Even though Christmas is approaching, I would like to critically comment on an article written by Justin McCurry from the Guardian. His article from Friday is on the account of North Korean hackers that might have stolen secret war plans from their Southern neighbors.
First of all, it seems interesting that articles are published with the content that something might have happened. I know that the Internet and cyber warfare are interesting topics (that is why I am blogging about it in the first place), but that does not mean that every hypothetical event should be used to write an article on it.
If you leave out the blablabla about the current and past situation and political ties of North- and South Korea as well as China and the US, there is nothing left which constitutes this article as news on cyberwarfare. The only sentences left are:
‘The highly sensitive information, codenamed Oplan 5027, may have found its way into hostile hands last month after a South Korean officer used an unsecured USB memory stick to download it.’
An unsecured USB pen does not have Internet access. Therefore, and this paragraph has to be interpreted in a way – because otherwise it would not make sense – that someone has copied the ‘highly sensitive information’ on to his USB pen, taken it home and plugged it in his personal computer, which has a) Internet access and b) is not militarily state-of-the-art secured. Do not blame the Internet, blame the security staff and the guy being that stupid and not the Internet. Despite the fact that the personal computer from someone who has access to ‘highly sensitive information’ might be secured, you do not put this kind of information on a computer with Internet access – otherwise your Predator drone might get hacked.
‘One theory is that they used an internet protocol address registered in China, a preferred route for North Koreans attempting to hack into files on foreign networks.”
To this sentence, my last sentence to the paragraph above applies. The point is, how does the author come from ‘unsecured USB pen’ to ‘foreign networks’? Unfortunately, he does not answer this question so that I have to stick to my own assumption. Too bad.
Additionally, I do not get the point about what he is talking here. North Korean hackers re-route or proxy their hacking attacks via a Chinese server. If this is an attempt to blame the Chinese government for co-operation with the North Koreans, it is a very bad one. The could have taken any server worldwide to proxy their attack (even though US government proxies would be not a good idea). Talking about a ‘preferred route’ on cyberspace seems odd. The shere amount of proxy servers, their uptime, their possibility to vanish within seconds and the opportunity to blacklist them does not make it appear very reasonable. If this IP address is known for re-routing North Korean hackers, I am sure that this IP address would be blacklisted all over South Korea (or at least for all people working with and for the government). Anyway, to me it appears that there is not much technical knowledge supporting this paragraph.
‘Faced with the military might of the world’s only superpower, North Korea appears to believe it can at least gain an advantage in cyberspace. It is thought to have been responsible for high-profile cyber attacks in July that caused web outages at the White House and its South Korean equivalent, the Blue House. Reports in South Korea said investigators had traced the Chinese IP address used in those attacks to North Korea’s post and telecommunications ministry.’
Again, Chinese IP address. Please, let them use a German proxy (yes, there are anonymous and non-logging German proxies) once and see what happens. ‘Germany supports North Korean hackers fighting the US and South Korea’, oh boy!
Oh dear, ‘high-profile […] that caused web outages’ shut down the websites of the White House and the Blue House. Who cares? I mean seriously, if we start considering every website which is downed by some people conducting a DoS attack as an act of (cyber) war, than we are in the middle of a freaking (virtual) World War. Unfortunately, there are a lot of people doing so.
The following statement (not by the author but by an official) takes the cake:
“If North Korean hackers can infiltrate the south’s cyber borders at will, then all of those troops and weapons protecting the country along the border are useless”
First of all, what are ‘cyber borders’? A metaphorical description of every digital military good and information the south possesses? Hardly a ‘border’ at all, but okay. Secondly, there is no infiltration if the people make sensitive data accessible via Internet. Remember the UK incidient with the memory stick? If not, I linked it again. If you leave a memory stick with sensitive governmental information in your car and somebody steals it, it is not an infiltration. It is theft.. and of course stupidity.
Infiltration in cyber warfare terms would mean that hackers get access to otherwise strongly secured or even autark (meaning no direct or even indirect Internet access) data systems. Do not blame me for exaggeration in the comparison but it is more likely a theft rather than an act of infiltration.
Lastly but no less important, the importance of troops and weapons at the borders. Nor information neither temporary access to sensitive data renders troops at the border useless. It always takes troops, movements and fights and defeat a foe. From a strategic point of view, the comment is correct but I have to conquer the country anyway, with my troops. It is the same with aerial warfare. Being superior in the air might give me an advantage but my airplanes cannot conquer the country.
Be careful with what you consider being an act of cyber warfare, hacking and everything which is connected with this topic. It is not comparable to what happens in real life at all. The Internet (cyberspace) is a new dimension of warfare and for interaction at all. Therefore, a basic understanding of how it works is vital.