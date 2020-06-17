North Korean leader Kim Jong Un at a military parade for the 70th anniversary of founding of the Korean People's Army in Pyongyang, in this photo released by North Korea's Korean Central News Agency, February 9 2018.

North Korea has a cyber army of about 7,000, trained to find secrets, disrupt critical infrastructure, and steal money to circumvent sanctions.

These cyberattacks are often difficult to pin on North Korea because they originate in countries like China and Russia, and a counterattack is almost impossible because of North Korea's rudimentary internet.

North Korea's likely next targets are critical US infrastructure like power plants, dams, and electrical grids.

North Korea's state-sponsored hack of Sony Pictures in 2014 over the movie "The Interview" was highly embarrassing for Sony. But it was just the tip of the iceberg, according to Daniel Russel, vice president for international security and diplomacy at the Asia Society Policy Institute.

Russel, a former assistant secretary of state for East Asian and Pacific Affairs, spoke with Insider recently about the threat of North Korea's hacker army, how it supports North Korea's nuclear program, and what the future holds if the US doesn't take this threat seriously.

Insider: When did this cyber army start?

Daniel Russel: The North Korean cyber operation documented by a lot of cybersecurity firms lists this principal group as starting circa 2010. But that gives the impression that we know a lot more about North Korea's cyber activity than I think we really do.

North Korea has been cultivating and has been investing in an elite cyber force under the control of its military, the Korean People's Army and the Reconnaissance General Bureau — Kim Jong Un's clandestine security apparatus. It's estimated to comprise about 7,000 people who are trained pretty extensively, both in specialized domestic programs in North Korea, including in parts of their universities.

In other cases, they then seem to receive training in China or in Russia. Quite a few of them are dispersed through China, Russia, and some in India. They use other countries as a platform and for conducting their various cyber activities because North Korea has pretty much air-gapped its own internal internet or intranet system, both to prevent North Koreans accessing information from the rest of the world, but more importantly to prevent the rest of the world from getting in.

That makes it very hard to get a definitive attribution that the attack originated in North Korea and raises the risk that China or Russia will get the blame. It also makes it harder for services in countries like the US to retaliate because you're running the risk of retaliating against China or Russia for something that's actually masterminded and executed by the North Koreans.

Insider: How do we figure out that these attacks are actually performed by North Korean actors?

US Homeland Security officials at a briefing where they blamed North Korea for unleashing the so-called WannaCry cyberattack, at the White House, December 19, 2017. More

Russel: You're digging into technical areas for which I'm spectacularly unqualified because I'm not a digital or a cyber expert. But the people who are real experts, Mandiant, FireEye, or CrowdStrike, or for that matter the CIA or the NIS, South Korea's intelligence service, have a very sophisticated ability to conduct forensic detective work in the cyber realm. In many cases, they can identify patterns, code, servers and the like to trace things back to North Korea.

These companies issue an annual worldwide cyber-threat report. They track all of these various major hacking operations and rank them. They call them advanced persistent threats, APT. North Korea is the host of something they call APT38 — or the Lazarus Group, Guardians of Peace, or Hidden Cobra. These are sort of code names. APT38 is number one on their list of worldwide cyber threats.

In some cases North Korea directly claimed credit for a cyberattack. Beyond that, Kim Jong Un and the Korean Workers' Party have been speaking increasingly in a very open and direct way about its cyber capability.