Because I’ve begun to develop a certain sense of when interesting events are about to get much more interesting, yesterday morning, I decided to check the web site of KCNA, North Korea’s official “news” service. The site did not load, but it has always been slow to load. Then, news sites began to report that North Korea’s internet access had gone down, and that the White House wasn’t denying that it had a hand in this.
This morning, kcna.kp loaded with its usual masikryeong speed. Let’s all hope that our government has the will and the means to respond more potently than this. Kicking North Korea out of the Internet is like kicking Alabama out of the World Cup, and North Korea without internet is like North Dakota without surfing, Ireland without sunshine, or a Kardashian without a job. Meanwhile, the Japanese mirror site of KCNA kept right on squawking its threats to attack the White House:
Our target is all the citadels of the U.S. imperialists who earned the bitterest grudge of all Koreans. The army and people of the DPRK are fully ready to stand in confrontation with the U.S. in all war spaces including cyber warfare space to blow up those citadels.
Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the “symmetric counteraction” declared by Obama. This is the invariable toughest stand of the army and people of the DPRK.
Fighters for justice including “guardians of peace” who turned out in the sacred drive for cooperation in the fight against the U.S. to defend human justice and conscience and to dismember the U.S. imperialists, the root cause of all sorts of evils and kingpin of injustice, are sharpening bayonets not only in the U.S. mainland but in all other parts of the world. [KCNA.co.jp]
President Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. The Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” Discuss among yourselves.
I can only guess, but if this was an attack, I’d guess that the U.S. government wasn’t behind it, and that independent hackers were. That’s also what I’m hoping, because if this is the worst that the world’s most powerful nation can do to a blighted hell-hole like North Korea, it would be wholly inadequate to deter any other despots who would censor and control our discourse through cyberwarfare and cyberterrorism. A nine-hour DDOS attack wouldn’t do much to deter Kim Jong Un, or contribute to solving the greater problem — the fact that he rules a country to begin with. That level of response, together with the President’s description of North Korea’s attacks as “cybervandalism,” would imply a junior-varsity insouciance about the gravity of this threat:
Sen. John McCain rejected Obama’s characterization of the North Korean hack as “an act of cybervandelism,” instead calling it “a new form of warfare” on CNN’s State of the Union.
“The President does not understand that this is a manifestation of a new form of warfare when you destroy economies, when you are able to impose censorship,” McCain, a Republican from Arizona, said. “It’s more than vandalism. It’s a new form of warfare that we’re involved in and we need to react and we need to react vigorously.” [CNN]
McCain, the incoming Chairman of the Armed Services Committee, promised to call hearings on the issue when the new Congress convenes.
Sen. Lindsey Graham of South Carolina called it “an act of terrorism” and favored reimposing sanctions and adding North Korea to the terrorism list. The United States needs to “make is so hard on the North Koreans that they don’t want to do this in the future,” Graham said. [Joongang Ilbo]
Fortunately, a report from The New York Times claims the White House is considering better alternatives, starting with asking the Pentagon’s Cyber Command for a list of options:
“What we are looking for is a blocking action, something that would cripple their efforts to carry out attacks,” one official said. [….]
For now, the White House appears to have declined to consider what one Defense Department official termed “a demonstration strike” in cyberspace, which could have included targets such as North Korean military facilities, computer network servers and communications networks.
United States officials said that American efforts to block North Korea’s access to the Internet, which is available only to the military and the elite, would necessarily impinge on Chinese sovereignty. N.Y. Times]
Sort of like China and North Korea just impinged on ours, then.
Tom Kellermann, a former member of the presidential commission on cybersecurity, said one option was what security experts refer to as a “hack back,” in which they use the attackers’ own computer footprints and back doors to deploy an attack that destroys North Korea’s attack infrastructure, or compromises the integrity of the machines that did the hacking. For example, the United States could deploy a malicious payload that encrypts the data on North Korea’s machines, or renders them unable to reboot — clearly “proportional,” in the president’s words, because that was what happened to Sony’s computers.
The White House is also considering financial sanctions, “mirroring those recently placed on Russian oligarchs and officials close to President Vladimir V. Putin,” to “cut off their access to cash … that allows the elite surrounding Kim Jong-un, the North Korean leader, to live lifestyles their starving countrymen can barely imagine.” The Times even invokes the example of Banco Delta Asia, calling it “the one sanction in the past decade that caused the most pain to the North Korean leadership.”
They’re starting to sound like Ed Royce, who is starting to sound like a man ahead of his time.
Finally, they’re considering an offensive of information operations — or if you prefer, psyops, “in which the United States plays on North Korea’s worst fears by using its access to the North Korean domestic computer and radio systems to deploy propaganda inside North Korea’s closed media bubble.”
A combination of those three options could be a serious response, although I’ll reserve judgment until I see the administration actually enforce it.
~ ~ ~
Update: Reuters suggest some other alternatives:
U.S. cyber teams could also go after the hackers aligned with Pyongyang and make their lives miserable. It’s an effective tactic. Bullies are notoriously susceptible to bullying.
Since the FBI has declared that the attack came from North Korea, there’s a good chance the bureau’s experts know which computers and even which hackers it came from. Hackers generally have robust online lives. They use social networks, maintain a presence in online forums and chatrooms and transfer money using Bitcoin or other cryptocurrencies. Washington could make their lives uncomfortably complicated.
It could break into the hackers’ email accounts and publish them – just as the hackers did to Sony Pictures executives. It could ban their Internet protocol addresses or infect their computers with destructive viruses and malware that could store every keystroke the hackers type. Every password, email, website visited would be recorded and stored in a U.S. database. It might only sideline the hackers, by making them spend time and energy fixing the problem or even force them to buy entirely new hardware — a hacker’s worst case scenario.
U.S. cyber teams could also pose online as commentators and ruin the hackers’ reputations among any communities they belong to. For example, they could upload faulty software to the black markets as the Guardians of Peace.
In the long run, those tactics might damage the North Korean hackers’ capabilities, but wouldn’t do much to deter North Korea or other copycat cyberterrorists.
~ ~ ~
This post was edited after publication.
~ ~ ~
Update 2: These hackers claim responsibility for taking down North Korea’s internet. HT: Steve Herman.