my timesThe Korea Times
  1. South Korea
  2. Politics

Pyongyang's two-track IT approach is slap in Seoul's face

Listen
By Kang Hyun-kyung
  • Published KST
  • Updated KST

gettyimagesbank

North Korea launched cyberattacks against South Korea even during inter-Korean IT cooperation period in 2000s

By Kang Hyun-kyung

The geopolitical landscape of the Korean Peninsula in the early 2000s was quite different from what it is today.

Contrary to the tense security standoff at present, in which the two Koreas are on a collision course, there was an atmosphere of peace following the historic first inter-Korean summit in Pyongyang, North Korea on June 15, 2000.

Then-South Korean President Kim Dae-jung sought to introduce a set of measures that could help impoverished North Korea, reeling from mass starvation that killed hundreds of thousands of residents during the Arduous March in the mid-1990s, rise on its own feet.

It was against this backdrop that the agreement aiming to facilitate inter-Korean partnership in information technology was signed during the summit between Kim and his North Korean counterpart, Kim Jong-il, the father of current North Korean leader Kim Jong-un.

The idea behind the agreement was that the two sides would be better off if they teamed up in information technology. Under the technology partnership, the vision was that South Korea could take advantage of North Korea's relatively cheaper but capable labor force, whereas the North would be able to build a solid industrial infrastructure to help its economy take a leap forward through technical assistance from the South.

A flurry of cooperation took place, mostly in the field of software.

Several tech giants, including Samsung Electronics, were chosen as private sector partners of the Ministry of Unification and the Ministry of Information and Communication Technology to make this happen.

Samsung Electronics teamed up with the Korea Computer Center of North Korea to develop software, including word and office programs, while several small- and medium-sized tech startups trained North Korea's IT professionals. In 2010, the Pyongyang University of Science & Technology was opened.

South Korea's technical assistance to the North had continued until 2011 when it abruptly ended after a series of North Korean provocations, including two nuclear tests and missile launches. North Korea's deadly torpedo attack against the South Korean Navy corvette, Cheonan, which killed 46 sailors in the West Sea, was a decisive event that halted the decade-long IT partnership.

Recently, the short-lived inter-Korean technology cooperation was brought into question as North Korea's asymmetric cyber operations have emerged as a serious threat to the South.

Some critics say the liberal Kim Dae-jung government's pursuit of inter-Korean IT partnerships in the 2000s was a reckless idea, if not suicidal, claiming North Korea exploited it and launched cyberattacks against the South in return.

Their criticism is not groundless.

A 2015 report by the Washington, D.C.-based think tank, Center for Strategic and International Studies (CSIS), titled “North Korea's Cyber Operations,” addressed the risks that lurk in inter-Korean IT cooperation.

“Unwanted technology transfers may have occurred,” it reads, while referring to visits to Pyongyang by South Korean academics during the period to train and educate North Korean IT professionals.

“This is not to say that all collaboration is harmful, but a process should be in place that weighs the potential benefits of such collaboration with its risks,” the report reads.

The CSIS report also raises the possibility that North Korean hackers using affiliations with the North's labs as a cover as being another potential risk of the technology cooperation.

North Korea watchers here, however, are cautious about confirming the damaging impact on the South of the inter-Korean technology collaboration.

Cheong Seong-chang, the director of the Center for North Korean Studies at Sejong Institute, said that he disagrees with those who are critical of the technology partnership.

“You can say the inter-Korean IT partnership back in the 2000s played a part, one way or another, to help North Korea upgrade its cyber capabilities. That's fair criticism,” he told The Korea Times.

“Honestly speaking, however, I doubt how much North Korean hackers would have benefitted from it though. Even though some unwanted technology transfer had happened during the decade-long partnership, I think it would not be much. If there are people who claim that South Korea helped the North a lot to upgrade the latter's IT capabilities, I think the chances are that they either underestimated North Korea's cyber capabilities or overestimated the role South Korea had played.”

Kang Young-sil, a North Korean defector who worked as an IT expert before defecting to South Korea two decades ago, said hacking and the two Koreas' cooperation in the IT sector are two very different things.

“Back in the early 2000s, there were few computers available for North Korean IT professionals. I understand that the cooperation was focused on computer education for North Korean computer workers, and hacking or North Korea's cyber capabilities is a very different issue,” she said.

Graphic by Cho Sang-won

It is difficult to verify whether North Korea had any malicious intention to take advantage of the inter-Korean technology cooperation as an opportunity to improve its cyber capabilities in order to use it for its peacetime attacks against South Korea or other countries.

However, it is apparent that North Korea had adopted a “two-track approach” to information technology. The North was serious about upgrading its IT infrastructure through the joint projects with South Korea, but at the same time, it secretly launched cyberattacks against South Korea even during that period.

A group of South Korean malware experts, IssueMakersLab, unveiled unique data last year showing the pattern of North Korea's cyberattacks against South Korea and other countries between 2004 and 2021.

According to the data, North Korea's hacking attacks increased 300 times during that period. North Korea launched cyberattacks five times in 2004 and the number surged to 382 in 2011 when the inter-Korean IT cooperation ended following the sinking of the Cheonan.

North Korea's cyber operations peaked at 1,548 in 2020.

In a media interview, Choi Sang-myong, also known as Simon Choi, the founder of IssueMakersLab, said North Korea's cyberattacks targeted almost all countries with South Korea being attacked the most.

Between 2004 and 2008, he said North Korean hackers emphasized stealing military and defense-related intelligence from the South and their targets have expanded to include the South Korean government, banks and businesses since.

It was a slap in the face when North Korea secretly launched cyberattacks against South Korea, as well as other countries, even when the two Koreas teamed up to create an industrial base for the North.

Bruce Bennett, a professor at Pardee RAND Graduate School in California, said policymakers need to have foresight and think of the implications of policies before they are introduced to reduce possible risks.

“But it is my impression that such caution does not happen very often,” he said. “With ROK governments, including the Kim Dae-jung administration, there has often been the hope that the North would be a reliable partner in building a peacefully unified Korea. Instead, most often, the North has had a different agenda: seeking advantage from the ROK that would help it achieve its objective of unification under North Korean control.”

Since 2010, North Korea has used its cyber capabilities to evade international sanctions and earn hard cash to guarantee the repressive regime's survival. It also launched cyberattacks against South Korea to disrupt its society.

The North attempted to hack the National Election Commission multiple times through spear-phishing emails over the past two years, while South Korea is set to hold a general election in April next year.

Other entities in the South have been targeted as well, including companies, banks, media outlets and even the general public.

First Assistant U.S. Attorney Tracy Wilkison announces charges against a North Korean national in a range of cyberattacks on September 6, 2018 in Los Angeles, California. The complaint includes the cyberattack against Sony Pictures in 2014, the WannaCry 2.0 ransomware attack and the 2016 cybertheft from the central bank of Bangladesh. AFP-Yonhap