Inside Unit 121: The North Korean Hackers That Took Down Sony
Update: On Dec. 17, U.S. officials announced that North Korea was “centrally involved” in the Sony hack. As a result, Sony canceled the release of The Interview, a comedy about the assassination of North Korea’s leader, Kim Jong Un.
In North Korea, a country where many people are literally starving, one group gets the red carpet treatment: cyberhackers working for the government.
By now, you’ve probably heard about the massive computer hack that shut down Sony’s headquarters for a day. It’s almost too bizarre to believe, but it’s beginning to look like an infamous cyberhacking collective in North Korea that goes by the name Unit 121 was behind the breach. North Korea barely has access to the Internet, but the military is said to handpick the members of this unit. They’re the best and the brightest math and science students, and they’re groomed from a young age to wage cyberwarfare against their enemies.
According to several reports, the hackers, called Guardians of Peace, stole a trove of sensitive company information—everything from social security numbers to employee salaries to medical information—and released it online. It may seem absurd, but many speculated that North Korean military officials were enraged about the upcoming Sony release of The Interview, a Seth Rogen comedy in which two idiots are sent on a mission to assassinate Kim Jong Un, North Korea’s leader.
There’s not a lot of public information about the infamous Unit 121, but according to one defector, Kim Heung-kwang, it consists of about 3,000 hackers serving in North Korea, China and Russia. Kim, a computer science professor in North Korea, escaped to China in 2003. He now lives in South Korea, where he’s the executive director of a group called the North Korea Intellectuals Solidarity.
Multiple attempts to reach Kim were unsuccessful, but in a 2011 interview with Al Jazeera, Kim recounts the group’s dynamics. “There is a pyramid-like prodigy recruiting system, where smart kids from all over the country—students who are good at math, coding and possess top analytical skills—are picked up to be grouped at Keumseong.” The report continues:
These “cyberwarriors” are provided with the best environment, and if they graduate with top grades, their parents in the provinces are given the opportunity to live in Pyongyang, Kim said, citing verified information from his former students who are still operating as hackers in the North.
The Kim Jong-il regime also guarantees housing in Pyongyang for married hackers, as well as food subsidies and a significant stipend during overseas deployments, he said.
In 2009, an American intelligence analyst, Steve Sin, compiled a report on Unit 121. In it, he writes that the most elite hackers in Unit 121 are sent to a “government-operated hotel called Chilbosan in Shenyang, China.” The Chilbosan is a luxury hotel with spacious rooms, a minibar, free Wi-Fi—and even its own band.
“The residences are communal, but by North Korean standards, are a great place to live,” Kim told Al Jazeera. “If they save up enough of the stipends they receive abroad, they can live very well when they return to the North.”
The residence sounds somewhat similar to the 12-story tower that houses some of China’s most high-profile hackers, employed by the People’s Liberation Army.
According to both Kim and Sin, the cyberwarriors’ daily activities typically focus on denial-of-service attacks against South Korean government websites, banks and private businesses. They’ve also apparently tried spreading malware via video games, but without much success.
Several publications reported last night that Sony was convinced North Korea was behind the attack. However, there’s a bit of debate around the source of the breach. A North Korean official in the U.S. denied the attack today, but security experts say the attacks North Korea has used against South Korea were actually quite similar to those used against Sony.
The attack would be by far the most sophisticated attack Unit 121 has ever committed. According to BuzzFeed, which says it reviewed more than 40 GB of leaked documents, the hack contains: “employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationale for leaves of absence…extensive documentation of the company’s operations, ranging from the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan to the results of sales meetings with local TV executives.”