The state spy agency’s disclosure Tuesday that North Korea has launched cyberattacks against South Korea should not come as a surprise. The rogue state was widely expected to do so after the U.N. Security Council slapped the strongest ever sanctions on it earlier this month for its recent nuclear and missile provocations.
Yet the latest cyberattacks are notable as they show the North’s cyberterrorism techniques have evolved. The National Intelligence Service said in a meeting of officials from 14 ministries that this time the North targeted the smartphones of dozens of South Korean Foreign Ministry and national security officials.
The intelligence agency said North Korean hackers sent text messages containing links to malware to these officials between late February and early March. About 20 percent of the officials had their smartphones infected with malware by following the links, giving the hackers access to their phone conversations and text messages.
The NIS said the hackers also stole the phone numbers of other senior Foreign Ministry and national security officials stored in the infected smartphones. It warned of a second round of cyberattacks against these officials.
It is not difficult to understand why the North targeted Seoul’s Foreign Ministry and national security officials. It probably wanted to spy on the Seoul government’s response to its fourth nuclear test and a subsequent long-range missile launch.
The NIS also said it has detected signs strongly suggesting that the North has been preparing large-scale cyberattacks against the South.
It said it confirmed last month, together with the Korea Internet and Security Agency, that North Korean hackers had seized control of the computer network of a South Korean software company whose security software is used by more than 20 million South Koreans for Internet banking and card transactions.
The NIS viewed the hacking incident as part of preparations for large-scale cyberterrorism similar to the attack in March 2013 that disrupted the computer networks of the South’s major financial institutions and media outlets. A failure to detect the hacking attempt could have plunged the financial system into chaos, it said.
The spy agency also said the North attempted in January and February to steal the email accounts and passwords of employees of two regional rail operating companies. It saw the incident as preparations for a cyberattack on South Korea’s railroad traffic control system.
The security threats that North Korea poses in cyberspace should not be taken lightly. Cyberattacks are difficult to detect and block. The North can simply deny its involvement after carrying out a major attack, as it is difficult to unambiguously identify the source. The rogue regime would be strongly tempted to deploy malware to attack critical infrastructure in the South, including financial networks, air and rail traffic systems and power grids.
The South needs to bolster its readiness to cope with the North’s cyberthreats. For this, the bill on fighting cyberterrorism should be enacted without further delay. The rival political parties need to resume talks to narrow their differences on the bill.