Author Scott

Entries 186 Total Bio

 

 Contact

Book Review of ‘The Real North Korea: Life and Politics in the Failed Stalinist Utopia’ by Andrei Lankov

Jan 14, ’15 5:30 PM

[Book Review] Lankov is one of the world’s top North Korea specialists, publishing in English or Korean, and has the rare benefit of speaking the language and having spent time studying in the North. While getting time on the ground in North Korea can be difficult, too few ‘experts’ have spent much time in either of the Koreas, or even bothered to learn the language – problems readily apparent when talking to many U.S. military, intel agency, or other denizens of government assigned to Korea issues. Given 60+ years of failure to achieve U.S. goals when it comes to the North, maybe it’s time to try learning from folks like Lankov.

The book opens with a history of the North and the ruling Kim family that builds the framework for later chapters explaining why Pyongyang makes the decisions it does (hint: it’s not cause they’re crazy). A couple of quotes that relate to the point:

“The North Korean leaders do not want reforms [AKA more trade/interaction with the outside world, as the U.S. State Dept. is forever trying to foster] because they realize that in the specific conditions produced by the division of their country, such reforms are potentially destabilizing and, if judged from the ruling elite’s point of view, constitute the surest way of political (and, perhaps, physical) suicide.” [Hardcover edition, pg. 112]. The North Korean elite “would be happy to see a North Korean economic boom – as long as they are not going to enjoy this wonderful picture through the window gate of their cell.” [Pg. 118].

The last third of the book focuses on the future and what outsiders could do to foster change inside the North, or at least reduce tensions and enhance regional stability in NE Asia. Here, like other North Korea specialists (many outside of government), Lankov outlines the important role information can play in pressuring the North Korean regime. Ironically, this overlaps with the semi-idiotic movie ‘The Interview’ and the fear and anger it engendered in the North – military and physical threats are not the key, discrediting the leadership in the eyes of the North Korean populace is the key. In Lankov’s words:

Share
Continue Reading… Comments (0)

Brief History of North Korean Cyber Attacks

Jan 7, ’15 1:39 PM

Is North Korea, widely viewed in the outside world as equal parts backward and crazy, even capable of conducting a cyber attack?

Yes.

Prior to the cyber attack on Sony, widely though not entirely thought to be the work of North Korea, the North has been blamed for successful cyber attacks on South Korean media companies, military and government networks, banks, and universities. Some of the first attacks blamed on the North occurred in 2009 and the South has regularly blamed the North for cyber attacks since, with Korean and international analysts noting both similar tactics and the attacks’ growing technical sophistication.

While North Korean decision-making may appear opaque and often outlandish to outside observers, this does not mean the country lacks technical skill, as evidenced by its successful nuclear and ballistic missile programs. The North’s technology has even attracted an international following, most notably from Iran.

In 2012, Iran and North Korea signed a framework agreement on technology sharing that formalized ongoing IT, nuclear, and other tech-related cooperative development efforts. This cooperation has increased Iran’s cyber capabilities, exhibited most clearly by an October 2012 cyber attack on Saudi Arabia’s Aramco Oil. By 2013, experts had begun to note technical and tactical similarities in attacks separately attributed to Iran and North Korea, including a series of disruptive attacks that led major U.S. banks to request help from the NSA. Related writings on Iranian attacks can be found here.

Share
Continue Reading… Comments (0)

North Korea’s Sony Cyber Attack: North Korea 1 … Sony 0 … Free Speech 0 … U.S. 0

Dec 18, ’14 6:48 PM

With the dual announcements that Sony is canceling ‘The Interview’ and the U.S. believes North Korea is behind the cyber attack on Sony that led to the movie’s cancellation, we all just got to witness a textbook case of successful cyber and psychological operations. Ironically, the success came from a country commonly viewed as a technology backwater – North Korea.

Since information on the movie first started to appear, the North has made it very clear that it objected to the movie, especially the purported assassination of its leader. As production finished and the release date neared, with no sign of the movie being cancelled, the North apparently decided to try options aside from public objections.

Military, diplomatic, and economic options likely offered limited ability to get the movie canceled, especially when compared to cyber options – a skillset the North has been honing for years. Step one would be to get inside Sony’s systems, step two would be to steal or destroy the movie. Failing that, psychological operations (what the U.S. military calls ‘information operations’) came into play. By releasing the most salacious information gained during the attack, the hackers were able to gain massive amounts of media coverage.

Share
Continue Reading… Comments (1)

North Korea and Iran – cyber power BFFs?

Dec 15, ’14 7:12 PM

UPDATE (18 DEC): The U.S. has reportedly concluded that North Korea was responsible for the cyber attack on Sony. The report goes on to mention an Iranian – North Korean connection, based on similar techniques used in the Sony attack and previous attacks in South Korea and Saudi Arabia. No word yet on a decision regarding response measures, if any.

Since the signing of a 2012 pact on IT research cooperation between Iran and North Korea, there have been a series of reports on cyber activities and attacks conducted by the two nations. This year alone we have a cyber attack on the Sands Casino in Las Vegas (widely attributed to Iran), an attack on Sony that’s still making headlines (widely attributed to North Korea), and a report last week from a leading cyber security firm highlighting Iranian advances in cyber capabilities likely developed in conjunction with North Korea.

Prior to Sony (if indeed that attack was carried out by the North), Pyongyang had been blamed for a series of attacks on South Korean banking, media, and other websites. In one attack, targeting Nonghyup, the agricultural bank, 30 million customers spent days locked out of their accounts.

In 2012, Iran was blamed for a series of attacks targeting U.S. banks and financial institutions. While damage was limited, the banks involved did eventually turn to the NSA for help. Much of the reporting on Iran has highlighted Iranian attention to the cyber domain in the wake of the successful/disastrous (depending on your point of view) Stuxnet attack on Iran’s nuclear program. This attack awakened the regime to both the dangers and opportunities of the cyber domain, and Iran has been rapidly working to expand its capabilities ever since – including the 2012 agreement with North Korea mentioned above.

Share
Continue Reading… Comments (1)

Back from Afghanistan

Sep 12, ’14 12:54 AM
Afghan Valley

Apologies for the lack of postings this year, but have spent most of 2014 in Afghanistan, away from reliable Internet access. Am finally back in the States though, and ready to resume posting here on the blog.

The time in Afghanistan is still too fresh to write about, at least here, so have uploaded photos instead. To the left is an all too common aerial view – a narrow green valley surrounded by an arid, high-desert brown. Below are a couple of views from an Afghan Army bunker. I’ll upload a few more photos on the FB page.

Share
Continue Reading… Comments (0)

A Few Months in Central Asia

Jun 5, ’14 1:00 PM

Sorry for the absence of postings these past few months, but am currently most of the way through a few months in Central Asia. Hopefully back online and blogging come July. Thanks for stopping by,

Scott

Share
Comments (1)

WORK HARD FOR THE KIMS! An Introduction to North Korea

Jan 26, ’14 5:08 PM

UPDATE (19 FEB): The book is now (finally!) available on Kobo.


The “KIMS” in the title represent North Korea’s ruling family, in power in Pyongyang since the 40s and anxious to stay there. The images in the book introduce North Korean history, culture, and ideology by translating the country’s unique propaganda posters into English, then exploring their themes and messages.

Most of the posters used in the brief book are already here on the website, or available on the Facebook page, but the book includes additional details and explanations.

The book is currently available for download from Amazon for Kindle, Barnes and Noble for Nook, and Apple’s iBooks store. A Kobo version will be available soon. Please let me know if you’d like to see the book available in additional formats. There are no plans to publish a paperback or hardcover version at this time.

Share
Comments (0)

Miami to New York on Amtrak’s Silver Meteor

Jan 22, ’14 4:19 PM

(UPDATE JAN 2015): We made it the whole way this year! Unlike last year, when the train north broke down in Wilmington and forced everyone into a mad scramble across the platform to another train, this year the ‘Meteor’ didn’t break down and we made it home on time. Nice to see the improvement! As yet unimproved are the weird in-room toilets in the roomettes, but maybe someday.

After twice closing out a Florida vacation on the Auto Train, this year it was Amtrak’s Silver Meteor, running between Miami and New York City (Penn Station). It won’t carry your car, but the slow moving ‘Meteor’ (aptly named only in comparison to a horse and buggy) goes beyond D.C. in the north and Orlando in the south, making for a more convenient trip for anyone not local to those two stations.

Amtrak Silver Service Route Map

Like most long distance Amtrak trains, a variety of tickets are available, from seats at one end of the train, to roomettes (max two people) and rooms (max six) at the other end. At the center of the train are a lounge car, with drinks, snacks, and light meals, and a dining car with full meal service.

Share
Continue Reading… Comments (0)

New North Korean Propaganda Posters Added

Dec 9, ’13 8:27 PM

New images, with translations and explanations, added to the North Korean Propaganda Posters page both here on the site, and in the much larger Facebook album.

Death of Kim Il-sung in 1994

The unlikeliest of images – a tall Kim Jong-il has rushed to the main public square overlooking Pyongyang to comfort the masses, distraught at the death of Kim Il-sung (in 1994). The younger Kim was, by nearly all accounts, quite reclusive, disliking the limelight and public appearances – making this one of the oddest, most unbelievable of NK propaganda posters.

Share
Comments (0)

2009-2013 Internet attacks on South Korea part of ongoing cyber espionage campaign – McAfee Labs

Jul 12, ’13 3:52 PM

McAfee, the Internet security company owned by Intel, has a research lab that just put out a report covering four years of hacking attacks aimed at South Korea. What previously appeared to be isolated attacks on media, banks, and government websites, many of them detailed here and in the report, are instead part of an ongoing 2009-2013 espionage campaign targeting military forces in South Korea in order to extract classified information. Targets included information on U.S. military forces and their operations in the South.

McAfee Labs

McAfee Labs

Through examining the evolving code used in the attacks, McAfee Labs found the attacks on South Korean banks, media, universities, elections, government, and other websites shared common source code, one encryption password, similar use of IRC botnets, consistent terminology, and a target set of military keywords. The report, on page 22, even lists the (somewhat poorly translated) Korean keywords used to target military operations in South Korea, including by U.S. forces.

Rather than a separate group of incidents targeting South Korea, which the South’s government, after conducting investigations, has attributed to the North, McAfee Labs is arguing that the incidents are all part of one, “secret, long-term campaign.” A campaign that reveals an adversary, “attempting to spy on and disrupt South Korea’s military and government activities.”

The McAfee report does not explicitly blame any particular country for the attacks, but makes the case that the attacks have been conducted by the same organization, taking the same measures against the same sites in an ongoing, state-level espionage operation. Investigating the same incidents separately, the South has laid official blame for the attacks on the North. If the South’s researchers haven’t already figured out what’s in the McAfee report, its findings will likely play a role in relations between the two Koreas very shortly.

Share
Comments (0)

Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power

Jul 3, ’13 12:29 AM

[Book Review] The author, David Sanger, appears to have better access to classified information than most gov’t intel analysts; he certainly has better access to policy makers and strategists. The coverage of cyber operations, especially Stuxnet and Olympic Games, is the most powerful and revealing section of the book – given that Sanger was at the forefront of breaking these stories in the media, hardly a surprise.

The book, with its insider, high-level accounts of foreign policy strategy and operations covering much of Obama’s first term, practically puts you in the White House, but, perhaps inadvertently, it also serves as a reminder of the large gap between high level policymakers and low-level analysis/analysts. Specifically, as a former Asia analyst for the Joint Chiefs, it reminded me that academics and the media, even with only limited access to (formerly) classified information, are often better at predicting and spotting new, unexpected trends than those buried deep within government. So much intel analysis focuses on dealing with our software systems, building collections databases, and making link diagrams – all useful at a mechanical, tactical level – that the focus can narrow and turn reactive, missing broader, strategic level developments often apparent to those on the ground overseas … ala some members of the media, academia, and expat business folks.

While not an explicit message of Sanger’s book, which focuses much of its attention on how Obama’s team handled its foreign policy “inheritance” from the Bush era wars, the gap between inside intel and outside reporting becomes an easy takeaway.

Share
Comments (0)

UNESCO adds North Korea, Iranian sites to Heritage List

Jun 24, ’13 5:42 PM

UNESCO added a group of sites in and around Kaesong, North Korea to the World Heritage List yesterday, citing their importance to “the transition from Buddhism to neo-Confucianism in East Asia and to the assimilation of the cultural spiritual and political values of the states that existed prior to Korea’s unification under the Koryo Dynasty.”

I’ve visited the area in and around the sites and will post a few photos below.

nk-koryomuseum

 

The Koryo Museum, located on the grounds of a palace complex just outside Kaesong. 

Share
Continue Reading… Comments (0)

South Korea hit with cyber attacks on major banks, media outlets … again; North Korea blamed … again

Mar 21, ’13 6:02 PM

UPDATE (10 April): The South made its preliminary case today that a North Korean espionage agency was behind the 20 March cyber attacks. According to the South’s report, the North began preparing for the attack last June, with systems testing beginning in late February. Of the 76 types of malicious code used in the attack, 30 were similar to previous attacks by the North, and 22 of 49 IP addresses overlapped with previous addresses used during cyber attacks traced to the North since 2009.

20MAR_cyberattack_graph

UPDATE (22 March): The South’s communications commission issued an update today declaring the cyber attack started from an IP address at a domestic bank (Nonghyup), not a Chinese address, as they reported yesterday. Meaning, aside from an irritated China and embarrassed Korean bureaucrats, that the attack erupted from a domestic source. How the code was placed on that server, by whom, and how it spread is still under investigation – an investigation likely to be much more circumspect in placing blame during future announcements.

On another note, perhaps the biggest news from the peninsula this week, submerged under the flood of reporting on the cyber attack, was a report that China’s oil exports to North Korea fell to zero in February. Perhaps a sign that the Chinese are getting fed up with the North’s missile and nuke testing – China normally sends 30-50,000 tons of oil to the North per month, an official figure that hasn’t gone to zero since 2007. If this continues through March, we may see a sudden change in the North’s tone, at least long enough for the Chinese to restart the spigots. Frankly, China shutting down its supply of oil to the North for two straight months would surprise me more than a semi-crazy member of the Bad Boys getting invited to Pyongyang to drink with the head Kim, but hey, stranger things have happened.

Share
Continue Reading… Comments (0)

North-South tensions on the Korean peninsula – indicators for the future

Mar 12, ’13 4:17 PM

UPDATE (3 April): The North closed entry to Kaesong today for South Koreans, but allowed those present in the complex to either remain in the North or head home to the South. Citing business and production concerns, only 33 of 446 South Korean workers in the complex actually came South, with the rest remaining behind to tend to their work or business interests. Posing the somewhat interesting question – given a choice, would you elect to stay in North Korea right now for your employer or business?

Previous closures have been short-lived, with few repercussions for those remaining behind, those who left, or the businesses located in the zone. Time will tell if this closure ends the same. Either way however, today’s closure signals a further heightening of tensions and worsening of inter-Korean relations.

UPDATE (1 April): The North actually threatened to close the Kaesong complex over the weekend, but most doubt they will follow through on the threat. If the North’s leadership is under the illusion that shutting the facility will hurt the South worse than the North they might be tempted, but short of that level of cluelessness, the North is unlikely to close such a prime hard currency source.

UPDATE (28 March): Reuters catching on to the idea of Kaesong as an indicator of the true level of tension on the Korean peninsula: Despite threats, North Korea keeps border factories open.

Every time tensions rise on the Korean peninsula, people start asking what’s going to happen next. Is there going to be a war? Will tensions cool? Will the North conduct an additional rocket or nuke test? Will there be another cyberattack or similar provocation? While no one outside of the North’s inner circle (now including Dennis Rodman?) can say for sure, there are a few indicators.

One I’ve discussed before is the status of the joint North-South economic development zone in Kaesong, just north of the DMZ. If the North suddenly closes the zone, or takes as hostages any South Koreans remaining in the zone, then that’s obviously not a good sign. Similarly, if the South orders its people out of Kaesong and forbids more to enter, that’s an indicator the South is expecting the situation to worsen, or is planning a response to a Northern provocation. South Korea’s president mentioned her concern about the North taking hostages at a meeting just this morning, indicating high-level concern over the issue in the South, but no plans to recall its citizens.

Other indicators, aside from updated imagery showing North Korean troop movements, include the North shutting down or greatly restricting access to its relatively new domestic cellphone service. I also detailed this indictor previously, calling any curtailment in service a sign the North was cracking down on or attempting to prevent internal dissent, or was suddenly concerned about a new threat.

More stories about South Korean military and defense officials spending their time playing golf instead of monitoring developments indicate the South’s level of concern over a possible provocation. While reports of more North Korean deserters, especially among frontline troops near the DMZ, show both military weariness and loss of capability for a conventional strike in the North.

Finally, the South raised its ‘cyber alert level’ on 12 February in response to North Korea’s most recent nuclear test. A further increase, or reduction, in this level is also a sign of where the South believes the situation is heading.

Hopefully, amid all of the fuss, bluff, and thunder on the peninsula, these indicators prove useful for predicting the course of future events in Korea, whether war, nothing more than talk, a conventional Northern provocation, or another Northern cyberattack on the South.

Share
Comments (0)