US spies tried to infect North Korean computers with Stuxnet, the same virus used to disrupt Iran’s nuclear centrifuges, but the attack was not successful, intelligence officials familiar with the campaign admitted to Reuters.
The attack took place in 2009 and 2010, parallel to the campaign against Iran. Reuters and several news outlets reported that that operation was as a joint effort by the US and Israel, although neither country has admitted it. According to one US intelligence source, Stuxnet’s developers produced a related virus, activated upon encountering Korean-language settings on an infected computer.
However, US agents could not access the machines that ran North Korea’s nuclear weapons program, a former intelligence officials briefed on the program told Reuters. The National Security Agency, implicated in the Stuxnet attack on Iran, declined to comment on the revelations.
The NSA: good at targeting us, terrible at targeting N. Korea. @josephmenn Stuxnet exclusive http://t.co/VmHFvvi3j4pic.twitter.com/v7GjsemT21
— Sarah G McBride (@mcbridesg) May 29, 2015
Experts interviewed by Reuters said that North Koreans used the same systems as Iran, with P-2 centrifuges obtained by Pakistani nuclear scientist A.Q. Khan. In all likelihood, they said, the North Koreans used the same control software developed by Siemens AG, and ran Microsoft’s Windows operating system. Stuxnet took advantage of vulnerabilities in both the Siemens and Microsoft software.
“Stuxnet can deal with both of them. But you still need to get it in,” the agency quoted Olli Heinonen, senior fellow at Harvard University's Belfer Center for Science and International Affairs and former deputy director general of the International Atomic Energy Agency.
READ MORE: ‘A lot of money rides on constant promotion of North Korean threat’
The revelations come as defector Kim Heung-Kwang told the BBC that North Korea had an army of 6,000 hackers and was creating its own malware based on Stuxnet. Kim was a professor at Hamheung Computer Technology University, before fleeing North Korea in 2004.
"[A Stuxnet-style attack] designed to destroy a city has been prepared by North Korea and is a feasible threat," Kim said. "Their cyber-attacks could have similar impacts as military attacks, killing people and destroying cities."
The US government blamed North Korea for the hacking of Sony Corp in December 2014, purportedly over a film depicting a plot to assassinate the North Korean leader Kim Jong-Un. US officials later hinted at “retaliatory” attacks that briefly shut down the country’s internet access.
Some cyber-security experts have disputed the North Korean origin of the Sony hack, pointing to strong leads that the attack was the work of a disgruntled employee.
“We are very confident that this was not an attack master-minded by North Korea,” Kurt Stammberger from the cybersecurity firm Norse told CBS News at the time. “Sony was not just hacked, this is a company that was essentially nuked from the inside.”
READ MORE: Stuxnet patient zero: Kaspesky Lab identifies worm’s first victims in Iran
According to research by cybersecurity firm Kaspersky Labs, Stuxnet was introduced into Iranian nuclear facilities via two suppliers of equipment, Foolad Technical Engineering Co. and Behpajoah Co. Elec & Comp Engineering, who were targeted as early as June 2009. Kaspersky researchers traced the infection to five individuals, all of whom worked within industrial control systems and were somehow connected to Iran’s nuclear program.
The existence of Stuxnet was first discovered in June 2010, following reports in the Israeli media of troubles at Iran’s nuclear reactors. NSA whistleblower Edward Snowden later confirmed that the US and Israel were behind the attacks. Neither government has officially admitted responsibility.