North Korea maintains a hacking base in China, the UK Parliament's Defence Select Committee has been told, while government snooping body GCHQ struggles to retain "cyber-staff". Then there's the slightly greater concern that the communist nation could nuke Britain "within a few years".
The House of Commons' Defence Committee published its latest report, Rash or rational? North Korea and the threat it poses today. As well as setting out the Norks' nuclear, cyber and chemical weapons capability, the committee called for greater funding for British cyber-defences – while staunchly insisting that cutting funds from conventional armed forces is not the way to do this.
A number of intriguing nuggets were included in the report (PDF, 38 pages), though they should be read with care. The committee has also previously faced criticism that its members, elected MPs, may lack the technical insight needed to hold their brief up to rigorous scrutiny.
NCC Group, a British cybersecurity consultancy, sent Nigel Inkster – its director of transnational threats – to give evidence to the committee.
"Inkster told us that one of the North Korean cyber units has an operational base in a hotel in China, and that its activities must be known to the Chinese, given the bandwidth required and the close monitoring of web usage by the Chinese government," stated the report.
China's role in either facilitating or turning a blind eye to North Korean activities, given the two nations' land border and historical ties, has long been a bone of contention for academics and analysts. Inkster appears to have convinced the MPs that China permits these activities.
North Korea was also blamed for the Wannacry ransomware attack that KO'd most of the National Health Service last year, as the official postmortem explained in detail. Unpatched, obsolete systems and poor infosec practices allowed the ransomware to run riot, crippling vital NHS infrastructure across the nation. Though the attack was attributed to the Norks by British authorities, no evidence was ever put into the public domain to support this – a policy that has backfired on Britain and given unscrupulous sources plenty of ammunition in the aftermath of the chemical weapon attack carried out by Russia in Salisbury.
Countering the Norks' nefarious hacking activities is something that the UK is putting money into, according to the report. Though the government has "opened a new Defence Cyber School to help develop specialist cyber-staff [sic] within both defence and the wider government," the committee noted that GCHQ and its public-facing offshoot, the National Cyber Security Centre, is struggling to retain suitably skilled staff.
The committee also concluded, in spite of the Ministry of Defence formally telling it otherwise, that North Korea could nuke Britain "within a few years" once it manages to shrink its warheads enough to fit them on its homegrown intercontinental ballistic missiles. For now, it warned, the Norks probably haven't reached that stage.
In its written evidence, the Ministry of Defence stated that: "We do not judge that North Korea's nuclear programme and other military capabilities are directed at the UK. North Korea has stated on several occasions that it does not consider the UK to be its enemy. It cites our official state relationship as evidence of this." ®