North Korea Escalates Cyber-Conflict Tensions

Robert Lemos covers cyber security for TechWeekEurope and eWeek

North Korea has reportedly stepped up its cyber activity as nation-state cyber warfare attacks increase worldwide

The Internet is increasingly being used for orchestrated cyber attacks by nation-states according to security experts.

Indeed, they report a massive surge in cyber-reconnaissance activity from North Korea, at the same time as that country ratcheted up its nuclear rhetoric,

North Korea

In February, attackers operating from North Korean Internet addresses probed US servers more than 1,000 times, up from the previous average of fewer than 200 probes per month, according to managed security firm Solutionary. In addition, a massive reconnaissance operation – consisting of another 11,000 probes from servers in North Korea – was directed at a single financial institution, wrote Jon Heimerl, Solutionary’s director of strategic security, in the brief analysis.

Cyber-warThe attacks seem to coincide with North Korea’s apparent nuclear test on 12 February, he said.

“There do appear to be several parallels between escalated verbal rhetoric and escalated cyber-attacks,” Heimerl wrote. “It is evident that, whether government influenced or not, that the dual path of aggression is a new way of facing the world, at least from North Korea.”

The Internet has increasingly become the medium for deniable nation-state activity. From China’s cyber-espionage to the United States’ and Israel’s alleged attack on Iran’s nuclear program using the Stuxnet worm, cyber conflict has become a staple of nations’ covert military intelligence and reconnaissance operations.

In February, for example, incident-response firm Mandiant released a report detailing the connections between an intelligence unit of China’s People’s Liberation Army and widespread attacks on US companies and interests. In a blog posted on 24 April, security firm Cyber Squared said that analysts using the firm’s Threat Connect forum had found that those attacks had continued unabated and defied prediction, by hardly changing their tactics.

“Many within the global security industry, both public and private sectors, speculated that the group’s tactics, tools and procedures (TTPs) would change drastically in response to the disclosure,” the firm stated in the post. “As of late April 2013, Chinese cyber espionage threat groups have clearly continued their activity … (and) in fact, there has been little change.”

American Response

The United States is currently considering a variety of options in response to Chinese unabashed hacking, including trade sanctions and other diplomatic pressure, the prosecution of Chinese nationals in US courts and striking back at the Chinese through cyber-space, according to officials cited in an 22 April article in the Wall Street Journal.

The US government has also signalled that cyber-operations have become a priority in the latest budget. The Obama administration plans to boost spending on cyber-security operations by $800 million (£517m) to $4.7 billion (£3bn), while cutting other Pentagon programs by nearly $4 billion (£2.6bn).

The attacks emanating from North Korean IP space favour financial services, but show only slight preferences among other industries. Many other attacks focused on education, manufacturing and business services, according to Solutionary’s data. The company expects that North Korea – and other nations with smaller military forces – to focus on Internet operations to achieve their national aims.

“Given the more hard-line government in North Korea, we expect escalations like this to continue, and to become even more evident in other conflicts around the globe,” Solutionary’s Heimerl wrote.

What do you know about Internet security? Find out with our quiz!

Originally published on eWeek.

Read also :