North Korea's cyber attack unit a more likely threat to Australia than any missile, expert warns

North Korea is accused of waging a cyber war and experts believe its hackers have likely already infiltrated Australia's systems and pose a bigger threat than any missile strike.

The secretive nation's main spy agency has a special cell called Unit 180 that is likely behind some of its most daring and successful cyber attacks, according to defectors, officials and internet security experts.

North Korea has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea and over a dozen other countries.

As well as being believed to be the perpetrators of the 2014 Sony Studio hack, cyber security researchers found technical evidence that could link North Korea with the global WannaCry "ransomware" cyber attack that infected more than 300,000 computers in 150 countries this month.

Pyongyang called the allegation "ridiculous".

North Korea has a huge army of hackers that already pose a significant threat to Australia. Source: AP
North Korea has a huge army of hackers that already pose a significant threat to Australia. Source: AP

Professor at the University of New South Wales' Australian Centre for Cyber Security Dr Greg Austin told News Corp he had no doubts North Korea's hacker henchmen were active in Australian cyberspace.

"North Korea is almost certainly conducting cyber espionage against South Korean targets here," he said.

The cyber security experts said South Korean nationals and various infrastructure in Australia were all possible targets and many people do not realise a global cyber war is already being waged.

"South Korean people, assets and aircraft in Australia are all potential targets of disabling cyberattacks," he said.

Cyber security firms have suggested North Korea could be behind the recent 'WannaCry' ransomware attack. Source: AP
Cyber security firms have suggested North Korea could be behind the recent 'WannaCry' ransomware attack. Source: AP

In 2011 the Pentagon declared the internet a theatre of war, placing it alongside land, sea, air and space as an area for waging conflict.

Rather than dropping bombs to knockout infrastructure, cyber warfare is based on crippling computer systems and espionage.

While the recent ransomware attack is being blamed on North Korea, the WannaCry program is widely understood to be a weapon developed by America's domestic spy agency, the National Security Agency.


Big guns in cyber warfare

The crux of the allegations against North Korea centre on its connection to a hacking group called Lazarus that is linked to last year's $81 million cyber heist at the Bangladesh central bank.

The US government has blamed North Korea for the Sony hack and some US officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.

No conclusive proof has been provided and no criminal charges have yet been filed.

While missiles are a concern, North Korea's Unit 180 hackers are already active. Source: AP
While missiles are a concern, North Korea's Unit 180 hackers are already active. Source: AP

The rogue nation has also denied being behind the Sony and banking attacks.

North Korea is one of the most enclosed countries in the world and any details of its clandestine operations are difficult to obtain.

North Korea might not be as strong in traditional theatres of war, but is has big guns in the cyber realm. Source: AP
North Korea might not be as strong in traditional theatres of war, but is has big guns in the cyber realm. Source: AP

But experts who study the reclusive country and defectors who have ended up in South Korea or the West have provided some clues.

Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004 and still has sources inside North Korea, told Reuters Pyongyang's cyber attacks aimed at raising cash are likely organized by Unit 180, a part of the Reconnaissance General Bureau (RGB), its main overseas intelligence agency.

"Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts," Kim told Reuters.

He has previously said that some of his former students have joined the Strategic Cyber Command, North Korea's cyber-army.

Ransomware and other cyber tools can be used to wage war and likely have already been deployed. Source: AP
Ransomware and other cyber tools can be used to wage war and likely have already been deployed. Source: AP

"The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace," Kim added.

He said it was likely they went under the cover of being employees of trading firms, overseas branches of North Korean companies, or joint ventures in China or Southeast Asia.

James Lewis, a North Korea expert at the Washington-based Center for Strategic and International Studies, said Pyongyang first used hacking as a tool for espionage and then political harassment against South Korean and US targets.

"They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime," he said.

"So far, it's worked as well or better as drugs, counterfeiting, smuggling – all their usual tricks," Lewis said.