On February 9, the day of the Pyeongchang Olympics opening ceremony, the official website of the Pyeongchang Olympics went offline. A spokesperson for the International Olympic Committee later confirmed that the problem was caused by a cyberattack on the organizing committee for this year’s Olympics, but did not provide information as to the suspected culprit.
This follows an attempted phishing campaign against Olympic organizations in January, where hackers hoped to gain access to equipment through employees unwittingly downloading malware in email attachments.
As new revelations surface regarding these hacking and phishing attempts, there is growing concern over the level of preparedness for such “unseen” attacks.
Daily NK recently spoke with Senior Security Researcher Choi Sang Myung (pictured left) from Hauri Inc.’s Security Research Intelligence Team for an expert opinion on the latest attack. Choi said that “while many suspect the attack on the Olympic organizations to be the work of Russian hackers or some third-party group, we cannot exclude the possibility of North Korea’s involvement.”
“It is possible that Russian hackers attacked the Olympic organizations in retaliation for the official ban on Russian athletes competing in Pyeongchang. But since the (email) content itself was in Korean, the person sending the emails was definitely skilled in the Korean language,” Choi said.
Choi also expressed his belief that North Korea may have gone through with the attack in order to disrupt the Olympics while they hold the world’s attention, using their “charm offensive” and participation in the Games as cover.
There are prior examples to support this idea of the North’s dual strategy of instigating conflict during or after a “peace offensive.” North Korean agents blew up Korean Airlines (KAL) flight 858 in 1987, killing all people aboard, while they were in the middle of negotiations with South Korea over jointly hosting the 1988 Seoul Olympics. In 1999, the First Battle of Yeonpyeong occurred just after high-level inter-Korean talks, and the Second Battle of Yeonpyeong occurred at the same time that Seoul was hosting the World Cup in June of 2002.
Cyberattacks can be considered a favorable choice for North Korea considering the relatively low chance of being caught and the potential for sowing confusion and chaos among the target audience.
“There have in the past been many attempted cyberattacks in relation to the Olympics, but they were discovered before any damage was done,” Choi said. “While the Olympic Committee in Korea has been especially careful to prevent against cyberattacks in order to carry out this international event, they must remain vigilant until the end.”
When asked what kind of cyber attack he was most concerned about North Korea carrying out at the Olympics, Choi answered that the North could hack into the servers of the Olympics and erase or fabricate competition timing records or information, all in an effort to disrupt the Games.
North Korea appears to have been nurturing their cyber warfare program in recent years, resulting in a more organized system today. A DDoS attack in 2009 that paralyzed Nonghyup Bank’s systems in 2011 was an example of the North showing off their capabilities, but an attack on the Korea Hydro & Nuclear Power Co. in 2014 was intended to strike fear in South Korean society. More recently, however, attacks on virtual currency markets appear to signal a growing interest in using cyber attacks to steal money.
A government source revealed in December last year that North Korea had likely acquired tens of billions of Korean Won after an attack on a virtual currency exchange in the country. As the international community continues to intensify economic sanctions against the North, nurturing their online hacking abilities offers new avenues to funding sources for the North Korean regime.
“Going forward, North Korea may initiate attacks that cause severe societal chaos or even lead to the loss of life,” Choi said.
Potential areas of concern for future North Korean cyber attacks include train and airport infrastructure systems where, for example, trains may become remotely operated or their speeds disrupted, resulting in derailment and significant loss of life.
“There is already evidence of North Korean attacks on train and airport infrastructure systems in other countries,” Choi said. “The government, political organizations, businesses, and even individuals need to be aware of the dangers and there needs to be a comprehensive counter-strategy in place.”
