Return to

March 5, 2015
Notes from the Pentagon

Defector: North Korean hackers threaten west
A North Korean defector who once helped train Pyongyang’s military hackers warned this week that the totalitarian regime is a major cybersecurity threat to the United States and other nations.

Kim Heung-gwang, a former professor at North Korea’s Hamhung University of Computer Technology, a key training facility for the military, urged governments to do more to counter North Korean hacking.

North Korean hackers are targeting nuclear power plants, transportation networks, electrical utilities and all major government organizations abroad, he said.

“If all of this happens, North Korea is going to destroy the basic units of civil society, and we need to react strongly to prevent this,” Mr. Kim said, speaking through an interpreter. “Concerning North Korea’s cyberterrorism, only when the government is involved can this issue be solved.”

The defector said North Korea’s closest allies are Iran and Syria, fellow rogue states united in their opposition to the United States.

Mr. Kim was one of two North Korean escapees who spoke about their former lives in the Stalinist state during a meeting at Cheongshim University, about 30 miles northeast of Seoul. The meeting was part of a conference hosted by The Washington Times.

The second defector, Lee Na-kyung, fled North Korea in 2005 after her husband ran afoul of communist authorities for supplying rice to starving North Koreans during a famine in the early 2000s.

“More than 3 million people died of hunger,” Ms. Lee said, noting that her husband was charged with a crime after violating rules restricting the distribution of food.

The Lees were punished despite being part of the military-national security system. They escaped to China and eventually reached South Korea.

Mr. Kim, the computer technology professor, said a special group called Unit 121 is the North’s cyberwarfare organization. It is believed to have about 3,000 dedicated cyberwarfare specialists engaged in targeting and attacking foreign computer networks. Unit 121 is part of the Reconnaissance General Bureau, an intelligence and covert operations component of the Korean People’s Army, as the North Korean military is known.

The North Koreans do not need a large force for cyberwarfare. “All you need are a few really talented people, geniuses, and you can do a lot of damage,” Mr. Kim said.

The cyberattack in November against Sony Pictures Entertainment bore all the hallmarks of a North Korean operation, including similarities to cyberattacks against South Korean banks and news media outlets in 2013, the defector said.

“I saw a few signs and felt that it was North Korea,” Mr. Kim said.

The National Security Agency has identified North Korea as being behind the Sony hack. The hackers stole valuable proprietary information and destroyed computer hard drives of the movie company. Adm. Michael S. Rogers, director of the National Security Agency, said analysis of software code used in the Sony hack was traced to North Koreans, Reuters reported Feb. 19.

Mr. Kim said a special section within Unit 121 is devoted to cyberattacks against North American targets, including government and private-sector networks.

As to whether North Korea is sophisticated enough to conduct the Sony attack, Mr. Kim said, U.S. government network protection is strong but private corporations like Sony often fail to devote enough resources to counter digital attacks.

“When you have thousands of people working against the firewalls of Sony, then you can see that it is not so difficult to breach Sony’s security,” he said.

Mr. Kim, 56, said he was arrested on charges of possessing banned films and sent to work in fields for a year as punishment. He escaped North Korea by bribing a border guard and swimming across the Tumen River into China. He eventually was resettled in South Korea and now heads North Korea Intellectuals Solidarity, a group devoted to promoting freedom, democratization and human rights in North Korea.

White House National Security Adviser Susan E. Rice has developed a reputation among those who work with her for harshly criticizing people by using the “F bomb,” according to current and former U.S. officials familiar with two exchanges.

The first case involved a 2013 White House meeting between Ms. Rice and Gen. Keith Alexander, who was director of the National Security Agency, regarding NSA spying on foreign leaders including German Chancellor Angela Merkel.

According to one senior U.S. official, Ms. Rice opened the conversation with the four-star general, now retired, with: “Why the [expletive] are you listening to Angela Merkel’s phone calls?” The angry comment was prompted by disclosures of NSA spying on foreign leaders that were contained in pilfered documents obtained by fugitive NSA contractor Edward Snowden.

The normally reserved Gen. Alexander was said to have fired back: “Because you told us to.”

Gen. Alexander could not be reached for comment about the exchange. White House National Security Council spokeswoman Bernadette Meehan declined to comment.

Ms. Rice’s second official F-bomb exchange took place in September during a visit to the U.S. Embassy in Beijing during a meeting with officials of the embassy’s political affairs section. According to this account, the national security adviser sought out the political section officials for their expertise, rather than current Ambassador Max Baucus, a political appointee.

“What the f—k is happening in North Korea and what are you doing about it?” Ms. Rice was heard to say to the officials, who later expressed surprised at the profanity-laced opening.

The embassy officials’ response could not be learned, but a former official familiar with the exchange praised the work of the diplomats in dealing with the Chinese on North Korea.

A spokeswoman for the U.S. Embassy could not be reached for comment.

The Navy carried out two flights tests of the Trident II nuclear missile last month, weeks after China and North Korea conducted submarine-launched ballistic missile test firings.

The two Trident II D5 missiles were launched from a submerged Ohio-class missile submarine in the western Pacific on Feb. 22.

“A credible, effective nuclear deterrent is essential to our national security and the security of U.S. allies and friends,” Adm. Cecil D. Haney, commander of U.S. Strategic Command, said Monday in announcing the test.

“Strategic weapons tests such as these are a visible demonstration for assuring our allies and deterring our adversaries that our nation’s strategic triad is safe, secure and effective,” the four-star admiral said.

The missiles carried dummy warheads.

The Lockheed Martin-produced Trident II D5 is Stratcom’s most lethal and advanced submarine-launched nuclear missile that was first deployed in 1990. About half the total U.S. warhead arsenal is carried on D5s.

Each of the 24 D5s deployed on the 14 Ohio-class strategic missile submarines can carry up to 14 multiple, independently targetable re-entry vehicles. But the actual number of MIRVs is constrained by the 2010 New START arms treaty with the Russians that limits the total number of SLBM warheads to 1,152.

If all the Navy’s Ohio-class boomers were fully outfitted with multiple, independently targetable re-entry vehicles, the service would need a total 4,704 warheads. Current D5s are outfitted with a combination of W-88 and W-76 warheads.

The D5 has a range of 4,871 miles with a full warhead load and up to 7,021 miles with a reduced payload — enough range to hit targets throughout the world from U.S. submarines deployed to oceans and seas.

The two Trident test launches took place 30 days after China’s military conducted a flight test of a JL-2 SLBM, a strategic missile that U.S. intelligence agencies have said will be deployed on People’s Liberation Army nuclear missile submarines that are expected to conduct their first sea patrols sometime this year.

That same day, Jan. 23, North Korea conducted the first flight test of its first developmental SLBM, which the Pentagon has designated as the KN-11. The new North Korean SLMB has raised concerns within the U.S. intelligence community that Pyongyang is expanding its nuclear arsenal.

China is engaged in a major buildup of nuclear forces, and North Korea, which claims to have miniaturized a nuclear warhead for missiles, is expanding its missile forces as well.

In addition to the KN-11, Pyongyang has deployed six KN-08 road-mobile intercontinental ballistic missiles that are capable of hitting the United States.

  • Contact Bill Gertz on Twitter at @BillGertz.

  • Return to