Defectors: PUST is training North Korean hackers

Not for the first time, the Pyongyang University of Science and Technology, a showpiece for academic engagement between North Korea and the Outer Earth, stands accused of teaching its elite students to work as hackers in Kim Jong-Un’s notorious cyberwarfare units. 

North Korea is reportedly recruiting graduates from Pyongyang University of Science and Technology for cyber warfare.

North Korean defector Jang Se-yul, who worked in the North’s electronic warfare command, and another defector Yi Chol claimed on Wednesday in a news conference in Seoul that graduates from the university are assigned to the military for cyber terrorism.

The defectors also said that training institutions affiliated with the Ministries of People’s Armed Forces and People’s Security send trainees to the university to learn advanced science and technology.

The defectors urged South Korean religious and civic groups to reconsider their aid to the North Korean university, which was jointly established by the two Koreas in 2009 and produced its first graduates last year. [KBS]

It takes some searching to find out just what PUST teaches its students, and that search is ultimately unsatisfying. PUST’s home page leads to a Korean-language page that says it’s being upgraded. A site maintained by the foundation that funds PUST provides only the most general information about PUST’s curriculum. But Martyn Williams publishes more detailed information:

The university hasn’t published a detailed syllabus for its courses, but said the computer science includes elements on computer hardware systems, wireless communications, data communications and networks, digital communications, pattern recognition (linked to robotics and industrial automation courses), artificial intelligence, data structures, algorithm design, web programming and object-oriented programming.

These certainly sound like skills that could, at the very least, be useful foundations for an education as a hacker.

It’s not the first time an engagement program was accused of teaching North Koreans to be hackers. A year ago, The Telegraph claimed that a British university’s exchange program, which brought “two offspring of the regime’s elite,” then studying at PUST, to Westminster University to learn such topics as “understanding cyber attacks and assessing whether networks are vulnerable to malicious hackers.”

The course is designed for would-be IT engineers in large firms, and teaches students how to build large internet and mobile phone networks.

One optional module covers “techniques to secure computer networks, and critically evaluates them in the light of a variety of types of attacks,” according to course literature.

“The topics you will cover include network security concepts, computer and network system attacks, cryptography, web security, wireless security, network security tools, and systems. During the practical sessions, you will use an isolated computer laboratory to explore a range of software tools available to audit vulnerabilities in networks and to configure security.” [The Telegraph]

The report claims no knowledge of how the North Korean students used this training.

Like PUST, North Korea’s principal hacking unit, known as Unit 121, is also populated with young, high-songbun elites. According to The Inquisitr, “the candidates who pass a rigorous series of tests and trials are sent to study at top universities — and then sent to Russia and China for an additional year of specialized training in computer hacking and cyberwar techniques.” According to this detailed report on Unit 121 by Hewlett-Packard, candidates for Unit 121 “are then sent to Kim Il-sung University, Kim Chaek University of Technology.” The report does not mention PUST specifically.

From the beginning, however, there have been concerns that PUST would provide the North Korean regime with sensitive technology useful for its weapons programs, in potential violation of U.N. Security Council resolutions. This has required careful interaction with the U.S. Commerce Department, to obtain export licenses. One PUST supporter claims that “PUST’s curricula have been vetted by government and academic nonproliferation experts,” but concedes that “[t]he School of Biotechnology was renamed the School of Agriculture and Life Sciences because U.S. officials were concerned that biotech studies might be equated to bioweapons studies.”

Concerns about North Korea’s misuse of biotechnology were subsequently validated, when experts claimed that a Swiss-funded engagement program to teach North Korea to make bio-insecticides was likely capable of producing biological weapons. (As early as 1998, your correspondent, while serving with U.S. Forces Korea, was vaccinated for anthrax.)

PUST’s claims that it would become a portal of free thought and the free exchange of ideas have not panned out, and the campus atmosphere sounds like just what you’d expect from any place where North Koreans interact with foreigners — the secrecy of Sea Org, the militancy of the Peoples’ Temple, and the dress code of a Mormon mission school.

For example, “PUST has been promised academic freedom, the likes of which has been virtually unknown in North Korea, including campus-wide internet access.” Suki Kim’s memoir of her time teaching at PUST refutes this. Indeed, Kim claims that she was “under strict orders not to reveal anything about the Internet,” a claim that is somewhat at odds with the more troubling claims that PUST and foreign exchange programs taught PUST students how to exploit its vulnerabilities as hackers. According to PUST’s Wikipedia page, “[g]raduate students and professors have internet access, but it is filtered and monitored.”

The very reaction by PUST’s founders to Kim’s book also helps answer our litmus question for engagement projects with North Korea: “Who changed who?” Despite its promises of academic freedom, PUST makes its faculty agree not to discuss what they saw at PUST. Then, after Suki Kim’s departure and the publication of her book, co-founder James Kim criticized her bitterly for telling a global audience about the smothering censorship she saw there. In other words, instead of opening minds, PUST ends up acting as Pyongyang’s extraterritorial censor.

Amid the secrecy of North Korea’s political system, it’s probably impossible for anyone but the North Korean government — and a lucky few who escape from its grip — to know which PUST students, if any, eventually join Unit 121. All that we can say for now is that the reports call for further investigation, and for more transparency by PUST about exactly what it’s teaching North Korea’s young elites, and where its students go after they graduate.

4 Comments

  1. come on, Joshua. as much as I agree that PUST is another poor engagement attempt by people who don’t understand the dynmics and machiavelianism of real world politics. I think you’re over estimating the technical know how needed to hack real world systems.

    everything you need to know is published online and does not require too much time to master.

    also, university level courses are known to be too academic to effectivly train a hacker, as the art usually requires experience and broad knowledge and not the type of deep understanding preached by professors.




    0



    0
  2. So, you are denying NK hacking takes place? What other reason does the regime have for sending students to this place?




    0



    0
  3. you’re correct that the internet is usually censured from these people but the government in pyongyang does have internet access and can vulanterily give it to anyone it wants. very likely including it’s own hacker unit training program which means it does not need foreign teacher to attain this knowledge.

    and yes, given the technical data we know about the hacks we do know of though not amateurish, I will go as far as to say that they do not appear very sophisticated to me.

    to make myself clear I would define a sophisticated hack as one that used at least some zero day vulnerabilities on propriatery software which means it required at least some code reading and or reverse engineering to attain and was not entirely based of phishing attacks.




    0



    0