Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

When It Comes To Cyberwarfare, North Korea Is No Newbie

Members of the Korea Internet Security Agency (KISA) check on cyberattacks Wednesday.
Jung Yeon-je
AFP/Getty Images
Members of the Korea Internet Security Agency (KISA) check on cyberattacks Wednesday.

Who or what caused a takedown of computer systems at banks and broadcasters in South Korea on Wednesday is still a matter of speculation, but suspicion immediately and unsurprisingly fell on Seoul's archenemy to the north.

If true, it wouldn't be the first time that North Korea, often regarded as technologically backward, has successfully wielded the computer as weapon.

Computer antivirus maker McAfee says Pyongyang was behind two major denial of service (DDos) attacks in recent years — one in 2011 that was directed at South Korean government and banking websites, and another in 2009 that brought down U.S. government Internet sites. Pyongyang has denied involvement in either attack.

(And, as recently as last week, North Korea has also blamed the South for similar attacks.)

"It's got to be a hacking attack," Lim Jong-in, dean of Korea University's Graduate School of Information Security, was quoted by The Associated Press as saying of Wednesday's computer problems. "Such simultaneous shutdowns cannot be caused by technical glitches."

As points out, Pyongyang has become something of a cyber-scapegoat in South Korea, leading to skepticism when companies point fingers northward for tech troubles. Even so, on Wednesday, the problems were "so wide-ranging ... that many feel, and fear, that the North is upping their game in the peninsula's cyberwar."

It might also seem a little too coincidental that Pyongyang threatened last year to attack several companies, including two that were hit by computer outages — broadcasters KBS and MBC.

Wednesday's attack, if indeed it was one, looks more sophisticated than a DDos attack, which as we've reported in the past, can be relatively simple to pull off.

An unnamed official from the state-run Korea Communications Commission, South Korea's telecom regulator, told the AP that in Wednesday's alleged attack, investigators speculate malicious code was spread from company servers that send automatic updates of security software and virus patches.

Korean broadcasters KBS and MBC said their computers went down at 2 p.m. "[and] ... were still down about seven hours after the shutdown began," the Associated Press reported, citing the Korea Communications Commission.

KBS employees said they watched helplessly as files stored on their computers began disappearing. According to the AP:

"Orchestrating the mass shutdown of the networks of major companies would have taken at least one to six months of planning and coordination, said Kwon Seok-chul, chief executive officer of Seoul-based cybersecurity firm Cuvepia Inc.

"Kwon, who analyzed personal computers at one of the three broadcasters shut down Wednesday, said he hasn't yet seen signs that the malware was distributed by North Korea.

" 'But hackers left indications in computer files that mean this could be the first of many attacks,' he said.

"Lim [Jong-in] said tracking the source of the outage would take months."

In March, U.S. Army Gen. James Thurman told the House Armed Services Committee that "North Korea employs sophisticated computer hackers trained to launch cyber infiltration and cyberattacks."

"Such attacks are ideal for North Korea" because they can be done anonymously, and they "have been increasingly employed against a variety of targets including military, governmental, educational and commercial institutions," Thurman said, according to Bloomberg. At that time, he didn't characterize North Korea's cyber capabilities as "significant."

A few months later, Lee Dong-hoon, a South Korean professor of information security, warned that North Korea's cyber capabilities were behind only those of the United States and Russia.

Seoul believes North Korea runs an Internet warfare unit aimed at hacking U.S. and South Korean government and military networks to gather information and disrupt service. And Daily NK, a website that tracks North Korea, says Pyongyang is believed to have been honing its capabilities since as far back as the mid-1980s.

According to Infosec Island, a cybersecurity blog, one attack in 2009 was instigated by the Reconnaissance General Bureau, a spy branch of the North Korean military. The bureau sold dozens of copies of infected computer games to someone in China who in turn resold the games in South Korea to operators of online games. The virus transformed users' machines into zombies for the purpose of launching DDos attacks against Seoul's Incheon International Airport.

Copyright 2021 NPR. To see more, visit

Scott Neuman is a reporter and editor, working mainly on breaking news for NPR's digital and radio platforms.