Here’s How Government Hackers Could Attack North Korea’s Nuclear Capabilities

Anything that runs code is hackable, even nuclear weapons and missiles. But hacking them has some very special challenges…

The first thermonuclear device, codenamed Ivy Mike, creates a mushroom cloud in the Enewatak Atoll on November 1st, 1952

The first thermonuclear device, codenamed Ivy Mike, creates a mushroom cloud in the Enewatak Atoll on November 1st, 1952

Just for a few days there, it seemed as if World War 3 was a very real and imminent event as North Korea’s saber-rattling started getting way out of control, and the United States decided to call its bluff. It seemed as if a pair of madmen, one overseeing a nuclear armed kleptocracy used to ratcheting up fear and tensions for handouts of money and food, and one who seemed more interested in his tee time than the geopolitical game of chicken he got himself into, were about to test if modern alliances can recreate the horrific domino effect that started the first world war. Smaller states allied with the seemingly infinite resources of superpowers are again fighting internally, and with each other, banking on their powerful friends to bail them out. Think of it as the my-dad-can-beat-up-your-dad strategy but with countries. And if those dads ever start fighting, they’ll use doomsday weapons instead of a few more ships and bombers. And for those wondering, the aftermath of a nuclear war wouldn’t be anything like Mad Max or Judge Dredd, but it would definitely end civilization as we know it multiple times over.

So imagine the relief and almost comical glee when a missile launch North Korea intended to use as the crescendo in its war dance, failed. In theory, that missile would’ve been able to reach DPRK’s most likely targets: Japan, South Korea, and Guam. In practice, rumor has it that it barely made it off the launchpad. But that said, the country has succeeded in missile launches and nuclear tests in ways that show its program slowly but surely advancing enough to be very worrisome. Foreign policy wonks even fear that far from its typical bluster, Pyongyang’s threats of preemptive nuclear strikes across the region are actually its military doctrine, and its launches are rehearsals for those strikes rather than just saber-rattling propaganda. If it’s a very real and serious threat to the world at large, it follows that the United States and its allies in the region would try to sabotage its program just like it set back Iran’s nuclear enrichment efforts with the Stuxnet worm. Sure enough, the innuendo flying around says that it tried to deploy viruses and worms to do the same thing to North Korea, and the recent failure is its doing.

But hold on, you might say. How do we know this isn’t just posturing and a little disinformation to fuel Kim Jong Un’s paranoia? Maybe the missile just failed? It’s not as if North Korea has the latest and greatest technology and its allies also aren’t exactly building ICBMs with multiple fusion warheads, the backbone of the American and Russian arsenals. If SpaceX can have one of its rockets blow up on the launchpad, why couldn’t North Korea’s rockets have accidents too? The short answer to that is yes. The longer is that well, of course we don’t know and may never find out for sure, which is more or less the point. Every military likes its potential opponents to think they have some capability that they may or may not have. However, hacking a missile is well in the realm of possibility, and if anyone can do it, it’s the United States. But it wouldn’t be as easy as infecting USBs with a virus that can talk to a factory’s monitoring software known to be full of security holes. Rockets and weapon systems require a high degree of expertise and finesse to hack.

You see, the reason why you couldn’t just repurpose Stuxnet for something like this has to do with how software for different things is built. Factories have actually long been warned of being ripe targets for hackers because a lot of software used to control its machines and monitor its vital signs has little to no security, and the companies that make it rarely fix anything that gets called out by experts. Basically they seem to assume that their systems will be such low value targets, it’s not worth it to patch their code and stop doing things like allowing default passwords for users with absolute control of every facet of its software. This is why about 90% of the effort in Stuxnet probably went into hiding itself vs. actually doing its damage. Large pieces of software doing lots of different things while keeping track of lots of data also have a lot of code to access or modify that data as well as issue a wide variety of commands. In security testing, we call this the software’s attack surface, and the more of it is poorly secured or not secured at all, the easier it becomes to hack. But purpose built systems are different.

Since they don’t have to keep track of users, logins, track vast quantities of data just in case, or be easily installed on any PC, they have a much smaller attack surface. Exactly how much will vary greatly depending on its design, and what software it uses. Some weapon setups may not even use an operating system because doing so would slow down their calculations and when milliseconds matter, like in missile defense, any overhead such as the wait for an operating system to load the next step in your code, could be a major liability. This means you have to be an expert in the really low level assembly language the system can understand, and figure out how to load your malicious code without hoping for wi-fi capabilities, or a bug in some version of an operating system kernel to exploit. However, that does limit the system significantly and makes programming it far harder, so it would need to use what’s known as an embedded operating system. But that too may be very difficult to hack depending on its exact specifications.

While the older the system, the less secure it should be presumed to be as a whole lot of hackers had time to find potential exploits and weaponize them in the wild, some things may become too old and arcane to hack. Certainly, someone could do it but the systems are no longer around for anyone to try and hack, and trying to recreate these virtually extinct tech stacks is almost impossible without high level security clearances and antique dealers with a very peculiar collection. In other words, the outdated computers intended to launch nuclear weapons John Oliver made fun of have unwittingly become a weird line of defense against hackers, and should we dismantle them, they’d be insanely expensive to rebuild, along with modern technology being more prone to a potential hack. (Keeping this in mind, we do have to spend a lot of money to modernize and secure these systems eventually, but for reasons that fall well outside the scope of this discussion.) In a way, this could be an interesting hitch when it comes to hacking North Korean nukes and missiles; if they use archaic technology, they make cyber attacks a lot harder.

However, hard doesn’t mean impossible and a team of hackers could defeat Pyongyang’s nuclear ambitions in three ways: by attacking the missiles and their components directly, by attacking guidance and targeting systems, and by attacking the nuclear warhead’s essential mechanisms. It seems unlikely that North Korea’s rockets need to run sophisticated code and rely on very precisely pre-programmed components to control how the rockets fire, not software ran on an embedded version of Linux or Windows. So with some careful intelligence about potential suppliers for North Korean missiles, the hackers in question could intercept shipments and corrupt the code. When the rocket fires, the timing could be off, or certain valves won’t activate, or activate too soon, sending the missile out of control, causing an explosion, or simply making it impossible to ignite in the first place. This approach is a particularly effective one because if done right, it makes building a properly functioning rocket with purchased parts an exercise in futility. Very similar approaches could be applied to guidance and navigation systems, crippling communications with radars and satellites, or introducing fatal errors that point the missile to the wrong target, or plunge it into the sea.

You could also try to piggyback on the techniques developed for Stuxnet to do some industrial sabotage and unleash a similar worm in factories where any in-house parts are machined to make failure just a little more likely, or some machine parts selected by a random number generator wrong. This would also be a huge headache to an aspiring nuclear power and if there’s no confirmation of an infection, the end results would be indistinguishable from honest to goodness mistakes of engineers and designers still learning how to make the most complicated and deadliest devices humanity created. We could explore how Kim Jong Un and his generals would deal with this situation, but the horrific war crimes they carry out against their people on a daily basis have been described in gruesome detail in many publications, as well as international reports. The horrible moral calculus of not alarming the third generation of kleptocrats who see their own people as humanoid machinery at best with cyber attacks against their nuclear program, or just letting them do this with relative impunity under the cover of ICBMs is left as an exercise to the reader as well.

Likewise, if you wanted a more traditional attack vector for navigation or guidance, you would want to try and compromise the command center’s computers, which would need to run more traditional operating systems with all the possible exploits they present. (Even North Korea’s restricted, custom built operating system, Red Star OS, is a variant of Linux despite looking somewhat like OSX.) Once buried in the file system and persisting somewhere in the deepest parts of the computer’s memory where it can’t just be erased, your virus can interfere with how the missile is targeted, or where it actually is, or even send an abort signal or a course correction in mid-flight. Once again, fake certificates, corrupted USBs, and subtlety in the sabotage being carried out can make it extremely frustrating to identify as an infection and fully root it out of computers that have to be connected to conduct a proper launch and accurately track the missiles in flight.

And this brings us to the last attack vector: the nuke itself. At first blush, it sounds suicidal to hack nuclear warheads. However, unlike people tend to believe, nukes don’t behave like normal explosives. Typically, explosives as we know them are stable chemical compounds that react when shock and heat are introduced, or separate chemicals combined to detonate when the bomb hits its target. Nuclear weapons don’t quite work this way. In both a fission bomb and a thermonuclear device, there are high explosives which compress radioactive material that’s goaded by precise X-ray emissions to start breaking down atoms and contain them in the bomb just long enough to really get the reaction going. Thermonuclear weapons require even more containment to use the radiation to turn lithium into tritium, then combine it with deuterium so these hydrogen isotopes start creating helium. This is why it seems that accidentally dropped nuclear weapons didn’t explode by some sort of miracle. No higher power was necessary, just physics.

This is where the hacking can come in. While all sorts of fascinating details about nuclear bomb designs can be found on Wikipedia, university sites, and popular science blogs, including ideas for warheads that use antimatter and hydrogen isotopes to minimize fallout, one thing you will never find are the details for the ignition mechanisms. Without precise schematics for one, just about everything else you read about these bombs is little more than useful trivia for scientific and historical debates. Passing off a sabotaged design for one such “firing set” during a botched CIA operation codenamed Merlin may have unwittingly accelerated the Iranian nuclear program, and is by far the best thing for a hacker to target. Through an intercept-and-infect strategy for the programmable components in the firing set, or using a spy to implant an extremely small defect into the components machining them in-house, any weapon armed with it would quickly fizzle or turn into a far less lethal dirty bomb which would have extremely limited effects.

Basically, technologically speaking, hacking nuclear tipped missiles isn’t the trivial task people may imagine it to be in the age of cyber weapons, but it’s far from impossible either. If you have the right mix of intelligence and well placed human assets, it’s entirely plausible to digitally sabotage systems with very limited attack surfaces, complex machine code, and used in extremely high security factories and labs. The only catch is that the more security and secrecy is involved, the more well placed informants and logistics you need for an accurate digital strike. Fortunately for those who don’t want to fight a nuclear armed Pyongyang, ICMBs and their warheads are very complicated, precise devices and that complexity and precision means more places to get viruses and worms into the process of building them. And making nukes or missiles simpler also makes them a lot less capable in life-or-death situations that would entail their deployment, so for North Korea there will always be a very real risk that someone digitally sabotaged their efforts.

News // North Korea / Nuclear / Tech / World