Author Scott

When will North Korea collapse?

Will North Korea collapse? When will it collapse? Questions North Korea researchers hear all the time, and given a recent boost after comments from President Obama mentioned Pyongyang’s collapse, followed quickly by an article and mea culpa from well-known, long-time Korea specialist Aidan Foster-Carter. Foster-Carter’s article lays out the general lines of the debate, ‘collapsism’, and 20+ years of poor policy choices by the U.S. and other governments based on the idea that “the North is going to collapse … any day now … Any. Day. Now.”

Plenty of Korea specialists have taken a stab at this parlor game of predicting Pyongyang’s fall: Foster-Carter, per above; Victor Cha, current Georgetown professor and former Director for Asian Affairs at the NSC in his 2012 book; economic specialists (e.g. Haggard and Noland). Intelligence analysts and foreign policy specialists have filled entire servers (and before that, file cabinets) with studies on when the North will collapse. Here’s one from the CIA circa 1997/98 (also here) that featured a majority of Korea specialists convened by Langley doubting the regime could last another five years (we’re coming up on 20).

Not to begrudge anyone their game, but what’s the point?

Share

Book Review of ‘The Real North Korea: Life and Politics in the Failed Stalinist Utopia’ by Andrei Lankov

[Book Review] Lankov is one of the world’s top North Korea specialists, publishing in English or Korean, and has the rare benefit of speaking the language and having spent time studying in the North. While getting time on the ground in North Korea can be difficult, too few ‘experts’ have spent much time in either of the Koreas, or even bothered to learn the language – problems readily apparent when talking to many U.S. military, intel agency, or other denizens of government assigned to Korea issues. Given 60+ years of failure to achieve U.S. goals when it comes to the North, maybe it’s time to try learning from folks like Lankov.

The book opens with a history of the North and the ruling Kim family that builds the framework for later chapters explaining why Pyongyang makes the decisions it does (hint: it’s not cause they’re crazy). A couple of quotes that relate to the point:

“The North Korean leaders do not want reforms [AKA more trade/interaction with the outside world, as the U.S. State Dept. is forever trying to foster] because they realize that in the specific conditions produced by the division of their country, such reforms are potentially destabilizing and, if judged from the ruling elite’s point of view, constitute the surest way of political (and, perhaps, physical) suicide.” [Hardcover edition, pg. 112]. The North Korean elite “would be happy to see a North Korean economic boom – as long as they are not going to enjoy this wonderful picture through the window gate of their cell.” [Pg. 118].

The last third of the book focuses on the future and what outsiders could do to foster change inside the North, or at least reduce tensions and enhance regional stability in NE Asia. Here, like other North Korea specialists (many outside of government), Lankov outlines the important role information can play in pressuring the North Korean regime. Ironically, this overlaps with the semi-idiotic movie ‘The Interview’ and the fear and anger it engendered in the North – military and physical threats are not the key, discrediting the leadership in the eyes of the North Korean populace is the key. In Lankov’s words:

Share

Brief History of North Korean Cyber Attacks

Is North Korea, widely viewed in the outside world as equal parts backward and crazy, even capable of conducting a cyber attack?

Yes.

Prior to the cyber attack on Sony, widely though not entirely thought to be the work of North Korea, the North has been blamed for successful cyber attacks on South Korean media companies, military and government networks, banks, and universities. Some of the first attacks blamed on the North occurred in 2009 and the South has regularly blamed the North for cyber attacks since, with Korean and international analysts noting both similar tactics and the attacks’ growing technical sophistication.

While North Korean decision-making may appear opaque and often outlandish to outside observers, this does not mean the country lacks technical skill, as evidenced by its successful nuclear and ballistic missile programs. The North’s technology has even attracted an international following, most notably from Iran.

In 2012, Iran and North Korea signed a framework agreement on technology sharing that formalized ongoing IT, nuclear, and other tech-related cooperative development efforts. This cooperation has increased Iran’s cyber capabilities, exhibited most clearly by an October 2012 cyber attack on Saudi Arabia’s Aramco Oil. By 2013, experts had begun to note technical and tactical similarities in attacks separately attributed to Iran and North Korea, including a series of disruptive attacks that led major U.S. banks to request help from the NSA. Related writings on Iranian attacks can be found here.

Share

North Korea’s Sony Cyber Attack: North Korea 1 … Sony 0 … Free Speech 0 … U.S. 0

With the dual announcements that Sony is canceling ‘The Interview’ and the U.S. believes North Korea is behind the cyber attack on Sony that led to the movie’s cancellation, we all just got to witness a textbook case of successful cyber and psychological operations. Ironically, the success came from a country commonly viewed as a technology backwater – North Korea.

Since information on the movie first started to appear, the North has made it very clear that it objected to the movie, especially the purported assassination of its leader. As production finished and the release date neared, with no sign of the movie being cancelled, the North apparently decided to try options aside from public objections.

Military, diplomatic, and economic options likely offered limited ability to get the movie canceled, especially when compared to cyber options – a skillset the North has been honing for years. Step one would be to get inside Sony’s systems, step two would be to steal or destroy the movie. Failing that, psychological operations (what the U.S. military calls ‘information operations’) came into play. By releasing the most salacious information gained during the attack, the hackers were able to gain massive amounts of media coverage.

Share

North Korea and Iran – cyber power BFFs?

UPDATE (22 FEB 2015): New story from longtime Korea-watcher Donald Kirk on how Iran’s ties to North Korea may hamper any DC-Tehran nuclear deal.

NK-IRAN-US

UPDATE (18 DEC): The U.S. has reportedly concluded that North Korea was responsible for the cyber attack on Sony. The report goes on to mention an Iranian – North Korean connection, based on similar techniques used in the Sony attack and previous attacks in South Korea and Saudi Arabia. No word yet on a decision regarding response measures, if any.

Since the signing of a 2012 pact on IT research cooperation between Iran and North Korea, there have been a series of reports on cyber activities and attacks conducted by the two nations. This year alone we have a cyber attack on the Sands Casino in Las Vegas (widely attributed to Iran), an attack on Sony that’s still making headlines (widely attributed to North Korea), and a report last week from a leading cyber security firm highlighting Iranian advances in cyber capabilities likely developed in conjunction with North Korea.

Prior to Sony (if indeed that attack was carried out by the North), Pyongyang had been blamed for a series of attacks on South Korean banking, media, and other websites. In one attack, targeting Nonghyup, the agricultural bank, 30 million customers spent days locked out of their accounts.

In 2012, Iran was blamed for a series of attacks targeting U.S. banks and financial institutions. While damage was limited, the banks involved did eventually turn to the NSA for help. Much of the reporting on Iran has highlighted Iranian attention to the cyber domain in the wake of the successful/disastrous (depending on your point of view) Stuxnet attack on Iran’s nuclear program. This attack awakened the regime to both the dangers and opportunities of the cyber domain, and Iran has been rapidly working to expand its capabilities ever since – including the 2012 agreement with North Korea mentioned above.

Share

Back from Afghanistan

Afghan Valley

Apologies for the lack of postings this year, but have spent most of 2014 in Afghanistan, away from reliable Internet access. Am finally back in the States though, and ready to resume posting here on the blog.

The time in Afghanistan is still too fresh to write about, at least here, so have uploaded photos instead. To the left is an all too common aerial view – a narrow green valley surrounded by an arid, high-desert brown. Below are a couple of views from an Afghan Army bunker. I’ll upload a few more photos on the FB page.

Share

A Few Months in Central Asia

Sorry for the absence of postings these past few months, but am currently most of the way through a few months in Central Asia. Hopefully back online and blogging come July. Thanks for stopping by,

Scott

Share

WORK HARD FOR THE KIMS! An Introduction to North Korea

UPDATE (19 FEB): The book is now (finally!) available on Kobo.


The “KIMS” in the title represent North Korea’s ruling family, in power in Pyongyang since the 40s and anxious to stay there. The images in the book introduce North Korean history, culture, and ideology by translating the country’s unique propaganda posters into English, then exploring their themes and messages.

Most of the posters used in the brief book are already here on the website, or available on the Facebook page, but the book includes additional details and explanations.

The book is currently available for download from Amazon for Kindle, Barnes and Noble for Nook, and Apple’s iBooks store. A Kobo version will be available soon. Please let me know if you’d like to see the book available in additional formats. There are no plans to publish a paperback or hardcover version at this time.

Share

Miami to New York on Amtrak’s Silver Meteor

(UPDATE JAN 2015): We made it the whole way this year! Unlike last year, when the train north broke down in Wilmington and forced everyone into a mad scramble across the platform to another train, this year the ‘Meteor’ didn’t break down and we made it home on time. Nice to see the improvement! As yet unimproved are the weird in-room toilets in the roomettes, but maybe someday.

After twice closing out a Florida vacation on the Auto Train, this year it was Amtrak’s Silver Meteor, running between Miami and New York City (Penn Station). It won’t carry your car, but the slow moving ‘Meteor’ (aptly named only in comparison to a horse and buggy) goes beyond D.C. in the north and Orlando in the south, making for a more convenient trip for anyone not local to those two stations.

Amtrak Silver Service Route Map

Like most long distance Amtrak trains, a variety of tickets are available, from seats at one end of the train, to roomettes (max two people) and rooms (max six) at the other end. At the center of the train are a lounge car, with drinks, snacks, and light meals, and a dining car with full meal service.

Share

New North Korean Propaganda Posters Added

New images, with translations and explanations, added to the North Korean Propaganda Posters page both here on the site, and in the much larger Facebook album.

Death of Kim Il-sung in 1994

The unlikeliest of images – a tall Kim Jong-il has rushed to the main public square overlooking Pyongyang to comfort the masses, distraught at the death of Kim Il-sung (in 1994). The younger Kim was, by nearly all accounts, quite reclusive, disliking the limelight and public appearances – making this one of the oddest, most unbelievable of NK propaganda posters.

Share

2009-2013 Internet attacks on South Korea part of ongoing cyber espionage campaign – McAfee Labs

McAfee, the Internet security company owned by Intel, has a research lab that just put out a report covering four years of hacking attacks aimed at South Korea. What previously appeared to be isolated attacks on media, banks, and government websites, many of them detailed here and in the report, are instead part of an ongoing 2009-2013 espionage campaign targeting military forces in South Korea in order to extract classified information. Targets included information on U.S. military forces and their operations in the South.

McAfee Labs

McAfee Labs

Through examining the evolving code used in the attacks, McAfee Labs found the attacks on South Korean banks, media, universities, elections, government, and other websites shared common source code, one encryption password, similar use of IRC botnets, consistent terminology, and a target set of military keywords. The report, on page 22, even lists the (somewhat poorly translated) Korean keywords used to target military operations in South Korea, including by U.S. forces.

Rather than a separate group of incidents targeting South Korea, which the South’s government, after conducting investigations, has attributed to the North, McAfee Labs is arguing that the incidents are all part of one, “secret, long-term campaign.” A campaign that reveals an adversary, “attempting to spy on and disrupt South Korea’s military and government activities.”

The McAfee report does not explicitly blame any particular country for the attacks, but makes the case that the attacks have been conducted by the same organization, taking the same measures against the same sites in an ongoing, state-level espionage operation. Investigating the same incidents separately, the South has laid official blame for the attacks on the North. If the South’s researchers haven’t already figured out what’s in the McAfee report, its findings will likely play a role in relations between the two Koreas very shortly.

Share

Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power

[Book Review] The author, David Sanger, appears to have better access to classified information than most gov’t intel analysts; he certainly has better access to policy makers and strategists. The coverage of cyber operations, especially Stuxnet and Olympic Games, is the most powerful and revealing section of the book – given that Sanger was at the forefront of breaking these stories in the media, hardly a surprise.

The book, with its insider, high-level accounts of foreign policy strategy and operations covering much of Obama’s first term, practically puts you in the White House, but, perhaps inadvertently, it also serves as a reminder of the large gap between high level policymakers and low-level analysis/analysts. Specifically, as a former Asia analyst for the Joint Chiefs, it reminded me that academics and the media, even with only limited access to (formerly) classified information, are often better at predicting and spotting new, unexpected trends than those buried deep within government. So much intel analysis focuses on dealing with our software systems, building collections databases, and making link diagrams – all useful at a mechanical, tactical level – that the focus can narrow and turn reactive, missing broader, strategic level developments often apparent to those on the ground overseas … ala some members of the media, academia, and expat business folks.

While not an explicit message of Sanger’s book, which focuses much of its attention on how Obama’s team handled its foreign policy “inheritance” from the Bush era wars, the gap between inside intel and outside reporting becomes an easy takeaway.

Share

UNESCO adds North Korea, Iranian sites to Heritage List

UNESCO added a group of sites in and around Kaesong, North Korea to the World Heritage List yesterday, citing their importance to “the transition from Buddhism to neo-Confucianism in East Asia and to the assimilation of the cultural spiritual and political values of the states that existed prior to Korea’s unification under the Koryo Dynasty.”

I’ve visited the area in and around the sites and will post a few photos below.

nk-koryomuseum

 

The Koryo Museum, located on the grounds of a palace complex just outside Kaesong. 

Share

South Korea hit with cyber attacks on major banks, media outlets … again; North Korea blamed … again

UPDATE (10 April): The South made its preliminary case today that a North Korean espionage agency was behind the 20 March cyber attacks. According to the South’s report, the North began preparing for the attack last June, with systems testing beginning in late February. Of the 76 types of malicious code used in the attack, 30 were similar to previous attacks by the North, and 22 of 49 IP addresses overlapped with previous addresses used during cyber attacks traced to the North since 2009.

20MAR_cyberattack_graph

UPDATE (22 March): The South’s communications commission issued an update today declaring the cyber attack started from an IP address at a domestic bank (Nonghyup), not a Chinese address, as they reported yesterday. Meaning, aside from an irritated China and embarrassed Korean bureaucrats, that the attack erupted from a domestic source. How the code was placed on that server, by whom, and how it spread is still under investigation – an investigation likely to be much more circumspect in placing blame during future announcements.

On another note, perhaps the biggest news from the peninsula this week, submerged under the flood of reporting on the cyber attack, was a report that China’s oil exports to North Korea fell to zero in February. Perhaps a sign that the Chinese are getting fed up with the North’s missile and nuke testing – China normally sends 30-50,000 tons of oil to the North per month, an official figure that hasn’t gone to zero since 2007. If this continues through March, we may see a sudden change in the North’s tone, at least long enough for the Chinese to restart the spigots. Frankly, China shutting down its supply of oil to the North for two straight months would surprise me more than a semi-crazy member of the Bad Boys getting invited to Pyongyang to drink with the head Kim, but hey, stranger things have happened.

Share