North Korea Boosts Efforts to Hack Defectors’ Computers

korea-tae-08192016.jpg Screen grab of footage of senior North Korean diplomat Thae Yong Ho, recorded at the North Korean embassy in London on Nov. 3, 2014, about 20 months before he defected with his family to South Korea.

North Korea has drastically stepped up its efforts to hack into the computers of defectors since last August when an outspoken, senior diplomat defected to the country’s mortal enemy South Korea, a Korean computer expert with knowledge of the situation said.

Thae Yong Ho, who was North Korea’s deputy ambassador to the United Kingdom, was the country’s highest-ranking diplomat ever to defect to South Korea. His defection was viewed as a major blow to the regime of North Korean leader Kim Jong Un.

There were hardly any hacking incidents of the computers of North Korean defectors last June and July, but after Thae’s defection, there were 15 hackings in August, said Choi Sang-myong, head of the Computer Emergency Response Team Coordination Center (CERTCC) at the privately owned South Korean internet security company HAURI Inc.

“Since last August, the number of incidents of North Korea hacking [the computers of] North Korean defectors has increased to more than 10 incidents per month on average,” he said.

“The average number of hacked North Korean defectors and employees who work in fields related to North Korean human rights was only one to two per month until last August,” he said.

North Korean agents sent emails to defectors with file attachments called “Thae Yong Ho interview," "North Korea democratization," and "Balloons sent to North Korea," Choi said. When the recipients opened the attachments, their computers became infected.

North Korean agents also hacked into the computers of North Korean defectors who know Thae, Choi said.

“It is believed that Free NK, an online news outlet run by a North Korean defector in the United Kingdom, was hacked because it has links to Thae Yong Ho,” he said.

Trained computer hackers

North Korea has been known to have trained professional computer hackers since the early 1990s.

Experts now assume that the country’s hackers number about 6,000 to 7,000.

In March 2013, North Korean hackers attacked computer networks that ran South Korea’s two largest broadcasters and three banks.

The North has also used hacking to try to extort information from the South Korean government. In 2016, North Korea hacked the smartphones of high-ranking South Koreans and got their phone numbers.

In the mid-2000s, the North also hacked the South's Korea Meteorological Administration to obtain a weather forecast reportedly for its missile launch in February.

South Korean authorities have repeatedly detected North Korean hackers’ attempts to infiltrate the computer networks of public facilities or companies related to railroads and airlines, Choi said.

“If North Korea can control the South Korean railway through hacking, it may cause a great loss of lives,” he said.

Acts of terrorism

Now, Choi predicts that North Korea may try to hack and manipulate South Korea’s computer network for traffic and communication in order to divert attention away from the controversy surrounding the assassination of Kim Jong Un’s estranged half-brother Kim Jong Nam in Malaysia in February.

“Evidence that North Korea is preparing to perform acts of terrorism have been discovered little by little,” he said.

An Indonesian woman and a Vietnamese woman have been charged with murder for rubbing a deadly nerve agent on Kim Jong Nam’s face at Kuala Lumpur International Airport, while four others believed to be involved in his death remain at large.

South Korean officials have accused North Korean agents of masterminding the assassination because Kim Jong Un allegedly had a standing order for his half-brother’s assassination, fearing he could be used in an overthrow of his brutal regime.

Reported by Yongjae Mok for RFA’s Korean Service. Translated by Soo Min Jo. Written in English by Roseanne Gerin.


Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.