`NK programmers hired in S.Korea to make security software`

`NK programmers hired in S.Korea to make security software`. August. 08, 2011 07:54. sanhkim@donga.com light@donga.com.

The CEO of a computer security company repeatedly looked around in an interview with a Dong-A Ilbo reporter. The executive seemed wary of whether somebody was listening to what he was saying.

He started talking after placing on a table two mobile phones with different numbers. He showed nervousness in the interview, saying, “If what I say is leaked (to a third party)...”

What the CEO was afraid of was none other than North Korea. He told Dong-A, “North Korean programmers are developing information security programs for South Korea.” He revealed that smaller computer security companies with 10 or fewer employees are using North Korean programmers to reduce labor costs.

What he said was beyond belief but he provided minutes, saying “I`ll show you evidence.” He had records of dialogues with an ethnic Korean broker in China using MSN Messenger. Having worked in computer security for more than 10 years, the CEO is famous for his ample personnel networks with hackers around the world.

When the reporter asked a North Korean defector-turned-North Korea analyst if the method discussed in the interview was realistic, the analyst said, “It`s highly feasible.”

Notably, MSN Messenger is widely known as a channel of communication most preferred by people dealing with North Korean business.

The late Kim Beom-hun, head of Buknam (North South) Trade and a first-generation venture entrepreneur who briskly engaged in business with the North, had been discussing doing business using this method with North Korean leaders.

Unlike fax, which was often used as a channel for inter-Korean communication in the past, dialogue via MSN Messenger allows real-time conversation and the server bridging dialogue is housed at Microsoft headquarters in the U.S. So the South Korean government finds it hard to eavesdrop.

○ Shocking contents of Messenger dialogue minutes

The CEO’s dialogue minutes showed a completely unexpected matter. North Korean programmers are working for South Korean companies not just in China. That is, if one hides his North Korean nationality and gets a fake Chinese passport, he or she can enter South Korea.

Fake passports and travel expenses in the South are paid for by the company that invited the programmers. About 4,000 to 5,000 U.S. dollars are spent on hiring one person a month, and one project is generally completed when a team of 20 members or more is mobilized for about two months.

People who claim they are ethnic Koreans are scattered in China`s Yanbian and Dandong areas. CEO Lee Gyeong-ho of the computer security company SecuBase said, “If I place a poster asking to hire programmers on a bulletin board in Yanbian, I can easily get dozens of calls a day.”

This means many ethnic Koreans are extensively engaged in brokering such programmers.

North Korean programmers are believed to be highly skilled as well. An ethnic Korean broker in China who spoke to the CEO bragged about the level of personnel he introduced, saying “Programmers from Korea Computer Center in North Korea are working rather than common North Korean defectors.”

The North`s computer center is a flagship computer think tank so advanced that it can develop an operating system such as Windows or Linux. People who hacked a South Korean online game company to earn dollars, a case recently caught by police, were also hackers hailing from the center.

Bragging about the capacity of people he introduces, the broker said the hackers conducted a project for a leading system integration company in South Korea and hacked computer networks of secondary financial institutions, gathered information on credit delinquents, and sold data on black markets.

Hiring such staff was a simple process as well. If a company transfers half of the first month’s service fee in advance, 20 to 50 people can be introduced at once.

“Apart from Korea Computer Center, various computer organizations are active in North Korea, including Pyongyang Information Center, and these organizations sent manpower to China en masse,” said Kim Heung-gwang, a North Korean defector and chief of the North Korea Intellectuals Solidarity who served as a computer engineering professor at the North`s Hamhung Technical Engineering University.

“After inter-Korean economic cooperation stopped due to political conflict, they stopped their activities and went into hiding. They might have developed a new method to enter South Korea,” he added.

○ How dangerous is it?

North Korean programmers might be producing security programs for the South, but not all information in the South is immediately transferred to the enemy. Security programs the North produces are only a fraction of a whole system. Information security is directly linked to national security, and hence the most important system is developed in person by certified programmers at South Korean companies.

Problems occur, however, when a North Korean programmer hides a malign code in invisible form into what is a “trivial program.” Such codes remain latent inside the system until the software author places an order, and begin operation the moment they receive the order.

Two previous distributed denial-of-service (DDoS) attacks on the South found to have been committed by the North occurred when malign codes written in a certain method began operating in unison after remaining dormant. The freezing of Nonghyup Bank’s computer system in April this year, for which the North was blamed as the mastermind, was also caused by attacks of malign codes.

In both incidents, even the very existence of malign codes was not found until the incident occurred because the freeze was caused by an attack of “customized” malign codes that targeted Nonghyup.

Jeong Tae-myeong, a software engineering professor at Sungkyunkwan University in Seoul, said, “We need to use trustworthy people even when developing general software, not to mention security software, and if the developers are only considered cheap labor, this is a shocking matter. Authorities must check if such acts are illegal as well.”