Advertisement

Inside the secret world of North Korea cybercoders

"Obtaining details on North Korea's cyber warfare capabilities is not an easy task," Hewlett Packard acknowledged in a security memo published in August.

By JC Finley

PYONGYANG, North Korea, Dec. 19 (UPI) -- As intrigue surrounding a massive hack on Sony Pictures intensifies, the focus is increasingly on North Korea and the potential role its secretive band of cybercoders known as Unit 121 may have played.

The mission of Unit 121 is to "conduct cyberattacks against overseas and enemy states," a North Korean defector still in contact with at least one Unit 121 agent told CNN.

Advertisement

According to Jang Se-yul, a computer expert who defected in 2007, about 1,800 cyber warriors are located throughout the world.

Estimates vary on Unit 121's size. In 2012, South Korea asserted 3,000 people belonged to Unit 121 and earlier this year predicted an increase to 5,900.

"Obtaining details on North Korea's cyber warfare capabilities is not an easy task," Hewlett Packard acknowledged in a security memo published in August.

Advertisement

Despite a struggling economy, North Korea has reportedly increased its cyberattacks. Jang attributes this to the fact that "raising cyber agents is fairly cheap."

The commander of U.S. Forces Korea agreed. In testimony before the House Armed Services Committee in April, Gen. Curtis M. Scaparrotti said, "Cyber warfare is an important asymmetric dimension of conflict that North Korea will probably continue to emphasize -- in part because of its deniability and low relative costs."

Once recruited into the Reconnaissance General Bureau, responsible for clandestine operations, oversees Unit 121, the cyber warriors are guaranteed "a certain level of quality of life," said Kim Heung Kwang, a former computer science professor in North Korea who defected in 2004.

With Unit 121 headquarters in the Moonshin-dong area of Pyongyang and operations abroad, including from China's Chilbosan Hotel in Shenyang, "You can freely use computers and travel overseas," Kim said. "It's an advantageous position for future career promotion."

Seoul has blamed Unit 121 for launching repeated cyberattacks against South Korean banks and media organizations, including in 2010 and 2012, and an infamous series of malware attacks between March and June 2013 known as "Dark Seoul."

The malicious code used in a 2012 attack on a South Korean media organization appears to be similar to the code used in the Sony hack, according to Choi Sang-myung, a senior online security researcher and adviser to Seoul's cyber warfare command. "I noticed the similarities as soon as I saw it."

Advertisement

Pyonyang has denied its involvement in the Sony cyber attack, but numerous reports quoting unnamed sources close to the U.S. investigation have said North Korea's Unit 121 is believed to be responsible for the hack. President Barack Obama is expected to address the issue at a Friday news conference. "When and if that call is made, it will be a moment to confront that reality. That reality being that a state actor used cyber to attack a U.S. corporation," remarked Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff.

The FBI and Justice Department's National Security Division are still investigating the "sophisticated actor" behind it, White House Press Secretary Josh Earnest said Thursday.

When asked how the U.S. planned to respond, Earnest said the president's national security team was considering "a range of available responses" but did not elaborate on what that response might be.

"We need a proportional response," Earnest said while cautioning "that sophisticated actors, when they carry out actions like this, are oftentimes... seeking to provoke a response from the United States of America. ... And so we want to be mindful of that, too."

Advertisement

Latest Headlines