REUTERS/KCNA
"This is an area of growth," Gen. Vincent Brooks told Senate leaders last month. "While I would not characterize them as the best in the world, they are among the best in the world and the best organized."
Brooks was speaking before the Senate Armed Services Committee for a hearing regarding his nomination to take over all forces in South Korea. The 57-year-old general took over that post late last month.
"They seem to be more and more willing to do this [hacking]," Brooks said. "They have in fact, electronically attacked US companies."
North Korea is often dismissed as a backwards totalitarian regime with little technology - sometimes illustrated by a lack of electricity as seen from space - but it has invested heavily in cyber, which in some ways, allows a nation-state with few resources to inflict real-world damage.
"Given North Korea's bleak economic outlook, [offensive cyber operations] may be seen as a cost effective way to develop asymmetric, deniable military options," reads a 2013 DoD report. In other words, while North Korea may not be able to hurt a Goliath like the US or South Korea with guns or missiles, it sees hacking as a cheaper way of getting to that result.
According to a 2014 CNBC report, the Hermit Kingdom has pursued cyber warfare since the 1980's, and has targeted banks, universities, and other organizations, mainly in South Korea. But perhaps its biggest hack yet came with the breach of Sony Pictures, which saw the leak of unreleased films and embarrassing emails of studio executives in 2014.
Attributing a cyber attack to a nation-state can be difficult, given that hackers often hide behind proxy servers and mask their tracks, but intelligence officials at the time told the Washington Post they had "99% certainty" that North Korea was behind the Sony hack.
As the book "Hacked World Order" detailed, evidence of the Hermit Kingdom being behind the attack was further bolstered by the Snowden leaks, which revealed the NSA had placed "covert implants" in routers and firewalls around the world, which would give the intelligence agency great insight into where an attack came from. And later comments from FBI Director James Comey were clear:
"We could see that the IP addresses they used ... were IPs that were exclusively used by the North Koreans. It was a mistake by them. It was a very clear indication of who was doing this. They would shut it off very quickly once they realized the mistake, but not before we saw them and knew where it was coming from."
North Korea has approximately 6,000 trained hackers in its military ranks, a defector from the country told the BBC. The defector taught computer science at a Pyongyang University and said many of his former students went on to the hacking unit known as Bureau 121.
REUTERS / Samantha Sais
Little is known about the North Korea's cyberwarfare agency, though it does seem to employ considerable computer expertise. With its Sony Pictures breach, the hackers used a common method to gain access called spear-phishing and were able to steal credentials for a systems administrator, enabling them to burrow inside the systems for at least two months to map out their plan of attack.
"They were incredibly careful, and patient," one person briefed on the investigation told The New York Times.
That an Army general would warn of North Korea's growing progress in cyberspace comes as the Pentagon ramps up its own efforts in what it calls the "cyber domain" after the release of a new cyber strategy in April 2015. In it, the military proposed 133 teams for its "cyber mission force" by 2018, 27 of which were directed to support combat missions by "generating integrated cyberspace effects in support of ... operations." (Effects is a common military term used for artillery and aircraft targeting, and soldiers proclaim "good effect on target" to communicate a direct hit).
A Pentagon spokesperson told Tech Insider the numbers breakdown for the cyber mission force would be more than 4,300 personnel. But only about 1,600 of those would be on a "combat mission team" that would likely be considered to be taking an offensive hacking role.
Still, the US military recently used hackers against ISIS as others fought on the ground in February, quite possibly for the first time ever.
"These are strikes that are conducted in the war zone using cyber essentially as a weapon of war,"
For Brooks, he sees North Korean hackers as a threat to be taken seriously, telling Senate leaders he was "not optimistic about the direction that North Korea is going."
But when pressed on whether the US could respond with a "counterattack that can do harm on them," Brooks pushed to answer that only in a classified briefing, but, he said, "that is an option that is available."