Virtual Battleground: State-Sponsored Cyber-Attacks Redefine Modern Warfare

While globally respected CEO’s like Jack Dorsey of Twitter predict that Bitcoin will become the next global currency, it’s clear that we have a way to go before it becomes a trusted vehicle of exchange. This message was brought home clearly earlier this year in Asia when on February 6, the South Korean Intelligence Agency reported to the Parliamentary Intelligence Committee that it deemed North Korea responsible for the hacking of the Japanese Bitcoin exchange centre.

Coincheck president Koichiro Wada (L) bows in apology at the end a press conference in Tokyo on January 27, 2018 after hackers stole hundreds of millions of dollars in digital assets from the Tokyo-based firm. | Photo: AFP/Getty Images

According to the report, approximately US$500 million worth of cryptocurrency evaporated into thin air. The Agency further noted that it considered Pyongyang to be behind the hacking of at least two cryptocurrency exchange centres in Seoul, which caused tens of billions of Korean won's worth of damage. If the Agency’s claims are true, then North Korea could be responsible for the biggest cryptocurrency heist yet.

The Supreme Leader’s Cyber Warriors

Since 1998, Pyongyang has been running ‘Bureau No. 121,’ staffed with approximately 1,800 hackers as of 2014 according to a former member of the organization who defected to South Korea in 2007. According to a report to the Parliamentary Committee on National Defense, six additional groups have been established since 2013 under the directives of Kim Jong-un to allow specialization of duties. For instance, Office No. 91 specializes in attacking organizations such as the Ministry of Defense or Korea Hydro and Nuclear Power, while Department 180 focuses on hacking (read: robbing) financial websites.

Workers at the Korea Hydro and Nuclear Power Co. participate in an anti-cyber-attack exercise in Gyeongju, South Korea. The state-run nuclear power plant operator was preparing for further cyber-attacks after its data was leaked on a blog and to a Twitter account under the profile 'president of anti-nuclear reactor group.' The identity of the hacker remains unknown. | Photo by Korea Hydro and Nuclear Power Co. via Getty Images

The North Koreans have a long history of hacking South Korean critical infrastructure. In December 2014, Korea Hydro and Nuclear Power’s internal documents – such as its building blueprints and documents from the Blue House, Ministry of Defense, and National Intelligence Service – were leaked to the public by North Korean hackers, as determined by the Government Combined Investigation Unit on Personal Information Crime based on the analysis of malware and the IP addresses involved in the breach. In April 2011, hackers damaged the computer network of the National Agricultural Cooperative Federation, a major banking institution, suspending its service for four days.

A police SWAT team member patrols the area around the West End Cinema just hours before the showing of the 'The Interview' movie on Christmas Day, December 25, 2014 in Washington, DC. Some 200 U.S. theaters screened the Sony Pictures film despite threats of terrorism and an international cyberwar spawned by the farcical comedy about a plot to assassinate the leader of North Korea. | Photo: Paul J. Richards/AFP/Getty Images

While these attacks are mostly focused on South Korea, overseas individuals and organizations have also been harmed by Pyongyang’s cyber-warriors. Despite Pyongyang’s denial, both South Korean and American intelligence agencies have determined that North Korea has been behind these attacks so far, based on the analysis of the malwares, IP addresses, and methodology. In November 2014, Sony Pictures was preparing the release of the controversial film, The Interview, which mocks Kim Jong-un’s cult-y regime. After the declaration from Pyongyang that the release of the film was tantamount to an “act of war,” Sony Pictures was hacked. Lazarus, the group that claimed responsibility for the attack, released private e-mail exchanges between Sony Pictures’ executives and leaked unreleased films to the public. Lazarus is widely believed to be part of the North Korean hacking machine. The FBI ruled that Pyongyang was behind the attack, saying they had “enough information to conclude that the North Korean government is responsible” for the Sony hack.

Paradigm Shift: The Fourth Industrial Revolution and Governance

North Korea’s recent attacks targeting Bitcoin highlight a key dilemma for policy-makers around the world: our institutions and norms of governance are becoming increasingly outdated as the line between the real and virtual worlds is getting even blurrier. The World Economic Forum’s Klaus Schwab talks of a ‘Fourth Industrial Revolution,’ characterized by a paradigm shift in which “the physical, digital and biological worlds are colliding.” At the height of the Bitcoin craze, the market size reached US$325 billion in mid-December 2017 – and even though it suffered huge losses, the market still stands at about US$140 billion. Just to provide an idea of the scale – in 2017 the annual gross domestic product (GDP) of Norway and Israel were US$370.6 billion and US$318.7 billion, respectively.

A woman walks past a screen showing exchange rates of cryptocurrencies at an exchange in Seoul on December 20, 2017. A South Korean cryptocurrency exchange shut down on December 19 after losing 17 per cent of its assets to hackers suspected to be of North Korean origin. | Photo: Jung Yeon-Je /AFP/Getty Images

We live in a world where a virtual currency, which was literally valued at zero upon inception, can grow to the size of a well-off, economically-advanced nation-state like Norway or Israel. These developments add an additional layer of complexity for policy-makers, who already struggle with the challenges of globalization.

The attacks by state-sponsored ‘cyber warriors,’ like those from North Korea, are causing real damages – and increasingly more so as the virtual and the physical continue to collide and merge. Physical damages of the same proportion would be considered an act of war or terrorism, and as such, it is fitting to label this concern a matter of national security. However, while there are clearer benchmarks for addressing physical attacks, there are none for cyber-attacks, which makes it challenging for states to address them.

First and foremost, the nature of cyber-attacks makes it difficult to pin down those responsible. Further, as noted by Avril Haines, the former U.S. deputy national security advisor, unlike physical acts of war, there are no ‘metrics’ for defining or measuring cyber-attacks. And according to an article in the Journal of Conflict and Security Law by David Fidler, a professor of law at Indiana University, the current international law is “not well positioned to support responses to terrorist cyberattacks,” and there are no “strong incentives” for states to develop international law against this threat due to the relative dearth of these occurrences.

Further, this lack of clarity over cyber-attacks and growth of cyber-economies like Bitcoin have altogether created new opportunities for states like North Korea or terrorist organizations. North Korea’s motivation for creating a cyber-warfare division has to do with economic incentives; Pyongyang needs money, especially as the international community is tightening its grip on the Hermit Kingdom’s cash flow over its continued missile tests. Hacking Bitcoins provides a way for the North Korean elites to eschew international sanctions.

North Korea’s attacks on cryptocurrency exchange centres are a reminder to policy-makers – yet again – that they need to clearly and strongly define their stance on cyberattacks and the economy of cryptocurrency. In an age when geography and borders provide little protection against cybercrime attacks from far-away players, Canada itself is closely watching events unfolding in the Asia Pacific and preparing for impacts closer to home. The 2018 Federal Budget’s allocation of C$572.5 million in Digital Research Infrastructure Strategy and C$507.7 million for a new National Cyber Security Strategy suggests that policy-makers are heeding the warning flags being raised across the Pacific.

The views expressed here are those of the author, and do not necessarily represent the views of the Asia Pacific Foundation of Canada.

Dongwoo Kim

Dongwoo Kim is Program Manager, Digital Asia at the Asia Pacific Foundation of Canada, leading its work on existing and emergent technologies and their applications to enhanced Canada-Asia engagement. He was previously a Project Specialist and Post-Graduate Research Scholar at the Foundation. Prior to joining the Foundation, Dongwoo studied politics and international relations at Peking University (MA '18), University of British Columbia (MA '16) and University of Alberta (BA '14).

Canadian Opportunities in the South Korean New Deal Taiwan’s Global Anti-COVID-19 Pavilion: A Strengthening of Soft Power Hong Kong’s New Security Law Sparks High-Tech Exodus Read more >