Columbia International Affairs Online: Working Papers

CIAO DATE: 09/2014

Before "DarkSeoul" Becomes "DestroySeoul"

Ye Ra Kim

February 2014

Arnold A. Saltzman Institute of War and Peace Studies


Growing dependence on ever evolving information technology and continuous occurrence of cyber- attacks against nations demonstrate the need for solid security strategy in cyberspace. South Korea, a country keen to explore benefits brought by the Internet, has suffered a heavy blow from a series of North Korea’s cyber-attacks in the past. This paper analyzes the 2013 March 20 cyber-attack against South Korea in detail and sheds light on the fast developing cyber capabilities of North Korea. The severity of the March 20 attack which simultaneously targeted major banks and broadcasters in the country spread panic through South Korea. The malware used in the attack was later nicknamed “DarkSeoul” because of the repetitive use of the term in the malware programming source. The attack illustrates the changing nature of the conflict on the Korean Peninsula, reflecting the need for a new concept of national security in which cyberforce plays a critical role.

Overall, this paper serves two purposes: Firstly, to provide concrete and factual explanation as to the nature, intent and technical characteristics of the March 20 attack. Secondly, to gauge possible attacks in the future and propose recommendations to South Korean policymakers. At the same time, incessant North Korean cyber-attacks provide South Korea with the opportunity to review its preparedness for cyberwarfare and enhance its national cybersecurity system. Such strategies notably include building a national consensus on the existence of the cyberthreats from North Korea, improving current cyberstrategy by restructuring the Cyber Control Tower, promoting international cooperation in cybersecurity and lastly, cooperating closely with the private sector to realize dynamic defense in cyberspace. After all, the direction South Korea is about to take at this stage will determine if it can repulse future attempts for another DarkSeoul, or unwittingly leave the nation to face the advent of a more threatening cyberattack.