Information warfare on the Korean peninsula
13 Mar 2013|
DPRK propaganda poster

Over the last decade, security dilemmas on the Korean peninsula have become progressively more ‘hybrid’ and multi-faceted. Traditional conventional threats, scenarios and contingencies linked to high intensity conventional wars, have been converging with a range of asymmetric and non-linear security challenges, including nuclear threats, ballistic missiles, and increasingly information and cyber warfare. According to General James Thurman, commander of US forces in South Korea, North Korea has acquired ‘significant’ IW-related military capabilities. This is an attempt to explore the idea of asymmetric negation, probing any vulnerabilities of the US–ROK alliance. Now, that means more than just nuclear weapons. In addition to its nuclear and ballistic missile programs, these also include hacking, encryption, and virus insertion capabilities.

In this context, information and cyber warfare is becoming a part of the ongoing conflict on the Korean Peninsula, and its threats and risks are continuously challenging traditional defence strategies and operational concepts of the US–ROK alliance.

I argue that we really are in a new regime of information warfare in Korea, where both North and South Korea are engaged at three levels of information conflict simultaneously: (1) a war for information to obtain information and intelligence about each other’s means, capabilities, and strategies; (2) a war against information aimed at protecting their information systems, while disrupting or destroying the other side’s information infrastructure; and (3) a war through information reflected in the misinformation and deception operations to shape their broader internal and external strategic narratives.

In the first category of war for information, for example, one of the most sophisticated attacks occurred in November 2009, when South Korean National Intelligence Service and the Defence Security Command reported that a suspected North Korean hacker unit operating under the North Korean Army General Staff’s Reconnaissance Bureau intercepted confidential defence strategy plans, including plans detailing US–ROK responses to potential North Korean provocations. The incident happened as an officer with the ROK–US Combined Forces Command used an unsecured USB memory stick plugged into his PC while switching from a highly secure private intranet to the public Internet. While the plan is currently under review with the ROK military planning to take over the war time operational control from the United States Forces Korea in 2015, its compromise raises questions to what extent North Korea could access and potentially disrupt selected US–ROK operational plans in times of war or crisis.

In the same year, North Korean hackers reportedly stole information from the South Korean Chemical Accidents Response Information System (CARIS) after infiltrating the ROK Third Army headquarters’ computer network and using a password to access CARIS’s Center for Chemical Safety Management. North Korea’s overseas-intelligence gathering unit under the State Security Agency (SSA) is also believed to increasingly rely on information warfare techniques for cyber-espionage to access information, steal sensitive data, and monitor foreign communications.

In the category of war against information, North Korea has attempted to disrupt South Korea’s highly developed digital information infrastructure using cyber attacks to shut down major websites, disrupt online services of major banks, and probe South Korea’s readiness to mitigate cyber-attacks. Most cited cases in this tier include the 2009 distributed denial-of-service (DDoS) attacks against four dozen targets in South Korea and the United States, and the ‘Ten Days of Rain’; the 2011 DDoS attacks on South Korean government websites and the network of the US Forces Korea (USFK).

Interestingly, they seem to have been ‘testing the fence.’ According to analysis by McAfee Labs (PDF), the combination of clearly defined targets, highly destructive malware code, multiple encryption algorithms, and multi-tiered botnet architecture preconfigured for specific duration, has led to a conclusion that the attack was set up by North Korea to test and observe how rapidly the attack would be discovered, reverse engineered, and mitigated. At the end of the ‘Ten Days of Rain’ DDoS attacks, the botnets were configured to self-destruct.

Finally, in the category of war through information, North Korea has relied on information warfare to alter the perceptions of its strategic plans. For example, prior to the rocket launch in December 2012, the DPRK announced several days before the launch that there were technical problems, and were observed byUS satellites taking apart the three-stage rocket, and removing the parts from the launch pad. North Korea, however, launched the rocket without any delay, catching US–ROK military and intelligence agencies off-guard. Subsequent reports indicate that North Korea manipulated the launch so that US intelligence satellites would not be overhead.

At the same time, however, US–ROK forces have also engaged in a war through information—particularly focusing on psychological operations. Following the sinking of the Cheonan warship and subsequent shelling of Yeonpyeong Island in 2010, the South Korean military established a new psyops unit to diffuse news and information into North Korea—whether through radio transmissions, balloon leaflets, DVDs, and possibly USB memory sticks. Since then, it has sent thousands of leaflets and transmitted broadcast into North Korea using mobile broadcast vehicles and six relay stations. While its effects on North Korean society are difficult to ascertain, North Korea has previously threatened to fire across the heavily fortified border to stop such campaigns.

With changing strategic realities on the Korean Peninsula, information warfare has important ramifications for the US–ROK defence strategy. While we don’t really know how disruptive a well-orchestrated North Korean IW campaign could be against the US–ROK alliance forces, we saw in 2007 and 2008 how effective Russian efforts were against targets in Estonia and Georgia. In the intervening five years the world, and with it alliance forces and South Korean society more generally, have become even more dependent on networks and the data they carry. Conversely, the capability of the US and its allies are likely to be steadily increasing. You can bet that the topic of IW is being actively thought about on both sides of the 38th parallel.

Michael Raska is a research fellow at the Institute of Defence and Strategic Studies, a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University. Image courtesy of Flickr user Joseph A Ferris III.