Top South Korean cybersecurity experts don’t expect Donald Trump’s diplomacy to slow down North Korean cyberattacks.
Speaking through interpreters at a Brookings Institution event Thursday, two of South Korea’s leading cybersecurity experts said that they’re no longer able to cope with the sheer volume of attacks emanating from the North.
In the past decade, every well-known South Korean organization has been hacked or targeted by North Korea, noted SangMyung Choi, chief of South Korea’s Computer Emergency Response Team.
At the Washington, D.C., event, Choi showed off a slide deck that warned “there is no place that is not hacked” and “we are in the real cyberwarfare.”
“A lot of these attacks have not been [revealed] to the South Korean public, but today I confess to you that it’s been very prevalent,” Choi said. Since May 2018, he revealed, North Korean-backed hackers have launched spearphishing and watering hole attacks in forged documents related to the April inter-Korean and June U.S.-North Korea summits.
After the North-South summit in April, “I thought that perhaps the cyberattacks would come to a stop,” Choi said. “But they never actually did.”
Choi traced the trajectory of the North’s hacking army, from the fledgling days of its creation and cultivation under Kim Jong-il in the early 2000s to its current state, boasting teams worldwide.
In the past few years, Choi said, Pyongyang has netted significant espionage victories through various digital operations. For example, in 2017, hackers breached the South Korean defense ministry’s computer network and discovered joint U.S.-South Korean war plans.
Choi, along with other panelists, explained that North Korea’s lucrative involvement in state-administered cybercrime, which ranges from bank heists to cryptocurrency theft, would keep it from totally abandoning the practice.
Chris Painter, an Obama-era cyber diplomat, said he wasn’t surprised that hacking didn’t come up in Singapore, and that he too expected North Korean cyberattacks to continue. “I think it is too much of a capability they have to abandon,” he told CyberScoop.
North Korea’s brazen hacking on the world stage qualifies it as a rogue nation, said Jong-in Lim, a South Korean cybersecurity expert and former special advisor to the president. The South, which bears the brunt of the attacks, can’t keep up, Lim said. After each wave, the “government did create reactive policies. But they were not effective in halting North Korean advances.”
The South must improve its organization, information-sharing, and responses to adequately contain, deter, and deflect North Korea in cyberspace, Lim told the audience. And for a genuine, lasting peace treaty on the Korean Peninsula, the North Koreans must assent to drawing down their offensive cyber operations, Lim and Choi claimed.
For now, Pyongyang has an incentive to keep up the offensive.
“We really don’t have enough firepower to counteract or provide penalties for these attackers,” Lim said.