확산 기타 대남 심리전 수행.

North Korean hackers are strategically trained elite group. 이들은 기본 프로그래밍 구조나 원서를 완전히 암기할 정도로 기본기가 탄탄해 프로그래밍·해킹 실력은 세계적이다. 대신 첨단 기술이나 환경 변화에는 감각이 떨어지는 편이다. 2000년대 중반 이후에는 김정일의 지시에 따라 기밀 절취, DDoS 공격, 전산망 파괴 등으로 사이버 능력을 한층 강화했다. 공격 주체를 숨기는 ‘꼬리 감추기’도 더욱 교묘해졌다. 정보 당국에 의하면 2012년에 일어난 농협 전산망 파괴나 중앙일보 신문 제작 서버 해킹 등을 분석해볼 때 우리의 탐지와 추적을 피하기 위해 북한은 해킹 통신 암호화, 흔적 삭제 등 고난도 기술을 쓰고 있다.

최근에는 국가 주요 기반 시설의 제어 시스템을 폐쇄망으로 운영함으로써 직접 해킹이 곤란해지자 유지·보수 협력업체의 PC를 장악해 우회 공격을 시도하고 있다. Intranet or closed networks are never the safety zone at all. 정부 당국에서는 향후에는 교통·전력 등 주요 기반 시설 제어망과 금융망의 취약점을 치밀하게 파악해 동시다발적 정밀 타격을 시도할 것으로 예상하고 있다.

Methods of attack
Cyberwarfare consists of many different threats: cyber espionage and cyberattacks.
 * Espionage and national security breaches
 * Sabotage
 * DoS attack

Incidents in Korea
Uriminzokkiri.com is based in Shenyang, China, and was established in June 2003 to spread North Korean propaganda. The South Korean government categorized it as unlawful and blocked South Koreans’ access to the site in 2004.
 * In July 2009, there were a series of coordinated denial-of-service (DoS) attacks against major government, news media, and financial Websites in Korea and the United States. While many thought the attack was directed by North Korea, one researcher traced the attacks to the United Kingdom.
 * In July 2011, SK Communications was hacked, resulting in the theft of the personal details (including names, phone numbers, home and email addresses and resident registration numbers) of up to 35 million people. A trojaned software update was used to gain access to the SK Communications network. Links exist between this hack and other malicious activity and it is believed to be part of a broader, concerted hacking effort.
 * In April 2013, an international group of hackers attacked North Korea’s propaganda Website and got access to lists of its registered members, which included thousands of South Koreans. Anonymous, a so-called “hacktivist” group, said it hacked into the pro-North Web site uriminzokkiri.com (우리민족끼리) in order to tell Pyongyang to stop threatening the world and to warn North Korean leader Kim Jong-un to step down and give his people freedom. It leaked records of the Web site’s 9,001 members on Thursday including names, user IDs, dates of birth, e-mail addresses and genders. About 5,000 of the e-mail addresses were from South Korea.

Cyber counterintelligence
Cyber counter-intelligence are measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions.

As witnessed in the March 20 incident, broadcasters and banks recently faced a cyberattack. It is extremely worrisome because a long-time paralysis of the infrastructures will cause chaos. Cyberattacks in Korea were aimed at paralyzing the institutions, while the American society was recently shocked by the network intrusion.

The government must include cyberattacks in the concept of security. It must learn lessons from U.S. President Barack Obama, who proclaimed in 2009 that America’s digital infrastructure is a strategic asset. To counter the looming risk, the Korean military needs to recruit manpower, and they must be treated with respect and proper salaries so that they won’t leave the military to serve in the private sector. Furthermore, the reserved troops also need to be more aware of the cybersecurity.

In this regard, cybersecurity should be seriously enforced among common people.