Category Iran

Brief History of North Korean Cyber Attacks

Is North Korea, widely viewed in the outside world as equal parts backward and crazy, even capable of conducting a cyber attack?

Yes.

Prior to the cyber attack on Sony, widely though not entirely thought to be the work of North Korea, the North has been blamed for successful cyber attacks on South Korean media companies, military and government networks, banks, and universities. Some of the first attacks blamed on the North occurred in 2009 and the South has regularly blamed the North for cyber attacks since, with Korean and international analysts noting both similar tactics and the attacks’ growing technical sophistication.

While North Korean decision-making may appear opaque and often outlandish to outside observers, this does not mean the country lacks technical skill, as evidenced by its successful nuclear and ballistic missile programs. The North’s technology has even attracted an international following, most notably from Iran.

In 2012, Iran and North Korea signed a framework agreement on technology sharing that formalized ongoing IT, nuclear, and other tech-related cooperative development efforts. This cooperation has increased Iran’s cyber capabilities, exhibited most clearly by an October 2012 cyber attack on Saudi Arabia’s Aramco Oil. By 2013, experts had begun to note technical and tactical similarities in attacks separately attributed to Iran and North Korea, including a series of disruptive attacks that led major U.S. banks to request help from the NSA. Related writings on Iranian attacks can be found here.

Share

North Korea and Iran – cyber power BFFs?

UPDATE (22 FEB 2015): New story from longtime Korea-watcher Donald Kirk on how Iran’s ties to North Korea may hamper any DC-Tehran nuclear deal.

NK-IRAN-US

UPDATE (18 DEC): The U.S. has reportedly concluded that North Korea was responsible for the cyber attack on Sony. The report goes on to mention an Iranian – North Korean connection, based on similar techniques used in the Sony attack and previous attacks in South Korea and Saudi Arabia. No word yet on a decision regarding response measures, if any.

Since the signing of a 2012 pact on IT research cooperation between Iran and North Korea, there have been a series of reports on cyber activities and attacks conducted by the two nations. This year alone we have a cyber attack on the Sands Casino in Las Vegas (widely attributed to Iran), an attack on Sony that’s still making headlines (widely attributed to North Korea), and a report last week from a leading cyber security firm highlighting Iranian advances in cyber capabilities likely developed in conjunction with North Korea.

Prior to Sony (if indeed that attack was carried out by the North), Pyongyang had been blamed for a series of attacks on South Korean banking, media, and other websites. In one attack, targeting Nonghyup, the agricultural bank, 30 million customers spent days locked out of their accounts.

In 2012, Iran was blamed for a series of attacks targeting U.S. banks and financial institutions. While damage was limited, the banks involved did eventually turn to the NSA for help. Much of the reporting on Iran has highlighted Iranian attention to the cyber domain in the wake of the successful/disastrous (depending on your point of view) Stuxnet attack on Iran’s nuclear program. This attack awakened the regime to both the dangers and opportunities of the cyber domain, and Iran has been rapidly working to expand its capabilities ever since – including the 2012 agreement with North Korea mentioned above.

Share

Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power

[Book Review] The author, David Sanger, appears to have better access to classified information than most gov’t intel analysts; he certainly has better access to policy makers and strategists. The coverage of cyber operations, especially Stuxnet and Olympic Games, is the most powerful and revealing section of the book – given that Sanger was at the forefront of breaking these stories in the media, hardly a surprise.

The book, with its insider, high-level accounts of foreign policy strategy and operations covering much of Obama’s first term, practically puts you in the White House, but, perhaps inadvertently, it also serves as a reminder of the large gap between high level policymakers and low-level analysis/analysts. Specifically, as a former Asia analyst for the Joint Chiefs, it reminded me that academics and the media, even with only limited access to (formerly) classified information, are often better at predicting and spotting new, unexpected trends than those buried deep within government. So much intel analysis focuses on dealing with our software systems, building collections databases, and making link diagrams – all useful at a mechanical, tactical level – that the focus can narrow and turn reactive, missing broader, strategic level developments often apparent to those on the ground overseas … ala some members of the media, academia, and expat business folks.

While not an explicit message of Sanger’s book, which focuses much of its attention on how Obama’s team handled its foreign policy “inheritance” from the Bush era wars, the gap between inside intel and outside reporting becomes an easy takeaway.

Share

UNESCO adds North Korea, Iranian sites to Heritage List

UNESCO added a group of sites in and around Kaesong, North Korea to the World Heritage List yesterday, citing their importance to “the transition from Buddhism to neo-Confucianism in East Asia and to the assimilation of the cultural spiritual and political values of the states that existed prior to Korea’s unification under the Koryo Dynasty.”

I’ve visited the area in and around the sites and will post a few photos below.

nk-koryomuseum

 

The Koryo Museum, located on the grounds of a palace complex just outside Kaesong. 

Share

North Korea Entering Information Age with Cellphones, Domestic-only ‘Intranet’

Interesting article on cellphone and ‘Internet’ usage in North Korea – yes, there are both cellphones (now up to a million 3G subscribers, if the numbers are to be believed) and ‘Internet’ users in the North, though access to the outside Internet is limited to a very select few. Instead, North Korea has established a nationwide (mostly Pyongyang, but some connections in outlying areas), domestic-only, intranet for universities, research centers, and a few private homes/apartments.

The article, from The Diplomat, a leading provider of news and commentary on the Asia-Pacific, attributes the North’s acceptance of information age technology to a desire to attract and please international investors. While the concerns of international investors may play a role, I hardly agree that this is the driving force. Rather, the North, like any other country or group of people, wants to use the technology to communicate and share information, though, in the North’s case, with a heavy dollop of state control (none of the cellphones on the domestic network can access numbers outside the country) and propaganda messages from state authorities (taking spam texts to a whole new level).

Share

Iran and North Korea cooperating on cyber-defense, ‘domestic Internets’?

UPDATE (28 Mar): Article today from the Times on how hackers from both North Korea and Iran have launched cyber attacks over the past week. No information on a connection between the two, other than their “erratic decision making,” but their skills appear to be growing, with Iran taking down American Express for two hours today.

UPDATE (24 Mar): Good article in PC World today about the threats posed by Iranian and North Korean hackers. The article covers some of what’s been discussed here, but also highlights testimony in the House last week about the unpredictability of Iran and North Korea making them harder to deter than China and Russia. The article points out that while the Iranians and North Koreans lack the cyber skills of the Chinese and Russians, their greater sense of “intent” may make them the more dangerous threats.

UPDATE (18 Jan): U.S. banks have officially sought help from the National Security Agency in dealing with the months-long cyberattacks, according to the Washington Post.

UPDATE (8 Jan): The Times has a story today with U.S. officials blaming Iran for attacks the past few months on “Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.” The attacks are on a scale available to nation-states, not kids in a basement, “transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.” According to the story, the attacks are expected to continue.

UPDATE (3 Dec): Reuters carried a story from Kyodo yesterday about Iran stationing defense staff at a North Korean military facility, “apparently to strengthen cooperation in missile and nuclear development.” The “staff” reportedly consists of four people from Iran’s Ministry of Defense and “firms close to it.” The group may be in country for longterm collaboration, or to observe North Korea’s upcoming rocket launch.

UPDATE (24 Oct): The Times has an article today on an Iranian cyberattack on Saudi Arabia’s Aramco oil firm in August that is now believed to be, “among the most destructive acts of computer sabotage on a company to date.” The attack is thought to be retaliation for previous cyberattacks on Iranian oil facilities – and may have even used some of the same code. This is shaping up to be an interesting battle, clearly visible even in the open source world.

UPDATE (18 Oct): The cyberattacks on U.S. banks are continuing into their fifth week, with the Wall Street Journal now publicly blaming Iran as the source of the attacks.

UPDATE (1 Oct): The Times has a story this morning about the effects the bank attacks are having on U.S. customers, plus additional speculation on who is behind them, with Iran and the general ‘Middle East’ as the most mentioned sources.

UPDATE (28 Sep): Bloomberg (among others), is reporting an escalating, ongoing cyberattack on U.S. banks that some, including Senator Lieberman (head of the Senate Homeland Security and Governmental Affairs Committee), are blaming on Iran. It may or may not be Iran, part of the ‘beauty’ of cyberattacks is being able to disguise their origin, but the attack points to the growing sophistication of state-level actors (the North Koreans took down a major South Korean bank last year) and the dangers posed to the U.S. private sector by cooperation of the type highlighted below.

A couple of interesting stories on Iran and North Korea so far this week: the Washington Post reports Iran is preparing an internal version of the Internet designed to limit Iranian’s access to the outside Net, plus block foreign cyberattacks. The article stresses the difficulties the mullahs will have establishing the system, while acknowledging the security advantages afforded by such a project.

Nowhere however, does the article mention a connection with North Korea, which has long had a ‘domestic Internet’ of the type described in the article. NK’s internal network offers the exact advantages – security and training for cyber-operatives, mentioned in the Post article.

The second article, from The Christian Science Monitor, on a new Iran-NK pact designed to enhance research cooperation in the fields of “information technology, engineering, [etc.],” makes a connection between the two countries on ‘domestic Internet’ development seem both possible and natural. The focus of the article, and other media attention to the pact, is on shared nuclear weapon and missile development efforts. However, the juxtaposition of the two events highlighted in the stories, the shared interest in walled-off internal networks, and the recent pact formalizing ongoing joint research and development efforts begs the question of whether the North Koreans are also aiding the Iranians in establishing a more cyberattack-resistant internal network – thereby removing a tool outsiders use to influence and track Iranian nuclear weapons development.

While this development would be good for the Iranians, it would not be a positive for security and stability in the region. If Israel and the U.S. lose their cyber option for derailing and delaying Iran’s nuclear efforts, kinetic options become more likely – to no one’s benefit. Stay tuned.

Share

NYT’s Kristof in Iran

New York Time’s columnist Nicholas Kristof recently spent some time in Iran and posted some interesting columns (including videos) on the trip: Hugs From Iran, Pinched and Griping in Iran, In Iran, They Want Fun, Fun, Fun, and Not-So-Crazy in Tehran.

He was able to travel without a guide, which I envy. While I learned a lot from Professor, my guide during my trip, some of the most interesting experiences in the country happened when I was alone. I’m curious what else Kristof was able to come away with that he couldn’t/didn’t fit into his writings and videos.

I was most heartened by his final take, “We can’t do much to nurture progress in Iran, but promoting Internet freedom, shortwave news broadcasts and satellite television all would help. A war would hurt. […] Iran looks childish when it calls America the ‘Great Satan’ or blusters ‘Death to America.’ Let’s not bluster back or operate on caricatures. And let’s not choose bombs over sanctions and undercut the many Iranians who are chipping away at hard-line rule in tiny ways — even by flashing their hair.”

This was not so far off from my take in 2006, of Persians as a group of people that loved their country but hated their government – so long as no one attacked it. Iran is one of the few places I’ve traveled where most people, especially the young and educated, seem to genuinely like Americans. Given time and appropriate encouragement, this will help further U.S. interests far more than bombing Natanz.

Share

Driving Past Natanz, Home of Iran’s Nuclear Program (Book Excerpt)

With all of the recent news on Iran, including a possible Israeli strike on the Iranian nuclear site near the town of Natanz, here’s an excerpt from Axis of Evil Tour on my brief trip through the area.

Today was to be nuke day – our short drive north from Esfahan to Kashan was going to take us right by Natanz, the home of the Iranian nuclear program. While many news reports from Iran cite Esfahan as the home, the actual nuke facilities are about 60 miles away, near the small city of Natanz.

We drove quickly north, seemingly the only people on the smooth new expressway, minus a couple of checkpoints. Leaving Esfahan we stopped for directions and found that checkpoints had become such a fixed part of the landscape they were even used for navigating, “drive down this road for a while until you come to the police checkpoint [not the other ones], then turn right.”

Driving by, Natanz is just another exit on the highway, with the city visible in the distance. The nuclear site is not something mentioned by the local road signs. Professor saw me scanning the area, but told me not to bother.

Just past Natanz to the northwest is an isolated little village nestled in the mountains called Abyaneh. We wanted to visit, but finding the right highway exit proved a problem – Professor was used to traveling with large tour groups on buses that included drivers. This was the first time in several years he’d driven himself, so he was occasionally unsure of which way to go when we got into off-the-beaten-path areas.

As I studied the map, I realized we’d zoomed past our exit and were rapidly approaching Kashan, the day’s final destination. For a moment we debated just giving up and heading on, especially given all the snow we could see in the mountains that might close the roads.
The debate was short-lived however, and we were soon looking for an exit to use to turn around. Of course, we found none in the vast stretch of emptiness. That is, until we popped over a little rise and went flying past it.

Professor quickly slowed and pulled over to take a look. We could turn around, but we’d have to back up along the shoulder.

Just then, not 30 seconds after we’d come to a stop, came the sound of a motorcycle pulling up next to us, then a sudden tapping on Professor’s window. Two soldiers, an AK-47 swung over the shoulder of the passenger, had appeared out of nowhere. We were still within 15-20 miles of the nuke facilities and security was trigger-finger tight.

Share

Israel Considering Strike on Iran’s Nuclear Facilities?

Interesting, and somewhat ominous article in the Times today (and another one in the Post) about Israel possibly stepping up preparations for an attack on Iran’s nuclear facilities in Natanz. Having been on the ground in the area, I can attest to the tightness of the security – not two minutes after pulling off to the side of the road to check directions, my guide and I had soldiers pounding on the car, demanding to know what we were doing.

While Iranian air defenses are probably too weak to prevent, or perhaps even detect, a surprise Israeli strike, antiaircraft weaponry is ubiquitous in the area and would certainly strive to be a factor.

My take? Once U.S. military forces have officially withdrawn from Iraq and are no longer ‘blocking’ an Israeli strike, the possibility of one increases markedly – an interesting corollary to our presence in Iraq has been helping to prevent an Israeli attack on Iran. Definitely an issue worth keeping an eye on once the new year arrives.

Share

Axis of Evil World Tour – An American’s Travels in Iran, Iraq and North Korea

A book on my travels in Bush’s three Axis of Evil countries. Excerpts from the book are available in the Iraq, Iran, and North Korea sections of this blog, with additional photos on the book’s website at: AxisofEvilWorldTour.com.

My goal in writing the book is to present the countries as I saw them, without adhering to any particular branch of U.S. politics or foreign policy – if you are a diehard Democratic or Republican ideologue, I’m not your guy. For more on the book, please check out my interview with Chicago NPR station, WBEZ.

The link to the left is for the Kindle version of the book. The paperback is available from Amazon or Barnes and Noble. The book is also available as a Nook download.

The paperback version of the book was published in December 2006, and the e-book version (updated and with more photos than the paperback) was first published in January 2011.

UPDATE (27 August): Apple finally gave approval for the book to be sold through iTunes. You can find it by searching in iTunes/iBooks, or through Apple’s website.

Share