North Korean hackers 'could kill', warns key defector By Dave Lee and Nick Kwek

BBC News Published duration 28 May 2015

image copyright Reuters image caption Prof Kim says around 10-20% of Kim Jong-un's military budget is being spent on cyber-attack capabilities

North Korean hackers are capable of attacks that could destroy critical infrastructure and even kill people, a high-profile defector has warned.

Speaking exclusively to BBC Click, Prof Kim Heung-Kwang said the country had around 6,000 trained military hackers.

The warning follows last year's Sony Pictures hack - an attack attributed to North Korea.

Korean technology expert Martyn Williams stressed the threat was only "theoretical".

Prof Kim has called for international organisations to step in to prevent North Korea launching more severe attacks.

Military attack

For 20 years Prof Kim taught computer science at Hamheung Computer Technology University, before escaping the country in 2004.

While Prof Kim did not teach hacking techniques, his former students have gone on to form North Korea's notorious hacking unit Bureau 121.

The bureau, which is widely believed to operate out of China, has been credited for numerous hacks.

Many of the attacks are said to have been aimed specifically at South Korean infrastructure, such as power plants and banks.

media caption North Korean defector Prof Kim Heung-Kwang tells the BBC about potential cyber attacks from the country

Speaking at a location just outside the South Korean capital, Prof Kim told the BBC he has regular contact with key figures within the country who have intimate knowledge of the military's cyber operation.

"The size of the cyber-attack agency has increased significantly, and now has approximately 6,000 people," he said.

He estimated that between 10% to 20% of the regime's military budget is being spent on online operations.

"The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber war capacity," he added.

"Their cyber-attacks could have similar impacts as military attacks, killing people and destroying cities."

Stuxnet clone

Speaking more specifically, Prof Kim said North Korea was building its own malware based on Stuxnet - a hack attack, widely attributed to the US and Israel, which struck Iranian nuclear centrifuges before being discovered in 2010.

"[A Stuxnet-style attack] designed to destroy a city has been prepared by North Korea and is a feasible threat," Prof Kim said.

media caption BBC Click's Dave Lee meets the activists sending anti-North Korean material into the country by balloon

"Although the nuclear plant was not compromised by the attack, if the computer system controlling the nuclear reactor was compromised, the consequences could be unimaginably severe and cause extensive casualties," Prof Kim said.

Martyn Williams is a journalist who follows closely the development of technology in North Korea.

He told the BBC: "I think it's important to underline that this is theoretical and possible from non-North Korean hackers too.

"It's conceivable that hackers would try something and lives could be at risk.

He noted an attack in 2013 on South Korean broadcasters, which he said was "an attempt to throw the country into confusion".

"If TV had gone off air and then ATMs stopped working, people might have panicked."

Inside Bureau 121

When it comes to cyber-attacks, few groups are as notorious as North Korea's Bureau 121, which has operated since the late nineties.

Most security researchers agree that the group operates out of China. Specifically, in the basement of a restaurant, rated highly on TripAdvisor for its tremendous Korean food.

'Off the internet'

Prof Kim has called on international organisations to take action over North Korea's cyber-activity.

"We need to collect the evidence of North Korea's cyber terrorism and report them to UN Human Rights Council and other UN agencies," he told the BBC.

"If North Korea continues to cause damage in this way, an organisation such as Icann should ban North Korea."

Icann - the Internet Corporation for Assigned Names and Numbers - manages the distribution of domain name including .com and .net.

It could, theoretically, shut down the use of North Korea's domain, .kp.

image copyright Getty Images image caption North Korea was blamed for a hack on Sony Pictures that temporarily halted a film's release

In a statement, Icann said its powers in this regard were limited.

"Icann does not have the power, nor remit, to ban countries from having a presence on or access to the Internet," said Duncan Burns, its head of communications.

"Icann's primary role is the coordination of the internet's unique identifiers to ensure the stability, security and resiliency of the internet.

"We rely on law enforcement and governmental regulatory agencies to police reported illegal activity."

Furthermore, disabling .kp would have minimal effect if, as is widely believed, much of North Korea's hacking force conducts its operations outside of the country.

Other measures, such as sanctions imposed by the US in the wake of the Sony Pictures hack, might have a greater impact.

But Prof Kim added: "This issue can't be solved by one or two countries.

"The international community needs to pay attention to North Korea's attempts to destroy the internet."