Return to

Aug. 31, 2017
Notes from the Pentagon

U.S. sees signs of North Korean nuke test
Amid the latest North Korean missile test that overflew Japan, U.S. intelligence agencies recently detected increased activity at the North’s main underground nuclear testing facility in the northeastern part of the country that signal preparations for a sixth underground test blast.

U.S. officials familiar with intelligence reports said the test could come as soon as Sept. 9, coinciding with the anniversary of the founding of the reclusive communist state.

A U.S. intelligence official told Inside the Ring that North Korea has been conducting an unprecedented level of testing since early 2016 and that “we have not seen anything in their defiant posture to suggest this has changed.”

“North Korea is capable of testing a nuclear device at any time with little warning,” the official said. “The United States continues to monitor and assess the situation on the Korean Peninsula in close coordination with our regional allies and partners.”

The U.S. intelligence data on the test was supplied to South Korea’s government, and press reports there said the nuclear test appears to be set for the coming days. According to U.S. officials, Pyongyang was ready to conduct a nuclear test in April but postponed it under pressure from China.

The Trump administration, as part of its policy of pressuring North Korea, has been stepping up pressure on China to rein in regime leader Kim Jong-un. China accounts for some 90 percent of North Korea’s international trade.

Evidence of the test preparations are said to involve satellite images of technicians and vehicle activities, indicating the possible placement of a warhead or warheads at two tunnels at the Punggye-ri testing site.

Nuclear tests are conducted underground by placing a device deep inside a tunnel and connecting sensors to measure the results. North Korea has conducted five underground nuclear tests, including two last year.

Intelligence analysis of the size of the tunnel holes dug by the North Koreans in the recent tests suggest the regime is making progress in developing small nuclear warheads capable of being fired on its many types of missiles.

The administration has responded to North Korea’s development of both long-range missiles and nuclear weapons with a policy of diplomatic pressure, including the imposition of new economic sanctions. Last week, the Treasury Department slapped sanctions on 10 companies and six people, including Chinese and Russians, for illicit trade in nuclear and missile goods to North Korea.

The administration has again made private appeals to the Chinese government to intervene in seeking to head off the latest planned test, according to the officials.

On the latest provocative test, defense officials said the missile appeared to be an intermediate-range Hwasong-12 missile. The Hwasong-12 is described by the National Air and Space Intelligence Center as a single-stage, liquid-fueled mobile missile with a range of more than 3,000 miles.

During the flight test Tuesday, the missile flew over the northern Japanese island of Hokkaido, prompting Japanese military forces to go on alert and the government to issue a warning to citizens to take cover in case the rocket landed on the island.

President Trump said in response to the latest missile test that “all options are on the table” in responding to military provocations.

Court documents in the case of a Chinese hacker reveal new details on Beijing’s use of malicious software that has been linked to some of the most significant U.S. cyberattacks, including the damaging compromise of sensitive government records from the Office of Personnel Management in 2015.

China also has been linked to the theft of medical records on over 80 million people from the health care provider Anthem, also in 2015.

Both cyberattacks involved the use of malicious software called Sakula that court papers say was used by Chinese national Yu Pingan, code-named “GoldSun.” Mr. Yu was arrested Aug. 21 in Los Angeles and charged by federal prosecutors with conspiracy to hack computers at three U.S. companies in California and Massachusetts. The companies were not identified by name, and the court papers did not directly link Mr. Yu to the OPM and Anthem hacks.

An FBI criminal complaint unsealed in the case states that Mr. Yu, 36 and a resident of Shanghai, conspired with at least two other people to employ malicious software in cyberattacks from April 2011 to January 2014. Details of the operations appear to be based on electronic communications intercepts between Mr. Yu and two uncharged co-conspirators who are quoted in the complaint discussing the use of hacking software tools.

For example, on April 17, 2011, Mr. Yu told a co-conspirator that “he had an exploit for Adobe’s Flash software.” In another conversation with a second person, Mr. Yu discussed installing a remote-access tool on a company and was warned not to draw attention from the FBI.

“Defendant Yu and co-conspirators in [China] would acquire and use malicious software tools, some of which were rare variants previously unidentified by the FBI and information security community, including a malicious software tool known as ‘Sakula,’” the complaint states.

The Chinese hackers appear to have been based in Shanghai, known to be the center of a branch of China’s intelligence service devoted to conducting operations against the United States. Shanghai is also the location of the Chinese military’s once-secret hacking group, Unit 61398. Five members of the unit were indicted by the Justice Department in May 2014.

Among the techniques used by the hackers against the three companies were “watering hole” attacks — the use of legitimate websites to lure unsuspecting users into allowing malicious software to be implanted on their systems.

The Chinese also used three “zero day” flaws — computer security jargon for a software vulnerability — in Microsoft’s Internet Explorer web browser, the FBI said. Zero days are used by computer hackers and intelligence services to penetrate systems remotely.

Once inside the companies’ networks, the hackers planted a Sakula program called “mediacenter.exe,” which facilitated the theft of data from the penetrated computers.

“Defendant Yu and the co-conspirators in the PRC would establish an infrastructure of domain names, IP addresses, accounts with internet service providers and websites to facilitate hacks of computer networks operated by companies in the United States and elsewhere,” the FBI said.

A July 2015 report by the Department of Homeland Security said nine major cyberattacks against U.S. companies using Sakula led to the theft of millions of personnel records, among other information, including one U.S. defense contractor.

More than 22 million records on federal employees were stolen in the OPM hack during the Obama administration. The records included extremely sensitive information gathered by federal investigators conducting background checks on people applying for security clearances.

Despite evidence linking the attack to China, President Obama took no action against the Chinese government for the cyberattacks, a move critics say likely emboldened the Chinese to conduct further attacks.

Chinese Foreign Ministry spokeswoman Hua Chunying said Friday that she was not aware of the arrest of Mr. Yu but insisted that China’s government “firmly opposes” illegal cyberactivities.

Mr. Yu’s attorney, Michael Berg, told Reuters that his client is not affiliated with the Chinese government and is a teacher and was visiting the United States to attend a conference.

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to