Asia Cyber Attacks Cyber Defence Editors Picks Tech of the Week

Inside North Korea’s Hacker Army

(Bloomberg)– In most respects, Jong Hyok looks like any other middle-aged male tech worker you might see on the skyscraper-shadowed streets of Seoul’s Gangnam district: smartphone in hand, dark-blue winter coat over a casual, open-collared work shirt.

Sit him down at a sushi restaurant and start asking him questions, though, and you soon sense that Jong is harboring an extraordinary tale. He slouches, staring intently at the table before him and speaking haltingly, his sentences often trailing away unfinished.

Jong tells you he’s in his late 30s, but his tired eyes and wizened skin make him look a decade older. He says he’s concerned that you’ll be indiscreet with details that could expose him or his family. You wonder momentarily if he suspects you’re a North Korean spy. But no, you’re here to relate the remarkable story of his years spent cracking computer networks and programs to raise money for the regime in Pyongyang.

North Korea’s hacking prowess is almost as feared globally as its nuclear arsenal. Last May the country was responsible for an internet scourge called WannaCry, which for a few days infected and encrypted computers around the world, demanding that organizations pay ransom in Bitcoin to unlock their data.

A few years before that, North Korea stole and published the private correspondence of executives at Sony Pictures Entertainment, which had produced a Seth Rogen satire of the country called The Interview.

Jong wasn’t involved in those attacks, but for half a decade before defecting, he was a foot soldier in North Korea’s hacker army. Unlike their counterparts elsewhere, who might seek to expose security vulnerabilities, steal corporate and state secrets, or simply sow chaos, North Korean hackers have a singular purpose: to earn money for the country, currently squeezed by harsh international sanctions for its rogue nuclear program.

For most of the time Jong spent as part of this brigade he lived and worked in a crowded three-story home in a northeastern Chinese city. The hackers he shared it with were required to earn up to $100,000 a year, through whatever means they could, and were allowed to keep less than 10 percent of that. If they stepped out of line, the consequences could be severe.

Experts in the South Korean government say that over the years, North Korea has sent hundreds of hackers into neighboring countries such as China, India, and Cambodia, where they’ve raised hundreds of millions of dollars. But actually finding one of these cyberwarriors is, for obvious reasons, difficult.

Sources in South Korea’s government and the North Korean defector community provided Bloomberg Businessweek with the name of someone who has deep knowledge of the latter group—a fixer of sorts. This contact, a middle-aged man who chose his words with painstaking deliberation, asked that his name not be used.

After several meetings, he offered the phone numbers of three contacts, requesting that Businessweek shield their identities. Jong—which is not his real name—was one of them.

For decades, North Korea’s government has sought to use modern technology to transform one of the most isolated, impoverished parts of the world. During the 1990s, Kim Jong Il, the father of current leader Kim Jong Un, touted programming as a way for the country to rebuild its economy after years of catastrophic famine.

He established technology degrees at Pyongyang’s universities and attended annual software-writing contests to put gold watches on the wrists of winners.

Reports from Korea watchers suggest that, sometime in the back half of the decade, Kim Jong Il formed a cyber army designed to expand North Korea’s hacking activities.

Initially the unit managed only random incursions, on targets like government websites and banking networks, but when Kim died in 2011, his son expanded the program. Soon it was launching attacks more consistently and on more important targets, such as nuclear plants, defense networks, and financial institutions.

Formally, North Korea denies engaging in hacking and describes accusations to that effect as enemy propaganda. It says its overseas computer efforts are directed at promoting its antivirus software in the global market. The country has for more than a decade been working on such programs, including one called SiliVaccine.

It also has a homegrown operating system, Red Star, that software developers have pointed out looks suspiciously like macOS. Kim Jong Un’s affinity for Apple products is well-known. In 2013, he was photographed sitting in front of an iMac during a meeting with military officials to discuss missile attacks on the U.S.; a picture released a few years later showed him with an Apple laptop on his private jet.

Kim has also moved to make more smartphones available to North Korea’s 25 million citizens and begun rewarding computer scientists with nicer homes and higher salaries. And he’s sent increasing numbers of them into neighboring countries, where internet access is better and they can more easily hide their tracks. Defectors say programmers cross the border clutching bean paste, hot pepper paste, dried anchovy, and other comforts of home.

“Elite programmers? No way. We were just a bunch of poor, low-paid laborers”

Jong was part of an earlier wave sent by Kim Jong Il. Born in Pyongyang during the early 1980s, he was raised by parents who were faithful to the Workers’ Party of Korea and Kim Il Sung, North Korea’s founder, who led the party and is Kim Jong Un’s grandfather. Growing up, Jong heard tales of his own grandfather’s brave fight against Japan’s imperial army in Manchuria alongside Kim Il Sung during World War II.

As a child, Jong’s favorite subject was biology, and he aspired to become a doctor. His parents were supportive, but the state determined from his test scores that he should study computer science. There was no questioning the decision. Heartbroken at first, he eventually became fascinated by the inner workings of computers, and in his junior year of university, in the late 1990s, he was selected by the government to study in China.

The years he spent there were a revelation. A government minder accompanied each delegation, but Jong’s was lax, and he managed to go drinking, dancing, and camping with Chinese students. The biggest shock was having almost unlimited access to the internet.

The computers back home were so strictly controlled that they were useful mostly for calculating figures or displaying diagrams. The ones in China showed Jong much more of the world. “I felt like a colt cut loose on the field,” he says.

For a brief moment, North Korea seemed to be moving in a more open direction. During school breaks, Jong would return home to find that some of his wealthier friends owned personal computers. They played video games like Counter-Strike and watched DVDs of South Korean soap operas, which were becoming so easy to obtain that Jong almost believed unification was at hand.

Soon, though, government authorities were storming homes to confiscate such material in a crackdown on the so-called yellow wind of capitalism.

Jong graduated and returned home to get his master’s degree, for which he worked at a state agency, creating office software. The government was at the time investing in a variety of tech projects, including one that used power lines to transmit data. Once again, Jong glimpsed hope that the regime might see technology as a means for advancement, not just a threat.

Credit: Bloomberg

After graduation, he went to work for a state-affiliated software development agency. Before he could settle in, the government informed him that it had other plans. He was being moved to China, to conduct software research that would “brighten the future” of North Korea’s information technology sector.

Jong knew exactly what that meant: Go make money for your country.

Not long after, Jong crossed the border on foot and caught a bus to his assigned city. There, he made his way to a relatively large house set on a busy street amid a forest of high-rises. The place was owned by a Chinese tycoon with business ties to Pyongyang.

Dozens of graduates from North Korea’s elite universities—all men—slept in cots and bunks on the top floor. A warren of cubicles and computers occupied the lower floors, and portraits of Kim Jong Il and Kim Il Sung hung on the walls.

At first Jong didn’t have a computer, so he borrowed one from his roommates, promising to pay a rental fee once he’d made enough money to buy his own machine. He began his new career by obtaining beta versions of commercial software such as video games and security programs, then making pirate replicas his clients could sell online. Orders came in via word of mouth and broker websites from around the world; many were from China or South Korea, allowing for easier communication.

Each unit was overseen by a “chief delegate,” a non-coder who arranged transactions and collected payments. A separate minder from North Korea’s state police was there to handle security issues. The work was arduous, involving reverse-engineering code and intercepting communications between the source program and the servers of the company that made it.

Jong recalls that it took 20 programmers to build a functioning replica of one program. The hackers often found themselves racing to decipher vulnerabilities in a piece of software before its creators could patch the security holes.

Jong got up to speed quickly and was soon considered a senior member of the house. When orders were slow, he and his colleagues hacked gambling sites, peeking at the cards of one player and selling the information to another. They created bots that could roam around in online games such as Lineage and Diablo, collecting digital items like weapons and clothes and scoring points to build up their characters.

Then they’d sell the characters for nearly $100 a pop. Every so often, to maintain the facade that he was pursuing research to benefit North Korea, Jong would create scholarly software, for example a data-graphing program, and send it across the border.

All in all, the work was unglamorous. “Elite programmers? No way. We were just a bunch of poor, low-paid laborers,” Jong recalls. He denies any complicity in the kinds of crimes that security experts have attributed in recent years to North Korea, such as snatching credit card numbers, installing ransomware on corporate servers, and swiping South Korean defense secrets.

But he doesn’t doubt that such things were going on. “North Korea will do anything for money, even if that means asking you to steal,” he says.

Any moral qualms that he or other programmers might have felt were subordinated by their mission. They had targets to meet—or else. Failing to clear a benchmark known as juk-bol-e (“enough to buy a bowl of soup”) could mean being sent home. More serious offenses, such as skimming profits or not showing sufficient fealty to the regime, could result not only in repatriation but “revolutionization,” hard labor at a factory or farm.

On Saturdays the handlers, sometimes alongside visiting officials, would hold two-hour meetings with the units to discuss the philosophies of Kim Il Sung and Kim Jong Il, as well as any new ideological tenets dispensed by Kim Jong Un. Key statements would be memorized and recited in a loyalty pledge of sorts.

A few times, Jong says, he dealt with two especially talented hackers who handled military espionage assignments, infiltrating the websites and servers of foreign countries. They were staunchly loyal to the regime, and he was particularly careful not to make any comments they might see as critical.

Jong estimates that he was eventually bringing in around $100,000 a year. Because he and his cohorts were regarded as productive, they were allowed to live relatively well. They enjoyed air conditioning during the summer and ventured into the neighborhood in chaperoned groups. In their spare time they played Counter-Strike, sometimes sneaking down at night to their cubicles to catch up on South Korean soap operas.

On Saturdays, after their indoctrination session, they might go outside to the sizable backyard to play soccer, badminton, or volleyball. Twice a year, they would meet with hacking units from across China to celebrate propaganda events such as the blossoming of Kimilsungia and Kimjongilia, orchids named for Kim Jong Un’s father and grandfather.

Jong’s abilities also led him to be sent on trips elsewhere in China with North Korean officials. As he traveled, he got a view of how the hacker corps were organized and learned that not every unit was as lucky as his. Government agencies and state-affiliated corporations would each send their own units abroad to generate cash.

All of their activities were planned and directed by a shadowy branch of the Workers’ Party called Office 91. The hacking units tended to keep in close touch with North Korea’s consulates, gathering there to drink, talk shop, and trade computer gear.

“Some hackers barely fed themselves and were just fortunate to have orders to work on”

One summer, Jong and some colleagues visited a cramped, run-down building in the northeastern city of Yanji. Living there were a dozen coders who’d been sent by North Korea’s railways ministry. They were trying to crack high-end software that analyzed live orchestral performances and wrote musical scores. It was the rainy season, and the men worked in shorts and relied on fans to combat the heat and humidity; water dripped from the ceiling.Stacked against one wall were packages of ramen. “Some hackers barely fed themselves and were just fortunate to have orders to work on,” Jong says. One of them was being treated for tuberculosis; another had required medical treatment after waking up with a cockroach lodged in his ear. But they weren’t getting the kind of care his crew would have received.

Other programmers told Jong similarly gruesome stories. He heard about a young coder in Beijing, known for boasting of his elite education, whose colleagues had severely beaten him, shattering his ribs, after finding out he’d been receiving kimchi from a South Korean businessman.

A hacker in Guangzhou was said to have died of dengue fever a year after leaving his home and children behind. The man’s boss apparently decided it would be too expensive to repatriate the body, so it was cremated and six months later another programmer took the ashes home. Hackers joked darkly that while they’d arrived as protein, they might return as powder.

Finally, after he’d been working in China for a few years, Jong himself landed in trouble. He’s spare with the details, describing only an “unsavory incident” involving a government official. He fled before the regime could mete out the inevitable beating or trip home for revolutionization.

For two years he roamed southern China, earning money by hacking, sleeping in hotels, and tasting the sort of freedom he’d previously only imagined. His last stop in the region was Shenzhen, near Hong Kong, where, after making $3,000 and quickly spending it in ways he vaguely describes as “enjoying life,” he realized he was tired.

Returning home wasn’t an option—desertion could be punishable by death. Instead, Jong bought a fake Chinese passport for 10,000 yuan (about $1,600), traveled to Bangkok by train and bus, and knocked on the door of the South Korean embassy. He lived inside the compound for a month, undergoing a security check, before being flown to Seoul.

Credit: Bloomberg

The two other defectors I spoke with confirmed the broad contours of Jong’s story, though their own work was somewhat different from his. They were among a group of programmers that North Korea had deployed to China to develop and sell iPhone and Android applications.

Using fake identities, they posted on freelancing websites such as and took jobs developing apps for taxi-hailing, online shopping, facial recognition—anything that generated money. They say they were required to make around $5,000 a month for the government, working up to 15 hours a day and operating under the same pressures and threats as Jong and his peers.

One of the defectors, who worked under the auspices of a state agency called the Korea Computer Center, had long been cynical about his country; he’d come to hate bellowing out the loyalty oath to Kim Jong Un every Saturday and finally concluded that everything about the regime was a lie.

He managed to escape when a Chinese client who liked his work asked to meet in person. He declined at first but changed his mind and wound up confessing that he was from North Korea. When he said he wanted out, the client offered to help.

The other defector says that one day he simply snapped from overwork and left, roaming around China on foot in hopes of encountering one of the South Korean spies he’d been warned about before leaving home. For six days he slept inside greenhouses, gyms, any place with a roof, worrying the whole time that he’d made a huge mistake. It was already too late, though—if he went back he’d be punished.

Finally, he found a shop whose sign indicated it was run by someone from South Korea. The shopkeeper was willing to help.

Lim Jong In, head of the department of cyberdefense at Korea University in Seoul and a former special adviser to South Korea’s president, says that North Korea’s hacking strategy has evolved since Jong defected. At the program’s height, he says, well over a hundred businesses believed to be fronts for North Korean hacking were working in the Chinese border cities of Shenyang and Dandong alone.

China has since cracked down on these operations in an effort to comply with United Nations sanctions, but they’ve simply been moved elsewhere, to countries such as Russia and Malaysia. Their value to the regime—and to the hackers themselves—is simply too high to forgo. “North Korea kills two birds with one stone by hacking: It shores up its security posture and generates hard currency,” Lim says. “For hackers it offers a fast track to a better life at home.”

Jong is doing well for himself in Seoul. He blushes when congratulated for a promotion he recently received at a local software security company, saying he had to work especially hard for it. “I feel like my value as a programmer is discounted by half when I tell people I’m from North Korea,” he says.

Others in the 30,000-odd defector community express similar frustrations about their outsider status; some display contempt for their adopted country’s concerns about appearances and money, and recall with pride their homeland’s penchant for bluntness.

Still, there’s no going back. Jong is sometimes visited by South Korean and U.S. agents who ask him for details that might fill holes in ongoing investigations. The South Koreans ask about Office 91—what its hackers are like and what they’ve worked on in the past. The Americans recently inquired whether he knew anything about a four-story building in Pyongyang where Western-designed semiconductors are photographed and X-rayed for replication.

At night, Jong returns home to a quiet life with his South Korean wife. Their baby son, he says, babbles happily and has just started to walk.

Source:: Bloomberg

Add Comment

Click here to post a comment

Language »