27 October 2015

Spy v. Spy: South Korea Wants to Recruit Hackers to Go After North Korean Hackers

Anna Fifield
October 26, 2015

Seoul seeks hacker troops to fend off North Korean cyberattacks

SEOUL — A new army of South Korean soldiers was intently focused on fending off the enemy attack. Where were they coming from? What tactics were they using? And how best to neutralize them?

The attackers were probably North Korean — that’s a given on this divided peninsula, which remains stuck in a state of war — but those manning the defenses weren’t armed conscripts along the demilitarized zone. They were some of South Korea’s savviest computer whizzes, and they were dealing with that most 21st-century of invasions: the cyberattack.

“I do think about how I’m going to defend us against an attack from North Korea,” said Lee Kyung-won, a 16-year-old high school student from Suwon who was part of a team fighting a hypothetical cyberwar during a “white hat” hacking competition last week.

Having endured numerous cyberattacks — apparently stemming from North Korea — in recent years, South Korea is bolstering its technological defenses.

The National Intelligence Service and the Defense Ministry have this month been hosting a competition to find computer geniuses to use their skills for good — hence the “white hats” — by intercepting attacks from nefarious “black hat” hackers.

Teams compete in “South Korea White Hat Contest” in Seoul on Oct. 21. (Shin Woong-jae/For The Washington Post)

After several preliminary rounds, 16 teams made it to Wednesday’s finals. The winners, to be announced Monday, will share $60,000 in prize money. They will get preferential treatment when they apply for intelligence or police jobs, and those who are younger could work in the cyber-command center during their compulsory military service.

While the international community worries about North Korea and its unchecked nuclear weapons program, Kim Jong Un’s regime has proved to be much more adept at, and much more willing to use, cyberwarfare. His regime was blamed for the devastating attack on Sony Pictures Entertainment at the end of last year, which exposed corporate e-mails and wiped out computer data.

The Kim regime is also accused of being behind umpteen attacks on its adversary to the south, including paralyzing computer networks at South Korean banks and television stations and hacking into the firm that operates the South’s nuclear power plants. This month, North Korea was blamed for attempting to break into networks at the presidential Blue House and at lawmakers’ offices.

South Korea, with the fastest Internet and highest broadband penetration in the world, has long been famed for its technological prowess. But North Korea, a closed country where only a handful of elites have access to the Internet, possesses surprising computer skills, thanks to a dedicatedcyberarmy.

Hence Seoul’s need to train “good hackers” capable of defending the South’s front lines in cyberspace.

“It’s just like taekwondo,” said Kim Nam-soo of the Defense Ministry, referring to the Korean martial art. “If you study for many years and you have the skills, you can become a gangster. But if you are trained in a different way, you can use your skills for good purposes. It’s the same with these people. If we raise them as white-hat hackers, they can help the government.”

A contestant in the “South Korea White Hat Contest” reads code on his computer during the competition in Seoul on Oct. 21. (Shin Woong-jae/For The Washington Post)

The finals took place in a hotel ballroom, where organizers sat on an elevated platform in the middle of the room watching the ­cyberwar play out. They had infected the competitors’ computers with malware before the day’s events began, then used it to try to attack their networks, first simulating corporate cyberespionage and then an attack on government computers.

The attacks all resembled ones that South Korea has suffered in recent years. From the control station, the organizers watched remotely as the teams tried to defend their networks, awarding and deducting points depending on their skill.

“Their job is to find out what the malware does and then try to stop it,” Kim said.

The white-hat hackers had managed to turn the ballroom, with its chandeliers and loud carpet, into the stereotypical computer geek’s den.

Electronic music pumped out of the sound system, and the tables were littered with empty energy drink cans, half-finished cups of coffee and candy wrappers. Computer screens showed rows of scrolling text. The men — and they were all male, the few female competitors having been knocked out in the early rounds — typed away furiously.

On one side of the room were eight teams of high schoolers, while eight teams of adults, ranging from college freshmen and police academy recruits to 40-something computer experts, battled it out on the other side.

“It’s not as easy as I thought it was going to be,” said Park Ji-hoon, a college senior majoring in computer science, who was on a team with three other men from his cybersecurity club at Catholic University of Korea.

“We’re supposed to be acting like a computer emergency response team at a company, but we’re just students, so we haven’t done anything like this before,” he said. “But it’s a great chance to experience what it’s like in the real world.”

On the other side of the room, a team called Nyan_cat, for the Korean sound for “meow,” was doing better. With 800 points, they were leading the junior table.

“Everything is so new and so exciting,” said Kim Yong-jin, a 17-year-old high school student from the country’s south who had teamed up with three others he had met online. “But I’m also feeling nervous. I’m worried that the other teams will catch up with us.”

Kim is part of a generation of South Koreans who have spent a large chunk of their lives in front of a computer screen. He became interested in information technology while in elementary school and started programming in sixth grade, although he has reached a new level of seriousness in the past year. During the week, he spends eight hours a day on his computer, and on the weekend, apart from five or so hours of sleep each night, he’s on it all the time.

Asked if he’d ever used his skills for less noble purposes, Kim hesitated. “I’d be lying if I said I’d never done it [hacking], but I’ve only played practical jokes on my friends, like turning off their computers remotely.”

Lee and his teammates on the Bulletproof Boys team, named after a popular band, were not doing so well. “I know what the problem is, but we are finding it hard to respond to it,” Lee said. His team had 450 points, putting them second to last.

Like Kim, he said he spends every waking hour at his computer. But for school time and four hours’ sleep each night, he is on hacking simulation sites, honing his skills.

“I want to continue studying in the cybersecurity field,” he said. “And I want to be good enough to teach others.”

That’s what the South Korean government is hoping, too.

No comments: