30 December 2014

Profile of General Kim Yong-chol, North Korea’s Spymaster and Cyberwar Chief

Bill Gertz
December 27, 2014

Four-star spymaster behind North Korean hacking; Sony’s ‘The Interview’ available online

North Korea’s chief delegate Kim Yong-chol has been identified as the man behind the Sony hack. (AP Photo/Jung Yeon-je, 

U.S. intelligence agencies have identified the military officer orchestrating North Korea’s state-sponsored hacking attacks, such as the one on Sony Pictures Entertainment. He is Gen. Kim Yong-chol, director of the espionage and clandestine operations service known as the Reconnaissance General Bureau, or RGB.

The RGB was formed in 2009 when the Korean People’s Army, the communist state’s military, combined its Reconnaissance Bureau with the ruling Workers’ Party of Korea Central Committee Operations Department.

The combined intelligence and military special operations force is under the control of North Korean supreme leader Kim Jong-un. Both military and party organizations have a long history of deadly covert operations and nefarious foreign espionage operations, such as the 1970s operations to kidnap foreign nationals for use in intelligence training in North Korea.

U.S. and South Korean intelligence agencies have been tracking Gen. Kim since he emerged as a member of the Central Military Commission in September 2010. The four-star general also was part of the funeral committee for Kim Jong-il, who died in 2011, a key indicator of his place in the hierarchy of the secretive North Korean power structure. His promotion to full general was announced in February 2012.

Gen. Kim, who is also deputy chief of the military’s general staff, has headed the RGB since 2009, but his career has not been without bumps. He was demoted to two-star rank in November 2012 following the arrest of a number of North Korean spies in South Korea. By February of 2013, however, Gen. Kim had regained the lost two stars.

His role as head of the RGB remained secret until March 29, 2013, when Pyongyang’s state-controlled media for the first time confirmed the existence of the organization blamed for the sinking of South Korea’s Cheonan warship in 2010. Earlier RGB operations included the terrorist bombing in Yangon, Myanmar, that killed three visiting South Korean government ministers and a commando raid on the South Korean Blue House presidential residence in 1968.

A report by the Center for Strategic and International Studies made public last week said North Korea employs around 5,900 cyberwarfare specialists.

“The act against Sony is the first of its kind by North Korea, in terms of both the target and the sophistication of the hack,” wrote CSIS researchers Jenny Jun, Scott LaFoy and Ethan Sohn.

The RGB “is now credited with significant operational cyber capabilities and missions that are, effectively, another means of achieving the objectives of previous provocations,” the report said.

Several groups of hackers within the organization have been identified. They include Unit 121 and Lab 110, cover names for shadowy cyberattack operations groups.

Unit 121 has been identified by U.S. and South Korean intelligence as the RGB’s main offensive cyberwarfare group. It is reported that cyberwarfare experts from the group operated out of the Chilbosan Hotel in Shenyang, China. The Sony hack was carried out from a hotel in Thailand, according to an intelligence source. Unit 121 also was blamed for the so-called DarkSeoul cyberattacks last year that were traced to North Korean hackers.

Those attacks against South Korean banks, television broadcasters and news outlets were very similar, in terms of malicious software used and other attack methodology, to the Sony hack. Against the movie network, the North Koreans used a layered cyberattack involving careful pre-attack reconnaissance, data theft for the attack and then data destruction on hard drives and other storage media through the use of “wiper” malware.

South Korea’s government, which cooperated with the FBI in investigating the Sony cyberattack, has linked the 2013 cyberattacks to Internet Protocol addresses belonging to the Pyongyang government’s Korea Post and Telecommunications Corporation, which is part of the Ministry of Post and Telecommunications.

A report produced in August by HP Security Research stated that “North Korean hackers have successfully penetrated U.S. defense networks more frequently than any other country that has targeted U.S. defense assets.”

The HP security report identified RGB Unit 204 as involved in cyberoperations. If true, that unit would also be a likely perpetrator of the Sony hack that successfully dissuaded the $8 billion entertainment giant to cancel its widespread Dec. 25 rollout of the movie “The Interview,” a comedy involving a fictitious plot to assassinate Kim Jong-un. Sony agreed to limited distribution after a backlash against the cancellation.

No comments: