N. Korean spy cell linked to successful hacking attacks

Unit 180 agents work abroad to avoid leaving traces of North's hand in hacking: Defector

SEOUL • North Korea's main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber attacks, according to defectors, officials and Internet security experts.

Dr Kim Heung Kwang, a former computer science professor in North Korea who defected to the South in 2004 and still has sources inside North Korea, said Pyongyang's cyber attacks, aimed at raising cash, are likely organised by Unit 180, part of the country's main overseas intelligence agency, the Reconnaissance General Bureau.

"Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts," said Dr Kim. He has previously said that some of his former students have joined North Korea's cyber army, Strategic Cyber Command.

"The hackers go overseas to find somewhere with better Internet services than North Korea so as not to leave a trace," Dr Kim added. He said it was likely they went under the cover of being employees of trading firms, overseas branches of North Korean firms, or joint ventures in China or South-east Asia.

Mr James Lewis, a North Korea expert at the Washington-based Centre for Strategic and International Studies, said Pyongyang first used hacking as a tool for espionage and then political harassment against South Korean and American targets.

In recent years, North Korea has been blamed for a series of online attacks, mostly on financial networks in the United States, South Korea and over a dozen other countries.

The US Department of Defence said in a report submitted to Congress last year that North Korea likely "views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the Internet".

Cyber security researchers also said they have found technical evidence that could link North Korea to the WannaCry ransomware cyber attack that infected more than 300,000 computers in 150 countries this month. Pyongyang has called the allegation ridiculous.

The US Department of Defence said in a report submitted to Congress last year that North Korea likely "views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the Internet".

South Korean officials say they have considerable evidence. "North Korea is carrying out cyber attacks through third countries to cover up the origin of the attacks and using their information and communication technology infrastructure," said South Korea's Vice-Foreign Minister Ahn Chong Ghee.

Malaysia has been a base for North Korean cyber operations, said former South Korean police researcher Yoo Dong Ryul, who studied North Korean espionage techniques for 25 years.

"They work in trading or IT programming companies on the surface. Some of them run websites and sell game and gambling programs," he added.

REUTERS

A version of this article appeared in the print edition of The Straits Times on May 22, 2017, with the headline 'N. Korean spy cell linked to successful hacking attacks'. Print Edition | Subscribe