NZ Herald
  • Home
  • Latest news
  • Video
  • New Zealand
  • Sport
  • World
  • Business
  • Entertainment
  • Podcasts
  • Quizzes
  • Opinion
  • Lifestyle
  • Travel
  • Viva
  • Weather forecasts

Subscriptions

  • Herald Premium
  • Viva Premium
  • The Listener
  • BusinessDesk

Sections

  • Latest news
  • New Zealand
    • All New Zealand
    • Crime
    • Politics
    • Education
    • Open Justice
    • Scam Update
  • Budget 2025
  • On The Up
  • World
    • All World
    • Australia
    • Asia
    • UK
    • United States
    • Middle East
    • Europe
    • Pacific
  • Business
    • All Business
    • MarketsSharesCurrencyCommoditiesStock TakesCrypto
    • Markets with Madison
    • Media Insider
    • Business analysis
    • Personal financeKiwiSaverInterest ratesTaxInvestment
    • EconomyInflationGDPOfficial cash rateEmployment
    • Small business
    • Business reportsMood of the BoardroomProject AucklandSustainable business and financeCapital markets reportAgribusiness reportInfrastructure reportDynamic business
    • Deloitte Top 200 Awards
    • CompaniesAged CareAgribusinessAirlinesBanking and financeConstructionEnergyFreight and logisticsHealthcareManufacturingMedia and MarketingRetailTelecommunicationsTourism
  • Opinion
    • All Opinion
    • Analysis
    • Editorials
    • Business analysis
    • Premium opinion
    • Letters to the editor
  • Sport
    • All Sport
    • OlympicsParalympics
    • RugbySuper RugbyNPCAll BlacksBlack FernsRugby sevensSchool rugby
    • CricketBlack CapsWhite Ferns
    • Racing
    • NetballSilver Ferns
    • LeagueWarriorsNRL
    • FootballWellington PhoenixAuckland FCAll WhitesFootball FernsEnglish Premier League
    • GolfNZ Open
    • MotorsportFormula 1
    • Boxing
    • UFC
    • BasketballNBABreakersTall BlacksTall Ferns
    • Tennis
    • Cycling
    • Athletics
    • SailingAmerica's CupSailGP
    • Rowing
  • Lifestyle
    • All Lifestyle
    • Viva - Food, fashion & beauty
    • Society Insider
    • Royals
    • Sex & relationships
    • Food & drinkRecipesRecipe collectionsRestaurant reviewsRestaurant bookings
    • Health & wellbeing
    • Fashion & beauty
    • Pets & animals
    • The Selection - Shop the trendsShop fashionShop beautyShop entertainmentShop giftsShop home & living
    • Milford's Investing Place
  • Entertainment
    • All Entertainment
    • TV
    • MoviesMovie reviews
    • MusicMusic reviews
    • BooksBook reviews
    • Culture
    • ReviewsBook reviewsMovie reviewsMusic reviewsRestaurant reviews
  • Travel
    • All Travel
    • News
    • New ZealandNorthlandAucklandWellingtonCanterburyOtago / QueenstownNelson-TasmanBest NZ beaches
    • International travelAustraliaPacific IslandsEuropeUKUSAAfricaAsia
    • Rail holidays
    • Cruise holidays
    • Ski holidays
    • Luxury travel
    • Adventure travel
  • Kāhu Māori news
  • Environment
    • All Environment
    • Our Green Future
  • Talanoa Pacific news
  • Property
    • All Property
    • Property Insider
    • Interest rates tracker
    • Residential property listings
    • Commercial property listings
  • Health
  • Technology
    • All Technology
    • AI
    • Social media
  • Rural
    • All Rural
    • Dairy farming
    • Sheep & beef farming
    • Horticulture
    • Animal health
    • Rural business
    • Rural life
    • Rural technology
    • Opinion
    • Audio & podcasts
  • Weather forecasts
    • All Weather forecasts
    • Kaitaia
    • Whangārei
    • Dargaville
    • Auckland
    • Thames
    • Tauranga
    • Hamilton
    • Whakatāne
    • Rotorua
    • Tokoroa
    • Te Kuiti
    • Taumaranui
    • Taupō
    • Gisborne
    • New Plymouth
    • Napier
    • Hastings
    • Dannevirke
    • Whanganui
    • Palmerston North
    • Levin
    • Paraparaumu
    • Masterton
    • Wellington
    • Motueka
    • Nelson
    • Blenheim
    • Westport
    • Reefton
    • Kaikōura
    • Greymouth
    • Hokitika
    • Christchurch
    • Ashburton
    • Timaru
    • Wānaka
    • Oamaru
    • Queenstown
    • Dunedin
    • Gore
    • Invercargill
  • Meet the journalists
  • Promotions & competitions
  • OneRoof property listings
  • Driven car news

Puzzles & Quizzes

  • Puzzles
    • All Puzzles
    • Sudoku
    • Code Cracker
    • Crosswords
    • Cryptic crossword
    • Wordsearch
  • Quizzes
    • All Quizzes
    • Morning quiz
    • Afternoon quiz
    • Sports quiz

Regions

  • Northland
    • All Northland
    • Far North
    • Kaitaia
    • Kerikeri
    • Kaikohe
    • Bay of Islands
    • Whangarei
    • Dargaville
    • Kaipara
    • Mangawhai
  • Auckland
  • Waikato
    • All Waikato
    • Hamilton
    • Coromandel & Hauraki
    • Matamata & Piako
    • Cambridge
    • Te Awamutu
    • Tokoroa & South Waikato
    • Taupō & Tūrangi
  • Bay of Plenty
    • All Bay of Plenty
    • Katikati
    • Tauranga
    • Mount Maunganui
    • Pāpāmoa
    • Te Puke
    • Whakatāne
  • Rotorua
  • Hawke's Bay
    • All Hawke's Bay
    • Napier
    • Hastings
    • Havelock North
    • Central Hawke's Bay
    • Wairoa
  • Taranaki
    • All Taranaki
    • Stratford
    • New Plymouth
    • Hāwera
  • Manawatū - Whanganui
    • All Manawatū - Whanganui
    • Whanganui
    • Palmerston North
    • Manawatū
    • Tararua
    • Horowhenua
  • Wellington
    • All Wellington
    • Kapiti
    • Wairarapa
    • Upper Hutt
    • Lower Hutt
  • Nelson & Tasman
    • All Nelson & Tasman
    • Motueka
    • Nelson
    • Tasman
  • Marlborough
  • West Coast
  • Canterbury
    • All Canterbury
    • Kaikōura
    • Christchurch
    • Ashburton
    • Timaru
  • Otago
    • All Otago
    • Oamaru
    • Dunedin
    • Balclutha
    • Alexandra
    • Queenstown
    • Wanaka
  • Southland
    • All Southland
    • Invercargill
    • Gore
    • Stewart Island
  • Gisborne

Media

  • Video
    • All Video
    • NZ news video
    • Business news video
    • Politics news video
    • Sport video
    • World news video
    • Lifestyle video
    • Entertainment video
    • Travel video
    • Markets with Madison
    • Kea Kids news
  • Podcasts
    • All Podcasts
    • The Front Page
    • On the Tiles
    • Ask me Anything
    • The Little Things
    • Cooking the Books
  • Cartoons
  • Photo galleries
  • Today's Paper - E-editions
  • Photo sales
  • Classifieds

NZME Network

  • Advertise with NZME
  • OneRoof
  • Driven Car Guide
  • BusinessDesk
  • Newstalk ZB
  • What the Actual
  • Sunlive
  • ZM
  • The Hits
  • Coast
  • Radio Hauraki
  • The Alternative Commentary Collective
  • Gold
  • Flava
  • iHeart Radio
  • Hokonui
  • Radio Wanaka
  • iHeartCountry New Zealand
  • Restaurant Hub
  • NZME Events

SubscribeSign In
Advertisement
Advertise with NZME.
Home / Business

Big read: North Korea is barely wired, so how did it become a global hacking power?

Other
31 Jan, 2018 09:11 PM9 mins to read

Subscribe to listen

Access to Herald Premium articles require a Premium subscription. Subscribe now to listen.
Already a subscriber?  Sign in here

Listening to articles is free for open-access content—explore other articles or learn more about text-to-speech.
‌
Save

    Share this article

An attendee takes a photo of a visualisation of global internet attacks during the 4th China Internet Security Conference (ISC) in Beijing. Photo / AP
An attendee takes a photo of a visualisation of global internet attacks during the 4th China Internet Security Conference (ISC) in Beijing. Photo / AP

An attendee takes a photo of a visualisation of global internet attacks during the 4th China Internet Security Conference (ISC) in Beijing. Photo / AP

North Korea is one of the least wired nations on Earth. It has two internet connections to the outside world, one that crosses the Yalu River into China, and the other plugs into Russia's Far East.

Even with that, its internet traffic is scant.

"It's infinitesimally small for a country," said Doug Madory, director of analysis for the Oracle Internet Intelligence team, comparing the traffic to "a small corporate office."

So an enigma of modern times is how North Korea has become a global hacking power, one that is destructive, intrusive, larcenous and surprisingly muscular. Its rise might be akin to a singer with little musical talent grabbing a Grammy. Or a blind basketball player routinely swishing three-pointers.

Even after North Korean hackers penetrated Sony Pictures Entertainment in 2014, they still got only grudging respect. In that attack on the film studio, North Korea sought to prevent the release of The Interview, a Seth Rogen satire that depicts a plot to kill North Korea's supreme leader, Kim Jong-un.

Advertisement
Advertise with NZME.
Advertisement
Advertise with NZME.

Since then, North Korean hackers have chalked up one brazen attack after another, underscoring their rise as a cyber force.

In early 2016, they plundered US$81 million ($109m) from the central bank of Bangladesh. They've besieged neighbouring South Korea with attacks. They've hit targets in Vietnam, Poland and Mexico. They've looted bitcoin exchanges.

In May 2017, hackers unleashed the WannaCry attack that took down computers in 150 countries, using a cybertool that a top US intelligence agency lost. More recently, hackers sought to intrude in the systems of US electric utilities last September, and just last week Ontario accused North Korea of trying to hack a rail system around Toronto.

Advertisement
Advertise with NZME.

"They are more effective than we give them credit for," said Priscilla Moriuchi, a former National Security Agency expert on cyber threats in East Asia who now is director of strategic threat development at Recorded Future, a cyber intelligence business.

Other experts also warn against underestimating North Korean hackers.

"I do think there's a general inclination to dismiss them. I think that's to our detriment," said Ross Rustici, senior director for intelligence research at Cybereason, a Boston cybersecurity company.

"The people who follow them in the security industry have a lot of respect for what they've been able to pull off."

Discover more

World

Final warnings: US on verge of war with N Korea

09 Jan 10:40 PM
World

'Spasm of a lunatic': Kim Jong Un on Donald Trump tweet

16 Jan 06:29 PM
World

Kim Jong-un 'squandering inheritance' on missile tests

30 Jan 01:27 AM
World

Murder mystery of Kim Jong-un's half brother deepens

30 Jan 05:36 AM
A customer in South Korea walks by the notice that reads: "Due to ransomware affection, we are unable to screen advertisement." The US has accused North Korean hackers of being behind the WannaCry attack. Photo / AP
A customer in South Korea walks by the notice that reads: "Due to ransomware affection, we are unable to screen advertisement." The US has accused North Korean hackers of being behind the WannaCry attack. Photo / AP

Part of the problem is that it is nearly reflexive to shrug off a nation so isolated that it is known as the Hermit Kingdom, and so ill-lit that satellite images show a black patch at night.

"It's like if the (Cleveland) Browns win the game, it's because the other team screwed up rather than the Browns were actually good," Rustici said. He added that North Koreans "have proven time and again that they are very, very capable."

The story of how North Korea gained cyber mastery may begin at a high-rise hotel in Shenyang, China, and then meander to surprising locations in Africa, South Asia and other areas where North Korean hackers are thought to be operating, researchers say.

Unlike the freewheeling culture of Silicon Valley, where individuality is celebrated, North Korean hackers are forged by an all-seeing Leninist state, one piece of code at a time, experts say.

"They were able to develop what I would call a cyber training pipeline. It's a very, kind of, Soviet system. They would identify kids with promise in math, or science and technology in middle school, send them to one or two particular middle schools, that filter into one or two universities," Moriuchi said.

The next ransomware attack will likely be worse than WannaCry warns security tech and author

Advertisement
Advertise with NZME.

Moriuchi and other analysts believe Pyongyang's Kim Il-sung University and Kim Chaek University of Technology cranked out hackers. Most students went on to a cyber operations unit, known as Bureau 121, in the Reconnaissance General Bureau, analysts said.

Initially, the most promising hackers were sent overseas, specifically to Shenyang, the largest city in northeast China and a one-hour bullet train ride from the North Korean border.

It was there, ensconced at the Chilbosan Hotel, a facility that is North Korea's largest overseas investment, where early hackers hone their skills. Shenyang has always been a hub of North Korean illicit activity, including trafficking in counterfeit products.

Over the years, the best hackers would fan out to other countries where North Koreans were permitted to live, Moriuchi said, sometimes associated with legitimate businesses like restaurants but also engaged in other activities.

Seven countries known to have a physical presence of North Koreans, in addition to China, are India, Indonesia, Kenya, Malaysia, Mozambique, Nepal, and New Zealand. It is in those countries, perhaps behind legitimate businesses, that hackers may be operating.

Today, North Korea is believed to have "between 3,000 and 6,000 hackers trained in cyber operations," says a report by the Congressional Research Service, titled North Korean Cyber Capabilities, dated on August 3.

Advertisement
Advertise with NZME.

Many of them are believed to be overseas. Successive US administrations have sought to pressure allies to end trade and diplomatic relations with Pyongyang.

North Korean leader Kim Jong-un. Photo / AP
North Korean leader Kim Jong-un. Photo / AP

"Another element of that pitch should be: Don't let them (resident North Koreans) work in IT. Don't let them learn computer science," said Anthony Ruggiero, a senior fellow at the Foundation For Defence of Democracies, a Washington think tank focused on national security.

One characteristic of North Korean hackers is an ability to design their own hacking tools, often modular in nature, and to comb the internet for any discovery of exploits that they can plug into their own malware.

"We've seen them using some unique malware, home-grown stuff that we haven't seen used in any other attack," said Mark Nunnikhoven, vice-president of cloud research at Trend Micro, a cybersecurity firm with headquarters in Tokyo.

"They continue to show a high level of acumen," Nunnikhoven said.

Another researcher, Paul Rascagneres, of Cisco Talos, spoke highly of North Korean tradecraft: "They have the capability to perform espionage and destruction campaigns. They are able to create a really convincing decoy document."

Advertisement
Advertise with NZME.

A wake-up call came in February 2016, when news emerged of attacks on banks in Bangladesh and Southeast Asia that reaped a windfall and may have helped Pyongyang withstand economic sanctions imposed to curb its nuclear and ballistic missile programme.

The hackers surveilled the global banking system and mastered the arcane global messaging service known as SWIFT (Society for Worldwide Interbank Financial Telecommunication), which is used by 11,000 banks and companies and is the backbone of global money transfers, the congressional report says.

North Korean hackers spoofed requests from the Bangladesh central bank to the Federal Reserve Bank of New York to transfer money to accounts in the Philippines, ordering some US$1 billion to be transferred. The New York bank rejected most of the requests, but US$81m got through and vanished.

At the same time, the hackers peppered banks in other countries, including Poland, Vietnam and Mexico, with SWIFT demands for transfers.

"Some of the SWIFT incidents required very complex technical schemes," said John Hultquist, leader of the intelligence team at FireEye iSIGHT, a threat analysis company.

As North Korea suffered under sanctions, its cyber units branched out toward what Hultquist called "smash-and-grab theft" to raise cash, including schemes to hack automatic teller machines, mostly in South Korea, and defraud cryptocurrency exchanges in London and Seoul.

Advertisement
Advertise with NZME.

Bitcoin exchanges have been hit repeatedly, beginning with the theft of US$7m in cryptocurrency from Bithumb in Seoul in February.

Since then, hackers have stolen 7,000 bitcoin from Youbit, another South Korean exchange, then hit it again in December. In September, hackers stole an undisclosed amount from Coinis, and attempted thefts from another 10 exchanges in October.

North Korea has launched cyberattacks against bitcoin exchanges in South Korea. Photo / AP
North Korea has launched cyberattacks against bitcoin exchanges in South Korea. Photo / AP

Moriuchi, the forensic researcher, said she observed a bitcoin later getting spent.

"I was able to see one instance of someone, some North Korean leader, purchasing something with bitcoin, an actual good or service. I couldn't see what that was," Moriuchi said.

It was in May last year that North Korea displayed its use of cyber for destruction – a brazen display of cyber strength that caused a measure of global disorder.

Barely six week earlier, the top-secret National Security Agency suffered a major embarrassment when a hacking group calling itself The Shadow Brokers released what appeared to be a toolkit of NSA offensive cyber weapons, including one called EternalBlue.

Advertisement
Advertise with NZME.

North Korean hackers are suspected of taking that sophisticated, self-propagating tool and embedding it in a ransomware strain called WannaCry, unleashing it on the world on May 12, 2017. Some 300,000 computers around the world saw their hard drives lock up.

In a statement of blame, White House homeland security adviser Thomas Bossert wrote in a December 18 Wall Street Journal column that, "The attack was widespread and cost billions, and North Korea is directly responsible."

The attacks in 2017 left researchers reassessing North Korea's level of cyber threat.

The Trump administration threatens a more vigorous response against foreign hackers.

White House cyber coordinator Rob Joyce said on Monday that the US posture against hackers from other countries may increasingly be "shooting the archer rather than duck the arrows and block the arrows as they arrive at you."

But North Korea is a difficult target. A cyberattack in retaliation would do little damage since the nation is largely unplugged. Other forms of retaliation will have to be devised.

Advertisement
Advertise with NZME.

Hultquist said the campaign to contain North Korean hackers might be compared to the difficulty of US forces in Iraq in contending with roadside bombs, known as improvised explosive devices, or IEDs, triggered to explode near passing convoys.

The IEDs of the Middle East, he said, "allowed adversaries to do a lot of damage with very little investment."

- AP

Save

    Share this article

Latest from Business

Crime

Company directors turned inmates: How two Australians duped Spark with $20m in contracts

20 May 02:21 AM
New Zealand

NZ's red meat renaissance - Rabobank

20 May 02:14 AM
Premium
Property

Rich-lister wants to demolish iconic Auckland boatshed

19 May 10:30 PM

Deposit scheme reduces risk, boosts trust – General Finance

sponsored
Advertisement
Advertise with NZME.
Recommended for you
Man of the Year, duct tape and denim - Lorde teases favourite song from new album
Entertainment

Man of the Year, duct tape and denim - Lorde teases favourite song from new album

20 May 02:27 AM
Watch: Question Time ahead of MPs debate on Te Pāti Māori haka punishment
Politics

Watch: Question Time ahead of MPs debate on Te Pāti Māori haka punishment

20 May 02:21 AM
Company directors turned inmates: How two Australians duped Spark with $20m in contracts
Crime

Company directors turned inmates: How two Australians duped Spark with $20m in contracts

20 May 02:21 AM
'It's just shock': Woman, 29, suffers stroke mid-air headed to dream holiday
New Zealand

'It's just shock': Woman, 29, suffers stroke mid-air headed to dream holiday

20 May 02:17 AM
NZ's red meat renaissance - Rabobank
The Country

NZ's red meat renaissance - Rabobank

20 May 02:14 AM

Latest from Business

Company directors turned inmates: How two Australians duped Spark with $20m in contracts

Company directors turned inmates: How two Australians duped Spark with $20m in contracts

20 May 02:21 AM

Corrupt company directors Sean Bryan and Mark Lester are both headed to prison.

NZ's red meat renaissance - Rabobank

NZ's red meat renaissance - Rabobank

20 May 02:14 AM
Premium
Rich-lister wants to demolish iconic Auckland boatshed

Rich-lister wants to demolish iconic Auckland boatshed

19 May 10:30 PM
NZ's new cheapest petrol station revealed

NZ's new cheapest petrol station revealed

19 May 10:04 PM
Gold demand soars amid global turmoil
sponsored

Gold demand soars amid global turmoil

NZ Herald
  • About NZ Herald
  • Meet the journalists
  • Newsletters
  • Classifieds
  • Help & support
  • Contact us
  • House rules
  • Privacy Policy
  • Terms of use
  • Competition terms & conditions
  • Our use of AI
Subscriber Services
  • NZ Herald e-editions
  • Daily puzzles & quizzes
  • Manage your digital subscription
  • Manage your print subscription
  • Subscribe to the NZ Herald newspaper
  • Subscribe to Herald Premium
  • Gift a subscription
  • Subscriber FAQs
  • Subscription terms & conditions
  • Promotions and subscriber benefits
NZME Network
  • The New Zealand Herald
  • The Northland Age
  • The Northern Advocate
  • Waikato Herald
  • Bay of Plenty Times
  • Rotorua Daily Post
  • Hawke's Bay Today
  • Whanganui Chronicle
  • Viva
  • NZ Listener
  • What the Actual
  • Newstalk ZB
  • BusinessDesk
  • OneRoof
  • Driven CarGuide
  • iHeart Radio
  • Restaurant Hub
NZME
  • About NZME
  • NZME careers
  • Advertise with NZME
  • Digital self-service advertising
  • Book your classified ad
  • Photo sales
  • NZME Events
  • © Copyright 2025 NZME Publishing Limited
TOP
search by queryly Advanced Search