 The Global Cyber Threat Environment, Module 15, North Korean Cyber Intelligence. Objectives. Once you have completed the readings, lecture, activity, and assessment, you will be able to describe the relevance of North Korea's Reconnaissance General Bureau. Welcome to the Global Cyber Threat Environment, Module 15. Of the four U.S. adversaries discussed in this course, North Korea likely possesses the least cyber capability, although it has wreaked havoc on several U.S. corporations, such as Sony Pictures. Like Russia, China, and Iran, North Korea employs cyber capabilities to gain asymmetric advantage over the United States. Unlike these countries, however, North Korea also leverages cyber capabilities to gain respect from the international community, from which it has been largely marginalized. In this lecture, we highlight a few of the North Korean intelligence organizations responsible for the country's cyber operations. When studying any North Korean organization, we must first remember that the North Korean government is totalitarian in nature. Although the country has a constitution outlining the leadership role of its single party, the Workers' Party of Korea, the document makes clear that the country's supreme leader is head of both the party and the state. The supreme leader's duties allow him complete control of the affairs of the state. Including appointment and removal of government officials and command of the North Korean military. In addition, the supreme leader's loyalists consider him an earthbound deity, demanding complete allegiance from his people in exchange for protection from the outside world. Such deification is one reason that the current leader, Kim Jong-un, would direct his cyber forces to attack Sony Pictures upon the release of the unflattering movie, The Interview. Allowing the country's citizens to see him in a negative light could threaten his legitimacy and rule. North Korea has a number of active cyber forces at its disposal, though no one knows for sure what the country's actual number of cyber personnel is. The South Korean government has estimated approximately 6,800 North Korean cyber personnel. Until about a decade ago, those with cyber warfare expertise were spread through several governmental organizations. However, in 2009, in an effort to improve efficiencies and gain a greater unity of effort, it is believed that these personnel were consolidated into the reconnaissance general bureau, or RGB. The RGB is considered the most important intelligence organization in North Korea, responsible, among other things, for conducting both illegal and clandestine activities outside the country. In fact, elements of the RGB are believed to be responsible for carrying out the 2017 assassination of Kim Jong-un's brother in Malaysia. The U.S.-based Center for Strategic and International Studies has pointed out that the RGB can best be thought of as a hybrid organization using many elements of statecraft, including cyber operations, intelligence, illicit trade and economic activities, commando operations, and other activities related to irregular warfare. The RGB is assessed to comprise seven separate bureaus. The first six bureaus are operations, reconnaissance, foreign intelligence, inter-Korean dialogue, technical and rear services. Though difficult to verify, it is believed that most of the country's cyber capabilities are organized within the RGB's seventh bureau, Bureau 121. Bureau 121 is considered North Korea's most important cyber organization. South Korean open-source media have reported that Bureau 121 is directly overseen by Kim Jong-un, although that has not been independently verified. In addition to hacking operations, Bureau 121 is likely responsible for developing asymmetric means to disrupt U.S. and South Korean command and control and logistics operations should hostilities break out on the Korean Peninsula. North Korea also has cyber capabilities under the command of its general staff department, or GSD, which is responsible for military operational planning. GSD-controlled cyber operations encompass such missions as electronic warfare and psychological operations, and they are thought to be closely coordinated with operations planned by the reconnaissance general bureau. The GSD also includes a series of subordinate bureaus, including the command automation bureau. The command automation bureau is reportedly responsible for conducting offensive computer network operations, such as developing specialized malware and scanning the networks of foreign adversaries for subsequent exploitation. The command automation bureau reportedly includes three subordinate units with specific missions, one of which, according to a 2009 open-source report, comprises about 60 officers. A third North Korean cyber operations organization is the Korean Computer Center, or KCC. The KCC, established in 1990, is much older than the other organizations just noted, and although its mission has apparently changed through the years, it is believed to be responsible for hardware and software research and development. Additionally, the KCC is known to have elements in various North Korean universities where it recruits and trains students with an aptitude for working with information technology. The KCC is estimated to comprise about 850 personnel, 50 of whom are thought to hold PhDs. Although limited by Western standards, North Korea's cyber capabilities continue to advance rapidly. Strangled by international economic sanctions, North Korean hackers have proven adept at breaking into international banking systems to illegally procure funds. In fact, a well-publicized hack of a Bangladeshi bank resulted in the theft of more than $10 million dollars, is believed to be the work of North Korea based on remnants of code found on several servers. Such successes combined with North Korea's propensity to use digital currency like Bitcoin to hide international financial transactions will only serve to encourage the country to further advance its arsenal of cyber weapons. Question 1. True or false. Bureau 121 of North Korea's Reconnaissance General Bureau is believed to be responsible for housing the preponderance of the country's cyber capabilities. A. True. B. False. The answer is A. True. Question 2. True or false. Stringent international economic sanctions have motivated North Korea to develop cyber weapons specifically for stealing money from international financial institutions. A. True. B. False. The answer is A. True. A. True. Activity. Imagine you are a U.S. offensive cyber warfare strategist looking to access North Korean computer systems. How would you do it? Given the difficulty in gaining access to computer systems in North Korea, you might best infiltrate North Korean systems located in another country. Research which countries have a North Korean diplomatic presence, including embassies and consulates. Which of these countries is the best location to target North Korean systems? Put on your amateur spy hat and consider how you introduce malware into a North Korean system in a third country. Would you bribe cleaning personnel or other third country nationals who have access to North Korean personnel or systems working in the embassy or consulate? Be as creative as you can and develop at least two options.