The attack on Sony Pictures has put North Korea’s cyberwarfare program in the spotlight. Like most of the internal workings of the country, not much is known but snippets of information have come out over the years, often through defectors and intelligence leaks.
Here’s a summary of what we know:
The Cyberunits
North Korea’s governing structure is split between the Workers’ Party of Korea (WPK) and the National Defense Commission (NDC).
朝鲜的主要cyberoperations侦察总局(RGB),这本身属于人民武装部是在NDC的转部分的部下下运行。该RGB已经运作了多年的传统间谍和秘密行动,并形成了两个cyberdivisions几年前所谓的单元121和Office 91。
Office 91 is thought to be the headquarters of North Korea’s hacking operation although the bulk of the hackers and hacking and infiltration into networks is done from Unit 121, which operates out of North Korea and has satellite offices overseas, particularly in Chinese cities that are near the North Korean border. One such outpost is reportedly the Chilbosan Hotel in Shenyang, a major city about 150 miles from the border. A third operation, called Lab 110, participates in much the same work.
也有根据朝鲜政府的另一只手臂,在朝鲜劳动党的几个cyberunits。
单元35是负责培训cyberagents并理解为处理家庭cyberinvestigations和操作。单元204发生在网络间谍和心理战和Office 225列车代理商在韩国的任务,有时可以有一个网络的组成部分。
Training
朝鲜学校制度强调数学的学生从小的重要性。最有天赋的给出接触电脑,他们可以开始练习编程技能,如果他们足够好,去到学校有专门的计算机部门的少数之一。这些都是典型的金日成综合大学,全国学习的最负盛名的座位,金策工业综合大学或米林学院。更少有人知道后者,尽管它被认为是一个专业的网络战学校。
学生学习一般的编程技术,也将专门学科,如网络战。毕业后,他们有时会被送到海外留学。这时候,有一个开放的互联网连接和外部网络的匿名性,就可以开始参与黑客论坛,开发恶意软件和测试他们的技能。
Over the past few years, it’s estimated the schools have turned out several thousand students (estimates range from around 2,000 to around 6,000), who now make up North Korea’s cyberforces.
International Network
North Korea has a single connection to the Internet, so attacks from inside the country would be quite easy to trace. As a result, the country uses computers around the globe to launch attacks. Often these are compromised PCs and the owners have no idea they’ve been infected with North Korean malware. Some of the initial attacks to help build this network of infected computers are thought to be launched from North Korean outpost offices in places like China, Russia and India.
Operations and attacks
虽然牵制网络攻击的真正肇事者是非常困难的,一些近年来袭击归咎于朝鲜。有些人,像索尼的黑客,一直高调,但许多人都得到注意要少得多显得较为旨在赚钱不是导致中断。
July 2009 - Attackers target government websites in the U.S. and South Korea in large-scale distributed denial of service (DDOS) attacks that were later blamed on North Korea.
March 2011 - In an attack dubbed “10 Days of Rain,” major South Korean government websites and sites operated by the U.S. military in South Korea are targeted in DDOS attacks.
April 2011 - South Korea’s Nonghyup bank is targeted in a DDOS attack that was later traced to North Korea and linked with previous attacks.
2011年8月 - 韩国警方指控从网游偷左右的奖金$ 600万朝鲜黑客圈。
November 2011 - A hacker attempts to hack the email system of Korea University’s Graduate School of Information Security in an action later blamed on North Korea.
June 2012 - Conservative South Korean newspaper Joong Ang Ilbo is hit by a cyberattack that succeeded in destroying databases. A week earlier, North Korea had threatened the newspaper over its coverage of the country.
2013年3月 - 发生重大网络攻击,后来归咎于朝鲜,瘫痪几个韩国各大电视广播公司的网络。银行ATM网络也打在攻击,试图消灭计算机的硬盘驱动器。第二次攻击推动政府网站的DNS服务器脱机几个小时。大约在同一时间,朝鲜与全球互联网连接中断36小时。
March 2013 - Responding to the attacks, the hacking group Anonymous targets North Korean websites. It succeeds in breaking into a major North Korean news portal and publishes the names and account details of thousands of subscribers.
June 2013 - Hackers post names, social security numbers and other personal information of thousands of U.S. armed forces members stationed in South Korea online.
2013年6月 - 韩国政府的DNS服务器被DDOS攻击的目标。相似之处在于,它链接到三月的攻击代码中发现的。
December 2013 - South Korean police say North Korean agents are behind a spear-fishing attack on the computer of a prominent defector.
November 2014 - South Korea’s spy agency said North Korean hackers had planted malware in around 20,000 smartphones.