2017-10-06

Information Operation ongoing between US and North Korea

Briefly About the Operation

There is evidence that the US Cyber Command has denied the Internet access from North Korea for several weeks during September 2017. Simultaneously, US Treasury has been tightening the financial embargo around North Korea and tries to freeze their foreign assets and transactions. 

President Trump is acting as the “Bad Cop” in social media ("Military solutions are now fully in place, locked and loaded") while Secretary Tillerson is the “Good Cop” and seemingly has ongoing dialogue with North Korean authorities.

This operation is ongoing while North Korea is trying to create a credible threat of nuclear head (last nuclear test was done 3. September) on a ballistic missile (last launch 15. September) that can threaten US assets directly. The credible nuclear threat has been the goal for three generations of Kims to create leverage to both domestic and foreign policy. 

Some Notable Features Concerning the Operation until Today


  1. USCYBERCOM was suppressing the North Korean only Internet link (provided by China Unicom since 2010) with Denial of Service. The attack seems to have been effective since it lowered the activity of known North Korean hackers. This means that not all of them work abroad.
  2. The Denial of Service (DoS) was said to stop on Saturday, 30. September. On Sunday, 1. October, a new trunk connection appeared provided by Russian railway and telecommunications operator (TransTeleCom). The second link, coming from different Internet infrastructure entirely, makes it more difficult in future to disconnect North Korean’s from the Internet.
  3. Last year North Korea made several attacks targeting Financial systems like Swift. They succeeded to rob about $ 81 M from Bangladesh. The North Korean cyber strategy has seemingly been: 1. Steal sensitive information from other Governments and Industry (South Korean military intranet and governmental smartphones), 2. Create fear and insecurity by launching virus attacks (WannaCry), 3. Steal money to finance the government (Lazarus group attacked Banks for example in Bangladesh, Ecuador, Philippine, Vietnam).
  4. US sees their national electric grid vulnerable to advanced attacks like HAVEX or BlackEnergy. While the US executes the “cost imposition” strategy against Russian and Chinese actors, the same deterrence is not valid with Iran or North Korea. Thus, the US is trying to deny their capability to launch cyber-attacks. The denial is accomplished both by increasing the robustness of the information systems controlling the electric grid and exercising the capabilities in denying the access to the Internet or disabling the cyber arms available to these countries.

Used References:

  1. Karen DeYoung, Ellen Nakashima and Emily Rauhala (September 30): Trump signed presidential directive ordering actions to pressure North Korea. The Washington Post, National security. https://www.washingtonpost.com/world/national-security/trump-signed-presidential-directive-ordering-actions-to-pressure-north-korea/2017/09/30/97c6722a-a620-11e7-b14f-f41773cd5a14_story.html?utm_term=.1c6dc0b101b7 
  2. Michelle Ye Hee Lee (13 September 2017). "North Korea nuclear test may have been twice as strong as first thought". Washington Post. 
  3. North Korea 'fires missile from Pyongyang'. BBC. 15 September 2017.
  4. https://www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html 
  5. Martyn Williams (October 1): Russian provides new Internet connection to North Korea. 38North. http://www.38north.org/2017/10/mwilliams100117/ 
  6. CSIS: North Korea's Cyber Capabilities. https://www.csis.org/programs/korea-chair/korea-chair-project-archive/north-koreas-cyber-capabilities 
  7. Charles Riley and Jethro Mullen (16 May): North Korea’s long history of hacking. CNNTech. http://money.cnn.com/2017/05/16/technology/ransomware-north-korea-hacking-history/index.html 
  8. US DoD Defence Science Board (February 2017): Task Force on cyber deterrence. http://www.acq.osd.mil/dsb/reports/2010s/DSB-CyberDeterrenceReport_02-28-17_Final.pdf