December 12, 2014 | Forbes
North Korea and Iran: Partners in Cyber Warfare?
North Korea has denied any involvement in the massive hacking attack last month on Sony Pictures Entertainment, and absent evidence clearly pinning the deed on Pyongyang, it may be fair to keep an open mind. With investigators still digging into the case, it’s too soon to rule out a role in the attack by some of North Korea’s closest friends — for instance, Iran.
When Sony’s computers were breached on Nov. 24, North Korea became an immediate suspect due to its bellicose protests and threats issued earlier this year over a Sony film, “The Interview,” scheduled for release this Christmas. The movie is a burlesque, mocking North Korean tyrant Kim Jong Un with a plot in which two buffoonish TV journalists land an exclusive interview with Kim, and are asked by the CIA to assassinate him (“Take him out,” says the CIA agent; “For coffee?” they ask).
In June, North Korea’s Foreign Ministry released a statement that distribution of this movie would be “the most undisguised terrorism and an act of war,” and “will invite a strong and merciless countermeasure.” North Korea’s ambassador to the United Nations, Ja Song Nam, wrote a letter to Secretary-General Ban Ki-moon, repeating the charges, and demanding that the U.S. government ban the movie.
Following the attack on Sony, North Korean authorities released a statement, on Dec. 7, in which they denied that North Korea had done the hacking — but they went on at some length to gloat over it. Carried by North Korea’s official Korean Central News Agency, which refers to North Korea as the DPRK (Democratic People’s Republic of Korea), the statement included the speculation that “The hacking into the SONY pictures might be a righteous deed of the supporters and sympathizers with the DPRK in response to its appeal.” The statement included a warning of the “anti-U.S. sacred war to be staged all over the world.”
The mention of a sacred war could be simply a reference to North Korea’s own ventures under the totalitarian rule of its supreme leader Kim. But the reference to North Korea’s supporters and sympathizers easily brings to mind Iran’s Islamic Republic, which since its inception in 1979 has been waging its own version of holy war against the U.S. This is an endeavor in which Islamic Tehran for more than three decades has made common cause with the infidels of Pyongyang, including a brisk trade in conventional arms, increasingly sophisticated missiles and related technology.
As it happens, a number of recent reports on cyber security have noted the likelihood that North Korea and Iran may be working together on cyber warfare. Among them is a 75-page briefing by Hewlett-Packard HPQ -0.01%’s security research unit, released this past August under the title “Profiling an enigma: The mystery of North Korea’s cyber threat landscape.” This report goes into considerable detail on the signs of North Korea’s burgeoning cyber warfare capabilities, something that U.S. senior military and intelligence officials have also warned of in testimony to Congress. The report notes that cyber warfare capabilities — which Kim Jong Un has called a “magic weapon” — can provide North Korea with a cost-effective strategic advantage. North Korea’s “hermit infrastructure” entails a domestic intranet that is cut off from the worldwide web. That makes it hard for hackers to attack North Korea, while select North Koreans access global connections, either from North Korea, or elsewhere (such as China) to launch attacks.
The HP report includes a section on North Korea’s ties to some of the countries with which it does illicit business in weapons, noting, “Now that cyberspace has become a legitimate arena for warfare, these nations are potential allies in the cyber realm.” There are five countries listed: Russia, China, Syria, Cuba, and, of course, Iran — with which North Korea signed a scientific and technology cooperation agreement in 2012. This agreement, similar to one signed in 2002 between North Korea and Syria, roused concerns in Washington that North Korea and Iran might be collaborating on a joint nuclear weapons program. But it was much broader than that. As the HP report notes, it covered “cooperation in research, student exchanges, and joint laboratories” as well as joint projects, reportedly for everything from engineering to biotechnology and information technology.
This North Korea-Iran 2012 agreement also gets a mention in a report focused on Iran’s extensive cyber warfare ventures, released Dec. 2 by a California-based cyber security firm called Cylance. Under the title “Operation Cleaver” (the name given by Cylance to the Iranian hacker group it has been tracking), Cylance explains that prior to the Stuxnet malware attack on Iran’s nuclear facilities in 2009-2010, Iranian hacking had focused mainly on defacing websites. After Stuxnet came “the rapid evolution of Iran’s hacking skills” including destructive attacks since 2012 targeting “the networks of government agencies and major critical infrastructure companies” in at least 16 countries, including Israel, Canada, France, Germany, England, the U.S. and South Korea.
The Cylance report notes that “Operation Cleaver’s intense focus on critical infrastructure companies, especially in South Korea, hints at information sharing or joint operations with Iran’s partner, North Korea.” The report adds, in support of that speculation, that “In September, 2012, Iran signed an extensive agreement with North Korea, which allows for collaboration on a variety of efforts, including [information techology] and security.”
Such summaries of the Sept. 2012 North Korea-Iran technology agreement, while right on target, do not quite convey the enthusiasm with which Iran hosted, and North Korea described, the signing of that deal. It took place during the first year of Kim Jong Un’s reign, following the death in late 2011 of his father, Kim Jong Il. For the young tyrant Kim, it was almost certainly an important diplomatic achievement, and quite possibly one of the defining maneuvers of North Korean foreign policy on his watch.
To see why, it helps to quickly revisit the year 2012, Kim Jong Un’s first year in power, which began with overtures from an Obama administration that hoped the new ruler of North Korea might prove more tractable than his father. On February 29, 2012, the U.S. and North Korea announced an agreement, the “leap-day deal,” in which America was to provide food aid in exchange for North Korean concessions including a freeze on its missile and nuclear programs.
North Korea trashed that deal within weeks, by attempting a long-range missile test in April, which it advertised as a satellite launch. That same month, according to Japan’s Kyodo News Agency, North Korea reached an agreement with a visiting Iranian delegation to deepen collaboration on “strategic projects.”
In late August of 2012, Iran hosted a summit in Tehran of the Non-Aligned Movement, at which Iran took over the three-year chairmanship of the NAM. North Korea’s supreme leader Kim Jong Un did not go, but North Korea did send a delegation led by its titular head of state, Kim Yong Nam. There were many dignitaries present, including some two dozen heads of state plus the Secretary-General of the UN. The summit ended on Friday, August 31. North Korea’s delegation lingered after the party, for a good will visit.
Iran gave them quite a reception. On Saturday, Sept. 1, Iran’s Supreme Leader Ali Khamenei met with Kim Yong Nam. According to Iran’s official Fars News Agency, Khamenei “stressed that there are abundant grounds for the expansion of relations and increasing cooperation between Iran and North Korea.” Fars quoted Khamenei as telling Kim, “The Islamic Republic of Iran and North Korea have common enemies since the arrogant powers cannot bear independent government.”
As North Korea’s official KCNA reported the encounter, it was close to a family reunion. Khamenei praised Kim Jong Un for carrying forward the “cause” of his father and grandfather. Khamenei also recalled having been “honored” in 1989, during a trip to North Korea, with an audience with Kim Jong Un’s grandfather, North Korea’s founding ruler Kim Il Sung.
Beyond the sitdown with Khamenei, North Korea’s envoy, Kim Yong Nam, met during that busy Saturday in Tehran with Iran’s president, first vice-president and speaker of the parliament. There was a reception at the presidential palace to welcome Kim.
And amid all this, there was the signing, as described by North Korea’s KCNA, of a memorandum of understanding between North Korea and Iran on “cooperation in science, technology and education.” Among those present for the signing on the Iranian side, along with President Ahmadinejad, were the head of the Atomic Energy Organization of Iran, the minister of Defense and Armed Forces Logistics, the Minister of Industrial Mining and Trade, the minister of Science, Research and Technology and the head of the Central Bank. They all celebrated the occasion with a banquet, hosted by Iran’s president, in honor of their North Korean guests.
Two days later, Kim Yong Nam flew home to Pyongyang. But not before receiving gifts to take back to Kim Jong Un, which KCNA in its reporting did not describe, but did say were handed to Kim Yong Nam by Iran’s then-defense minister, Ahmad Vahidi (who had been sanctioned by the U.S. two years earlier for his ties to Iran’s nuclear program).
Since then, Kim Jong Un has done much to live up to Khamenei’s hopes and praise. Kim presided over his country’s third nuclear test, in 2013; and this year North Korea has been threatening to conduct yet another. North Korea has expanded its illicit uranium enrichment facilities, restarted its plutonium-producing reactor at Yongbyon, carried on developing long-range missiles and beefed up its program for cyber warfare.
Iran, for its part, has borrowed a page from North Korea’s nuclear negotiating playbook, exploiting U.S.-led nuclear talks to buy time and the easing of sanctions without giving up its nuclear program. Meanwhile, it seems Iran’s hackers are becoming increasingly bold and destructive. On Thursday, Bloomberg Businessweek broke the story that this past February the Sands Casino in Las Vegas came under “a withering cyber attack.” It appears to have been the work of Iranian hackers, in retaliation for the chief executive and majority owner of the Sands, Sheldon Adelson, a strong supporter of Israel, saying on a panel at Yeshiva University’s Manhattan campus last year that his approach to nuclear talks with Iran would be to threaten them with nuclear weapons, unless they scrapped their own plans for nukes. Iran’s Khamenei responded by saying America “should slap these prating people in the mouth and crush their mouths.” Bloomberg reports that the hack attack on the Sands did an estimated $40 million worth of damage, and narrowly missed doing far more.
Now we have the attack on Sony, following North Korea’s threat to “mercilessly destroy anyone who dares hurt or attack the supreme leadership of the country even a bit.” If investigators can’t track the hacking of Sony back to North Korea, they would do well to take a close look at Pyongyang’s supporters and sympathizers, starting with Iran.
Ms. Rosett is journalist-in-residence with the Foundation for Defense of Democracies, and heads its Investigative Reporting Project.