Best of the Best: the South Korean school for hackers hitting back against the North

At the fortified border between South and North Korea, students on a computer hacking course are instructed to peer northwards across a strip of empty land toward the enemy state.

“Our country is divided and we are at war, but you can’t see that division in cyberspace,” said Kim Jin-seok. “So we take them to see it in person.”

Kim manages a program called Best of the Best, the goal of which is to train the next generation of so-called white-hat hackers, netizens with elite cybersecurity skills who are able and willing to defend South Korea against malicious hacking attacks, many of which are believed to come from North Korea.

Such skills are in high demand in South Korea. The country is officially at war with the North and while the two sides only rarely exchange bombs or bullets, they are locked in a round-the-clock battle in cyberspace. As North Korea builds its nuclear and missile strength, it is also advancing its ability to launch disruptive attacks online.

With the North’s economy increasingly strangled by international sanctions, the country has almost no tax base and an expensive nuclear weapons program, meaning it has to seek alternative, often illegal, ways of generating income. North Korean hackers were linked to the theft of $81m from Bangladesh’s central bank in March 2016, and in December the US Trump administration identified North Korea as the culprit behind the WannaCry cyber-attack, which in May caused millions in losses. North Korea has denied involvement.

North Korean hackers have been linked to leaks of credit card information and illegal ATM withdrawals in South Korea. “There are thousands of cyber-attacks in South Korea every day and most of them never get reported on the news,” Kim said. “Information security is the basis of economic development.”

The government-funded counter-hacker training program was conceived in 2010 when North Korean hackers were switching gears from only targeting South Korean government entities to attacking private sector bodies. Of late, researchers have linked North Korean hackers to attacks on cryptocurrency exchanges.

South Koreans live each day amid the threat of North Korean attack, cyber or otherwise and in a country with among the highest internet and smartphone penetration in the world, they have no choice but to take the threat of hacking increasingly seriously.

A turning point in the cyberwar was an incident in 2013 when three television networks and two banks had their networks frozen while some ATMs and online banking portals went out of order.

“That was when we all realized how vulnerable we are,” said Lee Dong-geun, of the Korean internet and security agency, which an organization that works with the South Korean government to help private sector entities deal with cyber-attacks.

Graduates of the Best of the Best scheme are competing against hackers from a well-established North Korean training program. Martyn Williams, editor of North Korea Tech, compares the North’s scheme to the ways some countries train athletes for the Olympics. “The lack of computers and widespread internet access means hackers in North Korea do not organically learn their skills in their spare time at home. Instead, hackers rise to prominence through a series of government-led initiatives that begin at junior school and progress to university and beyond,” said Williams.

Best of the Best’s space in Seoul’s Gangnam district is a place where war training, competitive spirit and youthful exuberance come together. Covering the walls of the hallways are plaques from hacker competition victories around the world and photos of graduating classes. A large common area looks like a tech startup space, with leather couches and a ping pong table. Behind a nearby door is the cyberwarfare room, which is filled with clusters of tables covered in computer monitors; on the walls are lurid, blinking screens that relay real time data of online activity and any signs of threats.

Participants range in age from high school to their mid-twenties, an age when most South Koreans are preparing to do battle in the country’s fiercely competitive job market. But the program is a chance to learn from industry experts and build elite IT skills, and a graduation certificate from the program is well-regarded by employers.

Min Sae-ah, 26, is a graduate of the program’s most recent class. She said gaining a leg up in was her main motivation for taking part, and that it helped her land a job in consulting. “I was taught a diverse range of skills, and how to use them ethically,” Min said.

But at the Gangnam centre, North Korea is the elephant in the room: a topic on everyone’s mind but almost never spoken of. Kim says it is difficult to establish conclusively that North Korean hackers are behind the attacks on the South, so there is no public blaming. Most attacks are carried out by computers with servers located in China, Kim said.

Analysts say North Korean cyber-attacks are a modern manifestation of the regime’s traditional tactics. “Asymmetric warfare goes back to the early days of North Korea, coming from the leaders’ history as guerrilla fighters,” said Andrew Salmon, a Seoul-based military historian and author of To the Last Round, a book on Britain’s role in the Korean war.

“For a weak country fighting a strong country, cyber-attacks are cost-effective, largely deniable and carry a low risk of retaliation,” Salmon said.