by Bill Gertz
• • •
In China, Beijing’s leaders have blocked U.S. social media outlets through censorship technology and in other cases used their political leverage to influence American social media. Twitter came under fire for naming as its managing director in that country Kathy Chen, who according to her LinkedIn profile once worked as general manager for a joint venture software company whose partner was the Ministry of State Security—China’s civilian intelligence service. The company produced filtering software designed to block content from the anticommunist international movement Falun Gong. She also worked for a research institute affiliated with the People’s Liberation Army, as the Chinese military is known. The intelligence and military credentials are indications that China’s government will control Twitter in China. Chen announced in tweets issued after her appointment that she looked forward to working with Xinhua, the state news agency. The clearest sign of the problem was disclosed in an April 2016 report in the Communist Party–controlled Global Times newspaper that defended Chen. “Strong opposition against appointing Chen is an affair between the company and some of its users,” the newspaper stated. “It brings no damage to the Chinese mainland and is not something we need to worry about. The incident gives us a glimpse into how extreme and ridiculous the overseas anti-China circle can be.” A recommendation from one of the Communist Party’s most xenophobic and anti-American propaganda organs should be a disqualification for the Twitter executive.
Twitter is banned in China, but the appointment of a government-linked director signaled that the social media site was preparing to pander to what has been called the Great Firewall of China—the Chinese government program to block uncontrolled content from reaching China’s 600 million Internet users. Global Times said Twitter will not become another Weibo, the hugely popular microblogging service in China that is tightly controlled by the government. But the state-run outlet warned that if Twitter entered the Chinese market, “certain adjustments according to Chinese law would be necessary.”
The appointment prompted Australian-based Chinese human rights activist Badiucao to post one of his biting social commentary artworks showing the Twitter bluebird logo being impaled by a yellow star like the one contained in the flag of the People’s Republic of China. “Twitter is already dead,” Badiucao proclaimed on the artwork. Outside the United States, China is one of two countries that have adopted near-paranoid obsessions with the revolutionary appeal of social media for protesters seeking to oust authoritarian regimes and replace them with more democratic systems. Like Twitter, Facebook is working diligently to convince China to allow the social media platform to operate freely in that communist country, something Beijing’s propaganda officials as of 2016 had refused, fearing the power of a free and open platform to boost efforts—both within the Communist Party and outside the party and the country—to promote genuine democratic political reform in China.
Social media networks emerged in the United States as an outgrowth of the Internet and email. By 2016 they had become the preferred weapon in a new kind of information warfare that is still in its infancy. Understanding social media warfare is a strategic imperative if threats posed by nation-states like China and Russia and nonstate threats like Islamic terrorism are to be neutralized.
2
NORTH KOREA
Eternal Leader’s Rocket Becomes Glorious Submarine to Fool Puppet Forces
We’ve obtained all your internal data including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world.
—MESSAGE DISPLAYED ON HACKED COMPUTERS OF SONY PICTURES ENTERTAINMENT, NOVEMBER 24, 2014
The year is 2038 and Supreme Leader of North Korea Kim Jue Ae, daughter of the late Kim Jong Un, has taken power despite her young age. At twenty-five, Kim became the fourth hereditary communist dictator from the Kim family to take power—shortly after her father died mysteriously in a train crash many intelligence services suspect was the clandestine work of Chinese special forces. China’s leaders had grown weary of the unpredictability of Kim Jong Un, who too frequently brandished his nuclear arsenal, and finally got him out of the way. The new leader actually was little more than a puppet of several North Korean military officers Beijing carefully had cultivated as agents for years. Unknown to the Chinese was that a secret faction inside the Korean People’s Army maintained fanatical loyalty to the dead Kim and now planned to take revenge. On January 8, 2038, the KPA officers set in motion a dangerous plot to destroy the ruling Communist Party of China.
“Launch missiles!” the renegade North Korean commander ordered. One second later, a North Korean Sang-O-class (Shark-class) submarine hiding underwater near the U.S. island of Guam in the South Pacific fired two intermediate-range KN-21 missiles. The missile warheads traversed the 2,500-mile distance flawlessly, detonating several thousand feet above the leadership compound in central Beijing known as Zhongnanhai just as Supreme Leader Bo Guagua, son of the late neo-Maoist leader Bo Xilai, was leading a meeting of the nine-member Standing Committee of the Politburo of the Communist Party of China, the apex of power. The blasts from the 250-kiloton nuclear warheads destroyed the compound and everyone in it as well as all buildings within a ten-mile radius. The blast and subsequent firestorm killed millions more in the Chinese capital.
The North Koreans had planned the operation using cyberattacks that disabled key Chinese missile defense sensors. The missiles and warheads were outfitted with special electronic masking transmitters that made the missiles appear on a few operating Chinese radar and sensors exactly as U.S.-made Trident III submarine-launched ballistic missiles. North Korean cyberwarfare specialists also broadcast coded English-language radio communications designed to deceive the Chinese military into believing the missiles had been launched from the USS Texas, one of the United States’ newest ballistic missile submarines.
North Korean intelligence had succeeded in covertly penetrating the Chinese military command structure and using sophisticated cyberwarfare operations that convinced surviving Chinese leaders located at the underground command center known as the Western Hills complex that they had been the victim of an unprovoked American nuclear first strike.
In the nuclear war that followed, China struck several major American cities with retaliatory nuclear attacks from Ju Long-4 missiles launched from new Type 098 missile submarines. The attacks from the nuclear blasts and subsequent radiation plumes would kill some 50 million Americans.
Coinciding with the nuclear conflict, the North Korean military quickly seized the initiative in the chaos that followed the Beijing attack to launch a major land assault and seize all of northeastern China, once known as Manchuria, and which the Koreans believed historically is Korean territory. On the Korean Peninsula, North Korean special operations commandos, among the most deadly and highly trained forces in the world, quickly dispatched the South Korean political leadership after conducting devastating cyberattacks that had crippled the electric power infrastructure of its noncommunist neighbor and rival.
It would be years before the Chinese would discover they had been fooled into a global thermonuclear war by North Korean information warfare operations in the devastating conflict known as World War III.
• • •
The above scenario is fictional but could become reality as the isolated totalitarian state known as the Democratic People’s Republic of Korea poses one of the greatest threats in the modern world.
The reality of this North Korean threat can be traced to November 24, 2014. That date will be marked by historians as the beginning of World War C—for World War Cyber. On that day at around 8:30 a.m. Pacific time, cyberattackers working for the North Korean intelligence service the Reconnaissance General Bureau (RGB) fired a new type of shot heard ’round the world. But unlike previous conflicts, this war did not begin with a salvo of precision-guided cruise missiles or long-range bombing runs. The shock and awe was digital and the weapons were keystrokes tapped by RGB cyberwarri
ors operating secretly from hotels in China and Malaysia on behalf of North Korean dictator Kim Jong Un. Before it would end, Sony Pictures Entertainment, a company owned by Japan’s electronics giant Sony, suffered multiple cyberattacks on several electronic fronts. Its computer networks would be pilfered of tens of terabytes of information, including unreleased films. Hardware was destroyed by malicious software planted inside that not only wiped hard drives clean but damaged computer operating systems, leaving the company’s employees facing dreaded blue screens of computer death. Perhaps the worst damage was caused by the release of sensitive internal communications hacked by the North Koreans and posted on Pastebin, a common endpoint for hackers to place stolen digital information. The compromised data included lists of salaries paid to actors and Sony executives. The leaked information was quickly seized on by liberal news outlets under headlines decrying gaps in pay between men and women, and whites and nonwhites. In all, 38 million files were stolen and made public in the days following November 24.
The Sony Pictures Entertainment hack highlighted what will be the twenty-first century’s predominant form of warfare—nonkinetic computer and information conflict. In the case of Sony, the war was waged by a foreign state against a private company over its production of a movie called The Interview, written and produced to mock and denigrate one of the world’s worst dictators, Kim Jong Un. Sony’s weapon in their own form of entertainment information warfare was humor. North Korea responded with a sophisticated cyberattack made worse by the release of the stolen information from the company, and bolstered with threats to carry out September 11–style terrorist attacks against American movie theaters that dared to show The Interview, which had been scheduled for release on Christmas Eve.
The story of North Korea’s cyberattack against Sony began months earlier. It was driven by the studio’s decision to name the North Korean leader, Kim Jong Un, a ruthless dictator who used large-caliber antiaircraft guns to execute his political opponents. Kim was a third-generation communist dictator from a family dynasty that has kept North Korea an anachronistic totalitarian police state. It is a country where the government routinely must announce that cannibalism is prohibited for citizens starving to death during frequent famines that regularly sweep the mountainous and impoverished Northeast Asian country every decade or so. The most alarming characteristic of North Korea is that it’s a nation with an irrational and erratic leader in possession of an arsenal of ten to twenty nuclear weapons—and the missile delivery systems capable of firing those weapons thousands of miles.
Sony Pictures triggered the ire of the Kim regime with the decision of a studio executive to include the actual figure of Kim Jong Un in the script for the comedy. Early versions had referred to the leader as a fictional Kim Il Hwan, only marginally obscuring the actual supreme leader. According to The Interview screenwriter Dan Sterling, Kim Jong Un was made the protagonist of what Hollywood calls a “fart movie”—a ribald comedy—by changing Kim Il Hwan to Kim Jong Un. The movie’s producers, Seth Rogen and Evan Goldberg, loved the change, according to Vanity Fair magazine. The plot follows two journalists, played by Rogen and James Franco, who are granted an interview by Kim Jong Un and are then asked by the CIA to assassinate him. “The CIA would love it if you two could take him out,” a CIA character says in the movie. To which the Rogen character responds, “Take him out? Like for drinks?” “No, take him out. . . .”
The film was set for release in October and by June the trailer had been released. North Korea, perhaps the world leader in propaganda superlatives, reacted harshly. On June 25, 2014, the North Korean Foreign Ministry denounced the film as a “despicable maneuver” by enemies seeking to tarnish the Pyongyang regime’s dignity. The statement called Kim “our supreme nerve center” who was being insulted by the United States. “The United States’ reckless frenzy of provocation—which is [seeking] to eliminate our supreme nerve center by using a gangster moviemaker as a front—is exploding the surging animosity and rage of our army and people,” the statement said, adding that the film is a “blatant act of terrorism” and “an act of war.”
“Those who defamed our supreme leadership and committed the hostile acts against [North Korea] can never escape the stern punishment to be meted out according to a law, wherever they might be in the world,” the statement said. “If the U.S. administration connives at and patronizes the screening of the film, it will invite a strong and merciless countermeasure.”
For its part, North Korea under Kim Jong Un has taken unprecedented steps to threaten the United States, creating videos showing in graphic detail how nuclear missile attacks on the United States would produce mass destruction, including images of mushroom clouds over New York City and the White House. In 2013, North Korean propagandists even managed to obtain film footage of the Hollywood movie Olympus Has Fallen that showed a North Korean commando attack on the White House, and used it in a North Korean propaganda video that is part of its over-the-top anti-U.S. propaganda threats.
Within Sony, concerns were raised about North Korean retaliation. Kazuo Hirai, head of Sony Corporation in Tokyo, worried about the film’s ending. The final scene shows a missile attacking a helicopter carrying Kim Jong Un, whose head catches fire and explodes. Hirai, according to emails hacked from Sony, voiced concerns about the film disrupting Japan–North Korea relations. The movie received a semiofficial U.S. government blessing by the State Department’s assistant secretary of state for East Asian and Pacific affairs, Daniel Russel, who was consulted by Sony Corporation of America CEO Michael Lynton, who was concerned the film might produce diplomatic fallout. Robert King, the State Department’s special envoy for North Korean human rights issues, also signed off, according to an email made public after the North Korean hack. Writing to Lynton, Bruce Bennett, a RAND Corporation specialist on North Korean affairs, said he had consulted with King and that the threats by North Korea to regard the film as an act of war were hyperventilating rhetoric. “I talked with Amb. King a few minutes ago,” Bennett stated in the email. “Their office has apparently decided that this is typical North Korean bullying, likely without follow-up, but you never know with North Korea. Thus, he did not appear worried and clearly wanted to leave any decisions up to Sony.” King asked for an advance copy of the film prior to its release “so that they could prepare themselves for the likely onslaught of media questions.”
Earlier, Bennett recognized the information warfare value of the movie as a step in the right direction of getting rid of the Kim regime, noting that one likely way to do so would be to kill Kim Jong Un.
As Bennett wrote in the email:
I also thought a bunch more about the ending. I have to admit that the only resolution I can see to the North Korean nuclear and other threats is for the North Korean regime to eventually go away. In fact, when I have briefed my book on “preparing for the possibility of a North Korean collapse” [September 2013], I have been clear that the assassination of Kim Jong-un is the most likely path to a collapse of the North Korean government. Thus while toning down the ending may reduce the North Korean response, I believe that a story that talks about the removal of the Kim family regime and the creation of a new government by the North Korean people (well, at least the elites) will start some real thinking in South Korea and, I believe, in the North once the DVD leaks into the North (which it almost certainly will). So from a personal perspective, I would personally prefer to leave the ending alone. But that is clearly your call.I
Bennett went on to say that it was ironic for North Korea to be putting out threats against the United States over the film since doing so likely would increase audience viewership. “And while many Americans think of Kim Jong-un as being crazy, the movie’s depiction of him as ‘crazy as a fox’ (though clearly with the passions of youth) and as being willing to use nuclear weapons may well be a wake-up call to some, though probably less in the United States than in Korea,” he stated. As a postscript, Bennett added that the depiction of the CIA plo
tting to kill the North Korean leader also would be welcomed by Pyongyang as it “allows them to make this kind of extreme ‘act of war’ statement and appear to many around the world (and especially their people) as having justified outrage.” The pressure on Sony from North Korea produced a toned-down ending. After initially resisting changes to the movie, Rogen wrote to Sony Pictures studio chief Amy Pascal on September 25, 2014, that the producers agreed to modify the film to “make it less gory.”
“There are currently four burn marks on his face. We will take out three of them, leaving only one,” he stated. “We reduce the flaming hair by 50%. The head explosion can’t be more obscured than it is because we honestly feel that if it’s any more obscured you won’t be able to tell its [sic] exploding and the joke won’t work. Do you think this will help? Is it enough? If you think this is worth doing, we will dive into it right now and could probably have it done in 24 hrs.”
Federal Bureau of Investigation director James Comey disclosed in a speech that the Sony hack probably began in September 2014 when North Korean RGB cyber-intelligence agents carried out phishing email scams against Sony executives. Phishing is the sending of fraudulent emails that appear to be from trusted senders and offer tantalizing places to click online. Once a victim mistakenly clicks on the bogus link, a malicious software package is automatically downloaded, facilitating remote access by the hackers.
The U.S. Computer Emergency Readiness Team, a Department of Homeland Security entity, described the Sony hackers’ malware as a Server Message Block Worm Tool. It included five features: a listening implant, lightweight back door, proxy tool, destructive hard drive tool, and destructive target-cleaning tool. The software used a “brute force authentication attack” method—multiple, automated attempts to guess passwords to gain access to remote servers inside the Microsoft Windows operating system used by Sony’s networks. Once activated, the malicious software took control and quickly opened the way for the North Koreans to reach administrator-level access to the entire Sony system of networks. Computer administrators, because of their need to monitor, maintain, and repair computer systems, are given carte blanche and thus for two months, North Korean RGB hackers roamed freely, stole everything valuable there was to steal, and readied the destructive attacks that were launched November 24. The data theft was carried out covertly using transfers of data in moderate-sized pieces to avoid setting off intrusion detection software used in Sony networks. The North Koreans were operating from several locations, including the Chilbosan Hotel in Shenyang, northern China, and in Malaysia. According to intelligence sources, the Sony hack was orchestrated by a group known as Unit 121, operating from a hotel in Thailand. Unit 121 also was blamed for the so-called DarkSeoul cyberattacks in 2013, which were traced to North Korean hackers. DarkSeoul cyberattacks were carried out against South Korean banks, television broadcasters, and news outlets and according to forensic analysis were very similar, in terms of malicious software used and attack methodology, to the major Sony hack.