Another clash of cyber armies in the east

‘The South Korean government has admitted that its cyber military command was hacked last month by injecting malicious codes into one of its main routing servers. However, authorities say the possibility of any data theft is low as the military intranet was not connected to the targeted server … The targeted server was a security buffer for computers that the military had specifically allotted for internet-connection purposes. Nearly 20,000 military computers were connected to the server at the time of attack.’

Source: IBTimes

North Korea’s cyber defense or attack capacities are often hugely underestimated, while they are usually blamed for such large scale operations as the Sony Hack. There is great controversy surrounding such accusations, especially when DNS records of “all” 28 of their web sites become the laughing stock of the public. How could a country with basically no public internet access pull off such a feat?

The army is the answer. South Korea estimates that there are 1,700 highly skilled and specialized hackers in the north. A North Korean defector told the BBC in May that Pyongyang had an army of 6,000 trained military hackers and that the regime spends up to 20% of its military budget on cyber operations. We can only guess that they may originate from China (North Korea’s ally), because without proper high tech infrastructure and education, it’s highly unlikely that they could set up an army of hackers on their own.

South Korea took serious countermeasures against the threat to their network, they spent $218m between 2009 and 2015 on cyberdefense and it already looks like that spending was a good investment. The infected server was taken down in time to avoid widespread infection in the system.

In many cases, money is the weak point in the cyberdefense of a country or a company. As the example shows, this should not be the case. Every country has enemies in cyberspace and vulnerabilities in their systems. Estonia probably moves the backup of its critical data to the UK and all other countries should have already assessed their risk factors and taken countermeasures. When will the rest of the world catch up with cybersecurity enabled countries? Will it be before or after a disaster?