North Korea recruits hackers at school

A former hacker and a hacking tutor say North is bolstering cyberwarfare units to battle international IT powerhouses.

North Korea cyber warfare feature
A child becomes computer literate at primary school while North Korea’s most prodigious young students are identified and trained in advanced cyberwarfare techniques [GALLO/GETTY]

As South Korea blames North Korea for a recent slew of cyberattacks, two defectors share their experiences with Al Jazeera, shedding some light into the inner workings of the cyberwarfare programme in the communist country. 

Kim Heung-kwang, a trainer of “cyberwarriors”, and hacker Jang Se-yul also warn of the regime’s concentrated efforts to bolster its cyberwarfare capabilities.

The hackers’ professor

Kim Heung-kwang was a computer science professor in North Korea. Kim graduated from the Kim Chaek University of Technology in Pyongyang, where he majored in data processing. He pursued graduate studies at Hamhung Computer College where he studied operating systems, hardware technology and network theory – before going on to spend 19 years teaching students-turned-recruits for the North Korean regime’s cyberwarfare units at Hamheung Computer College and Hamheung Communist College.

Kim was also in charge of monitoring contraband South Korean television dramas and foreign books and managing other classified materials, until he was caught renting some of the seized loot to a friend. He escaped North Korea in 2003 via China, and since 2004 has settled in Seoul as the head of a defectors’ group named North Korea Intellectuals Solidarity.

It is difficult to tell that Kim is a defector, save for the momentary lapse in the way he speaks Korean: when it switches from the softer roll of the South Korean accent to the more rigid, structured North Korean manner of speech.

Speaking via Skype, Kim told Al Jazeera that, as of last year, North Korea has procured more than 3,000 hackers serving in the North and abroad in China, Russia and elsewhere.

“There is a pyramid-like prodigy recruiting system, where smart kids … are picked up”

Kim Heung-kwang

Kim said students who graduate at the top of their class in several selected primary schools all over the country and show excellence in science and mathematics are selected to be enrolled in the elite Keumseong 1 and 2 High-Middle Schools in Pyongyang. The North Korean education system groups middle and high schools together into a six-year program.

“There is a pyramid-like prodigy recruiting system, where smart kids from all over the country – students who are good at math, coding and possess top analytical skills – are picked up to be grouped at Keumseong,” he said. 

“When they graduate [from Keumseong], they are sent to attend North Korea’s top technology institutes and universities, such as the Kim Il Sung University, Kim Chaek University of Technology, and various others in Pyongyang or Hamheung, [a city near the country’s eastern coast].”

Following an expedited two-year programme at university, students are sent to China or Russia for about one year to solidify their knowledge of hacking and and other technical skills. After the overseas training, they are placed in various warfare units to serve as “cyberwarriors”, Kim said.

Unit 121, which is located in Pyongyang’s Moonshin-dong area near the Taedong river, was raised in status late last year as a “department” under the Reconnaissance General Bureau, North Korea’s top intelligence agency, he said.

This move coupled a boost in “cybertroop” numbers from 500 to about 3,000, Kim said.

These “cyberwarriors” are provided with the best environment, and if they graduate with top grades, their parents in the provinces are given the opportunity to live in Pyongyang, Kim said, citing verified information from his former students who are still operating as hackers in the North.

The Kim Jong-il regime also guarantees housing in Pyongyang for married hackers, as well as food subsidies and a significant stipend during overseas deployments, he said.

“The residences are communal, but by North Korean standards, are a great place to live,” said Kim Heung-kwang – adding that living in the capital is a great privilege on its own.

“If they save up enough of the stipends they receive abroad, they can live very well when they return to the North,” Kim said.

These hackers have full access to the internet which gives them unfettered information about the world outside of North Korea, but Kim believes most to be not tempted to defect.

“These kids have the confidence of the [ruling Worker’s] Party and have a certain standard of living guaranteed, not to mention a chance to live and travel abroad. This kind of pride, being part of the elite, is nothing to sneeze about,” he said.

“They also don’t have any certainties that life away from the North will be any better than what they already have.”

“Grooming prodigies … is considerably cheaper than buying new weapons or fighter jets”

Kim Heung-kwang

The 62-year-old defector listed five reasons for North Korea’s growing interest in cyber warfare:

“First, cybermilitary strength is cost effective. With the North’s deteriorating economic situation, it cannot compete with South Korea or the US in building conventional military army, naval or air forces.

“Grooming prodigies, deploying them, setting up internet, buying programmes, and providing conditions for them to operate in China or another third country is considerably cheaper than buying new weapons or fighter jets which cost hundreds of millions of dollars,” Kim said.

“Second, North Korea is extremely confident of its software development capabilities, as cracking passwords within a secured system and finding patches within networks are all based on mathematical capabilities.

“Third, cyberstrength provides higher utility than any other naval, air, or army force. A state may possess tens of thousands of foot soldiers or hundreds of jets – but rarely would be able to use them, “especially in this day and age”.

“But cybermanpower – once you have that established you can steal any classifed information from enemy states, incapacitate their servers and cause social panic through psychological warfare. It’s high in utility in terms of creating different types of confusion and chaos – and that is cyberwarfare’s biggest merit,” said Kim.

“Fourth, cyber warfare is asymmetrically advantageous for the North. None of its servers are yet connected to the internet, which makes it immune to cyberattacks. But South Korea and other enemy countries, or any other country for that matter, will undergo major chaos if their computer system were to crash. For this very reason North Korea is fascinated with cyberwarfare.”

“Finally, North Korea has recognised the internet’s inherent weakness from its very inception in the mid-1990s. It realised that, as long as it maintained an attack network, it could easily hack into strategic targets with considerable speed. That’s why they were driven to aggressively engage China in military exchanges to quickly build up a cyberforce of 500 hackers.

“Cyberforce is structured around human capital, technology and systemisation of the two, and of these three elements North Korea has focused intensely on nurturing computer whizzes,” Kim said.

Earlier this month Network for North Korean Democracy and Human Rights (NKnet), a Seoul-based nonprofit organisation, stated that the Kim Jong Il regime was increasing the size of its cyber warfare unit six fold.

The ‘cybertroops’ are trained in the centre of North Korea’s capital before being sent to work around the world [Al Jazeera]

The automisation hack

Jang Se-yul served as a hacker in the North Korean army’s “automisation unit” where he computerised military operation strategies and gathered intelligence on enemy tactics. He defected in 2008 and now heads the North Korea People’s Liberation Front in Seoul, a group of more than 100 defectors – former members of the North’s military – who work to deliver news from the outside world into the totalitarian regime.

Jang graduated from Mirim University, one of North Korea’s top technology colleges, where he majored in command automisation.

Speaking via phone with Al Jazeera, Jang described the education he received at Mirim and his work in the military. Jang’s North Korean accent was stronger than that of Kim’s, attributable to the fact that the automisation hack had been in South Korea for a shorter period of time.

“We thought all of this was just for research. Only after I graduated from university and was placed in my unit did I understand why I was taught such skills”

Jang Se-yul

“When I was a student [at Mirim], professors from Russia’s Frunze Military Academy were brought in to teach. Back then, there were only one or two computers in the entire university. We didn’t get to actually use the computers much and mainly focused on learning how to write programmes and studied theories and fundamentals of computer science. By the time we graduated, none of us had any practical experience operating computers,” Jang said.

Computers began to be installed at various middle and high schools for the gifted in the 1990s and since then students came to Mirim having already had some practical experience with computers, he added.

As of 2007, the type of computers used at such schools and mid-tier universities was the Pentium 4. In special instances, specially manufactured computers were installed at prestigious institutions for higher education such as Mirim, the Amrokgang College of Military Engineering, the National Defence University and the Pyongyang Computer Technology University. But standards at all of the facilities fall completely behind what is offered in South Korea.

Mirim graduates were placed in cyberwarfare units to lead cyberattacks and to research and develop assault methods such as the Distributed Denial-of-Service attack, which cause the target computer to crash by overloading it with data, he said.

“[My classmates and I] thought all of this was just for research, not with aims to target and attack. Only after I graduated from university and was placed in my unit, did I understand why I was taught such skills. By that point many students from Mirim and other technology institutes and universities were already active abroad,” Jang said.

The Reconnaissance General Bureau then dispatch the hackers – operating undercover – to China, Russia and even Europe, posing as “programmers” keen to learn about developing new commercial programmes that could be sold to earn much-needed foreign currency for the impoverished nation, Jang said.

“[Kim Jong-il] is investing nationally to nurture the best of the best”

Jang Se-yul

“But their actual mission is to develop attack programmes to target their designated regions. For example, those sent to Europe are assigned to attack NATO countries,” he explained – without specifying the countries to which hackers were deployed.

“The most recent information I heard was that there are 600 hackers, two teams of 300, operating overseas. They rotate once every year or two and those who return to North Korea continue on as researchers. It’s difficult to know the exact level of their technological skills, but according to a source, Kim Jong-il [North Korea’s leader] is investing hefty sums of money to prepare for cyberwarfare at any cost.

“He is investing nationally to nurture the best of the best. Whenever a new programme is released, he makes sure to buy it for the hackers to be able to study it.”

Jang said cyberattacks are never carried out in North Korea because such assaults can be easily be traced to the few computer centres or universities that have internet access in the isolated country.

For North Koreans, hacking as a tool that allows the regime to achieve the ultimate goal: finalising its preparation for the ultimate war scenario – cyberwars – in modern warfare, he said.

There is a policy that an intranet will be fully established not just for the military but for the entire country by 2012, but Jang said the probabilities of that happening are not likely, as the wider World Wide Web is perceived to be highly dangerous.

“There is no way that they will let that happen.”

Follow Sangwon Yoon on Twitter: @sangwonyoon

Source: Al Jazeera