By Ryotaro Fukuda
An investigation by an information security company revealed on Nov. 19 that a significant number of computers used in North Korea had been infected and used by external intruders to attack other servers. While Pyongyang has been focusing its efforts to attack other nations to obtain foreign currency, it was found that the nation’s Internet environment remains vulnerable and virtually defenseless against exterior threats, as its public organizations use free web-based e-mail services.
DPRK Embassies uses free web-based e-mail services
Trend Micro (Tokyo) conducted the investigation between last August and December by observing North Korean internet activity including information transmitted and received.
The security software company found that some of the junk mail that was sent from Pyongyang was sent from computers infected with foreign Trojan horse viruses that remotely take control of infected terminals to execute the instructions of malicious controllers.
There were more than 30 types of unsolicited mail sent during the investigation. There were some computers that had been left infected for over a year.
In addition, it was discovered that some North Korean Embassies abroad use web-based e-mail services such as Gmail and Hotmail, which are free and convenient but are vulnerable when IDs and passwords are compromised. “Free e-mail services are too risky to use for sensitive correspondence. We can’t conceive of using them,” says one MOFA source in charge of communication services.
Recently, there has been a surge in cyberattacks that are alleged to be tied to threat actors based in North Korea. In 2014, a Sony-affiliated film studio that developed a comedy about a plot to assassinate North Korean leader Kim Jong-un had confidential data leaked. In February 2016, the attack against the central bank in Bangladesh resulted in 81 million dollars (around 8.9 billion yen) in damages, the highest of its kind.
However, North Korea has not done as good a job managing its own cybersecurity, leading experts to speculate that it has focused its limited monetary and human resources solely on offence. “Technically, it is not impossible to remotely collect information on North Korea via the Internet,” explains one specialist.