Many people believe the Sony breach was caused by North Korea’s Cell Bureau 121. As a follow on to my last post on the Sony incident, I am adding a fantastic post from The Independent covering Cell Bureau 121. The original post can be found HERE.
With North Korea’s ability to hack the most sophisticated computer systems in the world under scrutiny, a secretive cyber-warfare cell called Bureau 121 has come to light.
Despite its grinding poverty and isolation, North Korea has poured resources into the sophisticated hacking cell, defectors said, as Pyongyang came under the microscope for a crippling hack into computers at Sony Pictures Entertainment. It is believed the attack was a spectacular act of revenge upon on the company for distributing the comedy film The Interview which involves a plot to kill North Korea’s leader Kim Jong-un, who is portrayed in highly unflattering terms.
A North Korean diplomat has denied Pyongyang was behind the attack last month but a US national security source said it was a suspect.
Defectors from the North have said that Bureau 121, staffed by some of the most talented computer experts in the insular state, is part of the General Bureau of Reconnaissance, an elite spy agency run by the military. They have said it is involved in state-sponsored hacking, used by the Pyongyang government to spy on or sabotage its enemies. Pyongyang has active cyber-warfare capabilities, military and software security experts have said. Much of it is targeted at the South, technically still in a state of war with North Korea. But Pyongyang has made no secret of its hatred of the United States, which was on the South’s side in the 1950-53 Korean War.
Military hackers are among the most talented and rewarded people in North Korea, hand-picked and trained from as young as 17, said Jang Se-yul, who studied with them at North Korea’s military college for computer science, or the University of Automation, before defecting to the South six years ago.
Speaking in Seoul, he said the Bureau 121 unit comprises about 1,800 cyber-warriors, and is considered the elite of the military. “For them, the strongest weapon is cyber. In North Korea, it’s called the Secret War,” Mr Jang said.
One of his friends works in an overseas team of the unit, and is ostensibly an employee of a North Korean trading firm, Mr Jang said. Back at home, the friend and his family have been given a large, state-allocated apartment in a relatively prosperous district of Pyongyang, he said.
“No one knows … his company runs business as usual. That’s why what he does is scarier,” Mr Jang said. “My friend, who belongs to a rural area, could bring all of his family to Pyongyang. Incentives for North Korea’s cyber experts are very strong … they are rich people in Pyongyang.”
He said the hackers in Bureau 121 were among the 100 students who graduate from the University of Automation each year, after five years of study.
More than 2,500 apply for places at the university, which has a campus in Pyongyang, behind barbed wire. “They are handpicked,” said Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004, referring to the state hackers. “It is a great honour for them. It is a white-collar job there and people have fantasies about it.”
The technology news site Re/code reported on Wednesday that Sony intends to name North Korea as the source of the attack. But when asked about the Re/code report, a Sony spokeswoman said no announcement from the studio was coming. The company declined to comment yesterday.
Sony Pictures is a unit of the Japanese Sony Corporation. North Korea has described The Interview as an “act of war”. Last year, more than 30,000 computers at South Korean banks and broadcasting companies were hit by a similar attack that cybersecurity researchers widely believe was launched from North Korea.
Months later, the South Korean government’s online presence was targeted, with the President’s website defaced with a banner reading “Long live General Kim Jong-un, president of reunification!”
Neither attack was particularly sophisticated, but South Korean authorities said North Korea was to blame, even though “hacktivist” groups – online activists who hack high-profile targets in order to spread political messages – first appeared to claim responsibility.
Those attacks used rudimentary but effective malware which security researchers later dubbed DarkSeoul. Also known as the DarkSeoul Gang, the hackers have been involved in a five-year spree against South Korean targets, according to a report last year by the computer security firm Symantec, which estimated that the group comprised 10 to 50 hackers and described it as “unique” in its ability to carry out high-profile and damaging attacks over several years.
Some security experts have cast doubt on North Korean involvement in the attack on Sony, citing the publicity-seeking hacktivist style of the attacks. However, the use of an unknown name by the group behind the Sony attacks, “Guardians of Peace”, is similar to previous attacks by the DarkSeoul Gang.
It remains unclear if the DarkSeoul gang members are outsiders working on behalf of North Korea, or some of Pyongyang’s troops in the isolated country’s own “cyber army”.
That may be made clearer on Christmas Day, when Sony Pictures intends to release The Interview, which, in July, Pyongyang described as “undisguised sponsoring of terrorism, as well as an act of war”.