Imagine if you will, life in the post-apocalyptic world where the army of North Korean hackers have laid waste to humanity. The survivors live in the smoking craters that were once great cities and the last remnants of humanity fight for scarce resources against the race of mutated rats that have risen up after vats of Twinkie filling were released into the sewage system as part of a cyber attack…sweet merciful $deity I can’t even keep this up.
Today the BBC ran a piece about a North Korean defector that came to the west with tales of an elite hacker army of 6000 highly trained tool punks in the isolated country called Bureau 121. While I don’t doubt that they have some sort of group that engages in this sort of activity I can’t help but guffaw at the following,
"The size of the cyber-attack agency has increased significantly, and now has approximately 6,000 people," he said.
He estimated that between 10% to 20% of the regime's military budget is being spent on online operations.
"The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber war capacity," he added.
"Their cyber-attacks could have similar impacts as military attacks, killing people and destroying cities."
“Killing people and destroying cities”, got it. No sense of hyperbole there. Nope, not a shred. While I’m chuckling I realize that this is a person who has spent their life in an Orwellian state where the media is complete controlled. So, take it with the requisite amount of salt that it is due.
What Professor Kim does mention is a Stuxnet style attack. Strip away the hyperbole and rhetoric and what you have left is a plausible problem. Having spent just under a decade in power systems it comes as no surprise that these systems are susceptible to attack.
This serves as an excellent reminder that defenders need to be ever vigilant in their defence of control systems…well, and basically any network for that matter. The reason that glorified tool punks can finance their beanie boo collections is that there is a real short fall on patching and perimeter defence by organizations that need to do a better job of shoring up their protection.
Organizations need to do a better job of not acting like a guard on a tower saying “go away or I will taunt you again” and spend more time making it such that an attack against infrastructure won’t be successful. Don't fall victim to the next, next, next attack and find yourself standing in the smouldering ruins of what was once a great society.