by Bill Gertz
Another lesson from the weak American response to the North Korean hack of Sony is that the U.S. government remains ill-prepared to address the most significant twenty-first-century strategic threat—devastating cyberattacks aimed at not just stealing data for economic or military gain, but also influencing foreign and domestic policies of target countries.
In March 2015 in South Korea, I heard firsthand from a North Korean defector who in the past had taken part in training North Korean military hackers. Before defecting to South Korea, Kim Heung-kwang worked as a professor at North Korea’s Hamhung University of Computer Technology, a key training facility for the military. Kim warned there is a growing danger from North Korean hackers, who, like those from Iran, are targeting nuclear power plants, transportation networks, electrical utilities, and all major government organizations abroad. “If all of this happens, North Korea is going to destroy the basic units of civil society, and we need to react strongly to prevent this,” Kim said, adding that North Korea’s closest allies are Iran and Syria, fellow rogue states united in their opposition to the United States.
Kim disclosed that Unit 121 is the North’s leading cyberwarfare organization and is an elite, relatively small unit. “All you need are a few really talented people, geniuses, and you can do a lot of damage,” he said. Within Unit 121, a special section is devoted to cyberattacks against North American targets, including both government and private sector networks. The Sony hack exposed vulnerabilities within private sector networks that can be exploited by North Korean cyberwarfare troops. “When you have thousands of people working against the firewalls of Sony, then you can see that it is not so difficult to breach Sony’s security,” Kim noted. The defector fled North Korea after being arrested on charges of possessing banned videos. He was sent to work in a labor camp for a year and escaped by bribing a North Korean border guard and swimming across the Tumen River into China. He eventually reached South Korea and now heads a group known as North Korea Intellectuals Solidarity, a group devoted to promoting freedom, democratization, and human rights in North Korea.
According to South Korean intelligence sources, which cooperated with the United States in the Sony hacking case, the North Korean Unit 121 of the RGB has its headquarters in a building in a northern part of the capital of Pyongyang. The unit is also called the Cyber Warfare Guidance Bureau. The official in charge, and who ordered the Sony cyber strike, has been identified as RGB chief Kim Yong Chol. “Kim was a four-star general in charge of the Reconnaissance General Bureau,” Director of National Intelligence James Clapper said at a security conference in New York City. “The RGB is the organization responsible with the overseeing [sic] attack against Sony.” North Korea employs around 1,200 Unit 121 cyberwarfare specialists and a total government hacking force of around 6,000 people.
North Korea is building up its cyberwarfare capabilities with a combination of information and electronic warfare techniques. The capabilities would be used in waging blitzkrieg-style cyber and electronic warfare on the Korean Peninsula as well as conducting long-range attacks on the United States and Japan. North Korea “views cyber capabilities as its answer to a flexible, networked adversary that enjoys near real-time battlefield data among its forces,” wrote Jenny Jun, Scott LaFoy, and Ethan Sohn in their January 2016 report for the Center for Strategic and International Studies, “North Korea’s Cyber Operations: Strategy and Responses.”
“If the [Korean People’s Army] cannot conventionally match the technologically advanced weaponry of the United States and ROK, the next best thing is to disrupt the very technology that those weapons systems employ,” they said. “Cyber capabilities may not be the key to military victory, but they do seem to offer a means of upsetting North Korea’s opponents in peacetime.”
The authors, however, missed the essential stance of North Korea today: it is at war with the United States and South Korea, and will continue to wage nonkinetic, information warfare.
The horrific nature of the North Korean regime has become known only in the past several years. A key to exposing the regime was a United Nations special commission on human rights that in February 2014 found the Kim regime had engaged in crimes against humanity, including forced starvation, imprisonment in death camps, torture, rape, and other human rights violations. “I was a judge for thirty-four years and I thought I was beyond tears,” Michael Kirby, an Australian who led the inquiry, told me. “Just seeing the huge stress suffered by people who complain about violations of their human rights or about the loss of their children, their loved ones, is rather more searing than even the testimony of a horrible murder.”
The danger from North Korea is not theoretical. According to a Defense Intelligence Agency report declassified in 2014, Pyongyang dispatched covert commando units to the United States in the 1990s to prepare for attacks on nuclear power plants and major cities in a conflict. The DIA report was dated September 13, 2004, and revealed that five units of special operations commandos had trained for the U.S. attacks. Mark Sauter, a security adviser to private corporations and longtime North Korea specialist, uncovered the DIA report and warned that it indicated North Korea could undertake September 11–style terrorist attacks inside the United States. “What they’ve done by the Sony hack is shown they’re certainly willing to attack a U.S. corporation,” Sauter said. “Now they’re threating a physical attack along the lines of 9/11 and it is certainly possible they could have agents inside the United States capable of carrying out terrorist attacks.” Sauter noted that North Korean agents in the past committed terrorist attacks and kidnappings around the world, and thus he asked, “Why wouldn’t they send agents to the homeland of their biggest enemy?”
By early 2016, North Korean cyberattacks were continuing on South Korea. Cell phones of high-ranking South Korean officials were hacked, including call histories, text messages, and contact lists. The North Koreans were detected attempting to implant malware on the smartphones of “tens” of officials and a fifth of the attempts were said to be successful. The target was secret or sensitive information about strategic plans being formulated in South Korea for responses to North Korean military provocations, such as long-range missile and underground nuclear tests. South Korean intelligence estimates that Pyongyang created networks of up to 60,000 pirated computers around the world into bot networks that are used for cyber operations in 120 countries.
As the Sony hack and other activities of the North Korean regime demonstrate, the United States must engage in offensive information warfare to counter the growing danger of North Korean information warfare.
* * *
I. For details on a proposed effort to oust the North Korean regime through intelligence operations, see my book Enemies: How America’s Foes Steal Our Vital Secrets—and How We Let It Happen (New York: Crown Forum, 2006).
3
UNITED STATES
Eighty Percent of Success Is Showing Up
The element of surprise in military operations, which is psychological warfare translated into field tactics, is achieved by artifice and stratagem, by secrecy and rapidity of information, by mystifying and misleading the enemy. When you strike at the morale of a people or any army, you strike at the deciding factor, because it is the strength of their will that determines the length of wars, the measure of resistance, and the day of final collapse.
—COLONEL WILLIAM DONOVAN, OFFICE OF STRATEGIC SERVICES, DECEMBER 12, 1942
The United States today is the strongest and most advanced military power in the world. Yet America is rapidly losing the most important war of the twenty-first century: an Information War that threatens its existence.
That war hit home during the Obama administration, when the most damaging compromises of classified American secrets occurred. One of the devastating security failures involved a senior official, Secretary of State Hillary Clinton, who for five years used an unsecure private email server to send and receive some of the nation’s most secret information—data that very likely
was hacked and stolen by several hostile foreign intelligence services.
Violating security rules from her first day in office as secretary of state, Clinton ordered a private, nongovernment email server network to be set up. She used the private email address [email protected] for all her official communications. The private system remained out of public view until the House of Representatives conducted an investigation into the Benghazi terrorist attack in 2012, which had led to the death of four Americans. In February 2013, the private email system was uncovered by the State Department in reviewing documents on the Benghazi attacks and it was revealed that Clinton had used the private email exclusively to conduct all her business, both in the United States and while she traveled to adversary states like China and Russia, where her communications were almost certainly intercepted and used in information warfare operations by those states against the United States.
By the fall of 2016, 30,000 emails between Clinton and her close aides were released, with an additional 14,900 under review. Most were found to contain unclassified information. But an alarming number of the emails were labeled “Top Secret” and “Secret,” information classified because its disclosure would cause grave or serious damage to American security.
The email scandal that ensued eventually produced an investigation by the FBI that was hampered by the fact that many of the thousands of emails had been destroyed by Clinton aides, along with computer equipment and thirteen BlackBerry handheld devices that were never examined by FBI agents.
In an unusual step, FBI director James Comey, apparently more concerned about embroiling his law enforcement agency in the extreme politics of a presidential campaign, took the unorthodox step of announcing he would recommend that the Justice Department not prosecute Clinton for the use of the illegal server and the compromised secrets found on it. In a public statement on July 5, 2016, Comey noted that the mishandling of classified information, either intentionally or through gross negligence, is a felony. Nonetheless, the FBI director reached the conclusion that “although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case.” Translated into political terms, the FBI chief was giving Clinton, the Democratic presidential nominee, a pass for committing felonies. Comey defended the decision as the correct course of action, but it reeked of a political cover-up in support of the former first lady, former secretary of state, and likely next president of the United States.
Down the street from FBI headquarters in Washington, D.C., Comey’s decision not to prosecute Clinton or her close aides immediately was accepted by Obama’s attorney general, Loretta Lynch, who only days earlier had sparked widespread controversy for holding a private meeting with Clinton’s husband, former president Bill Clinton, aboard an aircraft as she waited to depart the Phoenix airport. The meeting with Clinton on June 27 came nine days before Comey made his announcement. Lynch insisted the conversation with Bill Clinton was limited to talking about grandchildren, social events, travel, and the former president’s golf game. Few believed the disinformation since the mere fact of the meeting represented a gross conflict of interest for the attorney general. It perfectly reflected what has been called the Clinton style of corruption—the use of political power and influence for political and financial gain.
Further evidence the email investigation was corrupt surfaced in declassified FBI documents in the case showing that Patrick Kennedy, undersecretary of state for management, sought to pressure the FBI to downgrade its classification of one Clinton email containing counterterrorism secrets from “SECRET/NOFORN” to unclassified. In exchange, Kennedy offered what the document said was a “quid pro quo”—more slots for FBI agents posted to U.S. embassies abroad. According to the report, “in exchange for marking the email unclassified, STATE would reciprocate by allowing the FBI to place more Agents in countries where they are presently forbidden.” Both the State Department and FBI denied there was a deal.
Comey’s attempt to exonerate Hillary Clinton was incomplete. Despite his recommending against Justice Department prosecution, the FBI director had exposed Clinton’s criminal mishandling of classified data. “Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information,” he said, “there is evidence that they were extremely careless in their handling of very sensitive, highly classified information.” So why wasn’t that the gross negligence standard that Comey laid out earlier applied to the crime of mishandling secrets? Comey never explained that contradiction.
A State Department official told me that at least three foreign intelligence services hacked the server, including spies from Russia, China, and Israel.
Clinton would be found to have lied about the server repeatedly, claiming falsely that no classified information was sent or stored on the system and that she did not destroy emails and information systems improperly.
How sensitive were the secrets? The compromises were not disclosed in order to prevent further damage. But they included some of the crown jewels of U.S. government defense, intelligence, and foreign policy information, data that could be a gold mine for America’s enemies to use in information warfare operations.
Under pressure from Congress, new details of the FBI probe were made public in a redacted report on the investigation. It revealed the worst: foreign intelligence services likely intercepted Clinton’s emails, including those containing secrets, that were sent between 2009 and 2013.
“The FBI did find that hostile foreign actors gained access to the personal email accounts of individuals with whom Clinton was in regular contact, and, in doing so, obtained emails sent to or received by Clinton on her personal account,” the report noted.
The secrets found among the emails included information classified above top secret and part of what are called Special Access Programs, or SAPs. This category of classified information is so sensitive the data must be protected with extraordinary secrecy. According to American officials, to protect SAP information from leaking, or to prevent the programs’ existence from being known, U.S. government officials are permitted to lie about the programs when questioned about the secret activities. One example of SAP information would be the secret planning by U.S. special operations commandos of the 2011 raid that killed al Qaeda leader Osama bin Laden. Other programs involve protecting secrets about foreign electronics and weapons that would be used in disabling them in a future conflict.
According to the FBI report, Clinton told investigators that she had been briefed by security officials on how to handle the extremely secret SAP information. But she also told agents she “could not recall any specific briefing on how to handle information associated with SAPs,” despite her having signed agreements not to disclose SAP information. “In general, Clinton knew SAP information was of great importance and needed to be handled carefully,” the report said. However, a large section of the report was blacked out. Immediately after the blacked-out section, the report said Clinton “could not recall a specific process for nominating a target for a drone strike” but said those who would be killed in such unmanned aerial vehicle missile attacks were subject to debate. The reference to drone strikes indicates the likely SAP information she disclosed in her private emails related to secret counterterrorism drone attacks.
The FBI investigation found that hackers from Russia and Ukraine launched cyberattacks against the private server. But investigators could not determine conclusively if the attacks were successful. The bureau described Clinton’s unsecure email system as “potentially vulnerable to compromise” and stated that it suffered numerous cyberattacks. One attack succeeded: a remote intrusion by an unidentified hacker who used the hijacked email account of a Clinton staff employee to scan emails and attachments. Additionally, numerous “brute force” cyberattacks targeted the server. Brute-force attacks employ software that makes numerous, rapid
log-in attempts in a bid to gain remote access.
The FBI identified a possible Russian hacking connection after the compromise of an AOL account used by Clinton associate Sidney Blumenthal, who was victimized by the Romanian hacker Marcel Lehel Lazar, known as Guccifer. “Lazar disseminated emails and attachments sent between Blumenthal and Clinton to 31 media outlets, including a Russian broadcasting company,” the FBI said in a heavily redacted investigative report. “An examination of log files from March 2013 indicated that IP addresses from Russia and Ukraine attempted to scan the server on March 15, 2013, the day after the Blumenthal compromise, and on March 19 and March 21, 2013,” the report said. “However, none of these attempts were successful and it could not be determined whether these activities were attributable to Lazar.”
The email scandal dogged Clinton throughout her presidential campaign in 2016, a campaign so marked by controversy and scandal that she at one point campaigned for 275 days without holding a single press conference with reporters. She eventually would agree to answer a few questions from reporters traveling with her aboard a campaign plane. Clinton resorted to the denial and dissembling that have characterized her public persona since she was the governor’s wife in Arkansas during the 1980s. Her favorite rejoinder was that all the press reporting on her email scandal was nothing but a vast right-wing conspiracy against her.
Asked at one point during the campaign about a continuing congressional inquiry into the email scandal, Clinton dismissed the idea. “The FBI resolved all of this, answered all the questions,” she said. “The conspiracy theory machine factory honestly, they never quit. They keep coming back.” On deleting emails that are required to be archived under federal laws, Clinton said she was not concerned about whether federal investigators would pursue any violations.