Understanding North Korea Intelligence

Summary

North Korea remains a critical security challenge for the U.S.

Despite significant resource shortfalls and aging hardware, the DPRK maintains a large, conventional, forward-deployed military and continues to improve its ability to launch rapid, small-scale attacks against South Korea. North Korea’s continuing efforts to undertake provocative actions against Seoul — demonstrated during its August 2015 ambush of South Korean soldiers — poses a serious threat to the U.S. and its regional allies. We also remain concerned about North Korea’s proliferation activities in contravention of the United Nations (UN) Security Council (www.dia.mil/).

Enemies in the past needed great armies and great industrial capabilities to endanger America. Now, shadowy networks of individuals can bring extensive chaos and suffering to our shores for less than it costs to purchase a single tank. Terrorists are organized to penetrate open societies and to turn the power of modern technologies against us (georgewbush-whitehouse.archives.gov/).


Take Away

North Korea has waged a long and complex covert war against not just South Korea but a wide range of counties it considers to be threats. It has done so through the use of an elaborate global intelligence network and a large and well supported Special Forces unit within its military. DPRK policies, operations and clashes with the ROK are countless in the past forty-six years. Terrorist attacks included assassination attempts on South Korean presidents (Krause, 1999).
 
Starting in 1948 when the Republic of Korea (South Korea) was inaugurated, North Korea set on an immediate campaign to undermine it. First, they worked through small communist groups active in the Republic to initiate an outright armed insurrection and eventual revolution. Early strategic estimates assumed that North Korea would further augment such destabilization through the use of military units being infiltrated into South Korea disguised in civilian attire.

It was at this time that one of the South Korean primary security organs, the Constabulary, was already heavily penetrated by communists and North Korean sympathizers (Declassified intelligence document kr-8-7 ORE 44-48).  By 1949 intelligence estimates assumed a strong and efficient communist underground operating within South Korea and working in cooperation with North Korean military forces. The perceived strategy of North Korean response to U.S. forces leaving the peninsula was a full military assault from the North to coincide with a planned massive communist revolt and guerrilla campaign in the South. This led the U.S. military thinkers to stress the need to emphasize counter-insurgency measures in any military response to such aggression (Declassified document ORE 3-49).
 
Starting in 1962, Kim Il Sung drew inspiration from the NLF insurgency to decide on “low-intensity irregular warfare” instead of a conventional military offensive to reunify Korea. Such a strategy would avoid the risk of an American nuclear response from nuclear weapons stored in South Korea. North Korea has built on this strategy. In 1966-67 a Hanoi-Havana-Pyongyang triangle, as the three considered themselves, “the sole true manifestations of armed revolution” versus what they perceived as the compromised revolutions in Moscow and Beijing (H-Diplo).

North Korea has a robust and diverse special operations force capability, their Special Purpose Forces, with nearly 104,000 soldiers committed to these daring tactics and operations. The principal mission of the North Korean Special Purpose Forces is to infiltrate into the enemies rear area and conduct short duration raids. Their most dangerous avenue of approach for their forces includes amphibious approaches, airborne infiltration and the use of a vast tunnel network. These soldiers can arrive on the battlefield by hovercraft, helicopter, light planes and parachutes, tunnels, submarines, and by boat. They will attempt to destroy or capture soft targets such as Army logistics bases and Air Force bases. This force is capable of massing and appearing anywhere if hostilities recommence between the two Koreas.

It has also orchestrated various assassinations such as the unsuccessful attempt to assassinate President Park Chung Hee where the DPRK terrorist killed his wife; and the attempt to kill President Chun Doo Hwan in Rangoon that resulted in the killing of seventeen ROK officials in 1983. The most daring example of the North Korean SPF capability and commitment is the Blue House Raid of 1968. On 17 January, 1968, a thirty-one-man detachment from the DPRK‘s Special Purpose Forces (reconnaissance) breached the chain-link fence on the DMZ, donned ROK uniforms and infiltrated closer than one kilometer to the official residence of the ROK president, Park Chung Hee. 

North Korea’s operations have gone well beyond the Korean peninsula. Three DPRK operatives that arrived in Rangoon aboard a merchant ship carried out the attack on President Hwan. Another infamous incident included the bombing of a Korean Airline 747 that killed 115 passengers. Between 1953 and 1999 the DPRK committed over 76,000 transgressions against the armistice treaty (Krause, 1999).

North Korea was also instrumental in arming the Iranian military in the initial days of the Ayatollah Khomeini coming to power (Kuzichikin, 1990). 

As conflict between states evolves, cyberspace is becoming an increasingly vital component of strategy and doctrine for war fighting.  Non-state actors remain unpredictable, and the entry barrier to procure disruptive cyber tools and capabilities remains very low. Cyber reconnaissance, exploitation, and the potential for attacks against DoD forces around the globe is a reality.  These activities indicate an interest in how DOD operates in cyberspace and may allow our adversaries to identify opportunities to try to disrupt or degrade military operations.  Additionally, state actors are using cyber espionage in attempts to steal critical information from DoD and defense contractors. We remain concerned about this persistent threat to our ability to plan, prepare and ready our forces for future conflicts (www.dia.mil/ ).

In the 21st century North Korea has explored cyber warfare as a means to more pragmatically engage the larger powers of the Western world. According to South Korean sources, North Korea has roughly doubled the number of hackers it employs to conduct cyber-attacks. North Korea appears to have 5,900 personnel for cyber-warfare, up from about 3,000 people two years ago. North Korea’s Reconnaissance General Bureau employs around 1,200 hackers. The bureau is home to the country’s spying activities and was previously blamed by Seoul for several attacks on South Korean computer networks. Given North Korea’s bleak economic outlook, [offensive cyber operations] may be seen as a cost-effective way to develop asymmetric, deniable military options (www.northkoreatech.org/).

North Korea’s military could turn to cyber-based attacks and weapons as a more cost-effective alternative to conventional weapons. In the last few years North Korea has been viewed as the prime suspect in a campaign of cyber-attacks. However, the degree of their capability to wage a high level cyber war and be a serious threat is still quite debatable. Unlike the statements and reports that comes from the South Korean government, the North’s capability to launch attacks isn’t even stated as a certainty by the DoD. The very nature of cyberattacks makes it difficult to conclude with certainty the organization responsible. That uncertainty appears to be at the root of the DOD’s cautious stance (www.northkoreatech.org//). 

North Korea has also built an extensive criminal enterprise through its global intelligence network. Several entities across the globe are facilitating North Korean trafficking in arms and related materiel; procurement of luxury goods; and engagement in illicit activities, including money laundering, the counterfeiting of goods and currency, bulk cash smuggling and narcotics trafficking. Several companies have been named and sanctioned for the aid they have given in proliferating such activities (treasury.gov/r).


Additional Considerations 

Prior to 2009, the organization of the community originated with Kim Chong Il and proceeded down through three channels—the National Defense Commission, Korean Workers’ Party (KWP) and the Cabinet. Subordinate to the National Defense Commission were the Ministry of People’s Armed Forces and State Security Department. The Reconnaissance Bureau, Security Command and Guard Command were subordinate to the Ministry of People’s Armed Forces. The Korean Workers’ Party Secretariat was in charge of the Operations Department, Bureau No. 35, the Unification Front Department and the External Liaison Department while the Cabinet exercised nominal control over the Ministry of People’s Security.
 
The change was designed to secure the power and position of Kim Chong-il1 and deal with increasing levels of unrest and corruption within the civilian population and the military.   Recent changes during 2009-2010 — the most dramatic reorganization in years — seems to have been implemented to unify all the intelligence and internal security services directly under the National Defense Commission (NDC). 

The NDC was expanded from eight to twelve members with five now controlling the entire community including the Ministry of People’s Security that was transferred from the Cabinet. Additionally, press reports indicate that changes occurred within those organizations tasked with foreign intelligence operations, including those handling the Republic of Korea (ROK). Specifically, the Ministry of People’s Armed Forces’ Reconnaissance Bureau was merged into the Reconnaissance General Bureau (RGB) (38north.org/).

The Reconnaissance General Bureau is North Korea’s premiere intelligence organization, created in early 2009 by the merger of existing intelligence organizations from the Korean Workers’ Party, the Operations Department and Office 35, and the Reconnaissance Bureau of the Korean People’s Army (northkoreatech.org/).

The Reconnaissance General Bureau is a military-intelligence agency that resembles the United States Central Intelligence Agency’s Special Activities Division.  Human intelligence officers — the technical term for spy recruiters— are highly sought after in North Korea. Often recruits are selected for special-operations training while they are still in high school. Sent to an elite intelligence academy in Pyongyang where they are trained in the use of firearms and explosives, as well as in martial arts and underwater diving, among other skills. Only after years of training are they then assigned to work for the RGB. Part of the mission involved trying to recruit South Koreans who were believed to be sympathetic toward Pyongyang.

A defector from the United Front Department, a civilian intelligence outfit that is subordinate to the ruling Workers’ Party of Korea, has said there are probably hundreds of North Korean intelligence officers operating in the United States at any given point, and that their main goal is to recruit Korean-Americans who lean towards supporting North Korea. Pyongyang sees intelligence officers as crucial assets in its confrontation with its adversaries, and that it treats them exceedingly well when they are loyal. In North Korea, spies are treated in extremely high regard (intelnews.org).

Additionally the Reconnaissance General Bureau, as part of its function, trades in conventional arms and controls the North Korean conventional arms firm Green Pine Associated Corporation (Green Pine), which was also identified for sanctions by the President for exporting arms or related materiel from North Korea. 
The RGB has a headquarters and six bureaus: 38 North: First Bureau; Operations: Second Bureau; Reconnaissance: Third Bureau: Foreign Intelligence: Fifth Bureau; Inter-Korean Dialogue: Sixth Bureau; Technical: Seventh Bureau; and Rear services.

The number and organization of the SIGINT assets within the Ministry of People’s Armed Forces is unclear. Ground based assets are believed to consist of a small number of independent collection sites located throughout the North in areas of high interest (e.g., along the DMZ as well as the Russian and Chinese borders); the electronic warfare/SIGINT battalions within Korean People’s Army corps; and the EW/SIGINT battalions that exist within some KPA divisions.  

The Sixth Bureau works with the General Staff Department’s Electronic Warfare Bureau and is believed to exercise overall responsibility for signals intelligence (SIGINT), electronic warfare (EW) and information warfare operations within the Ministry of People’s Armed Forces. Sixth Bureau exercises some degree of control over the Air Force’s SIGINT collection aircraft and Navy’s intelligence gathering vessels. The Bureau also coordinates operations with the Ministry of People’s Armed Forces Communications Bureau and its subordinate units (northkoreatech.org/).

The First Bureau is responsible for basic and advanced training of intelligence agents, escort training and escort operations (which facilitate covert infiltration of agents throughout the world). It is organized into a Headquarters, Basic Training, Advanced Training, two Seaborne Escort Training Centers, four Seaborne Escort Units (a.k.a. Maritime Liaison Offices) and two DMZ Escort Units. Defector statements suggest that the Operations Department has approximately 6-7,000 personnel.

Basic and advanced training generally occur at a system of safe houses located throughout North Korea, although most are in the Pyongyang area under the name of the Kim Chong-Il Political and Military Academy (or Central Committee Political and Military Academy). Safe houses are isolated so students are only familiar with the training, operations and personnel of their own team to prevent compromise if captured. Instructors and others working within the Operations Department generally have little or no contact with members of other departments.

Courses can last from six months to two years and cover a wide range of subjects. The First Bureau has also been involved in kidnapping operations throughout the world intended to secure persons to serve as language and cultural instructors for North Korean operatives and to allow previously trained agents to assume the victim’s identity. These latter operations have generally occurred in Asia, particularly Japan. To conduct these missions, the Operations Department employs a wide variety of specialized swimmer delivery vehicles, semi-submersible infiltration landing craft, infiltration vessels and midget and coastal-submarines (38north.org/wp-content//).

While this organization remains institutionally subordinate to the Ministry of People’s Armed Forces, it apparently reports directly to NDC Vice Chairman General O Kuk-ryol, a trusted follower of Kim Chong-il who has played a pivotal role in anti-ROK intelligence operations since at least 1989 when he was appointed director of the Operations Department (38north.org/wp-content/).

General O Kuk-ryol is a retired former Korean People’s Army [KPA] official and senior DPRK Government official.  O is a member of the Workers’ Party of Korea [WPK] Central Committee and deputy to the Supreme People’s Assembly.  He is the patriarch of one of the most influential elite families in North Korea. Gen. O was a leading advocate and supporter of the DPRK’s development of nuclear weapons during the 1980s and for two decades controlled one of the most influential patronage networks in the North’s armed forces.

O attended the Mangyo’ngdae Revolutionary School and Kim Il Sung University. O also received military education in Russia at the Soviet Air Force Academy and Frunze Military Academy (currently known as the Combined Arms Academy). He began his official career in 1964 in the Korean People’s Army Air Force. He was promoted to Major General (sojang) in 1968 and became commander of the Air Force. He was promoted to Chief of the General Staff in September, 1979. In the 1980’s he was responsible for the creation of the Mirim Electronic Warfare Institute (Automated Warfare Institute), the country’s premier training institution in electronic (cyber) warfare. He was responsible for managing personnel shuffles (purges and promotions) among KPA general-grade officers from 1991 to 1993.  Around 1992, O Kuk Ryol was appointed department director of the WPK Operations Department, managing military intelligence collection and planning and training for special activities targeting South Korea. In 2009, O Kuk Ryol was appointed Vice Chairman of the National Defense Commission. 
 
According to one report, he has also established a foreign trading corporation.  Gen. O presided over the consolidation of much of the DPRK’s foreign intelligence collection (focused primarily on the ROK and Japan), operations, education and training into the NDC Reconnaissance General Bureau. He was an early user of computers during the 1980s and led the KPA on a military modernization program at that time, including development of nuclear weapons, expanding and advancing ballistic missiles and adopting electronic (and late cyber) warfare.  Aspects of Gen. O’s military modernization program were still used or being implemented in the DPRK as of 2017.

Gen. O is said “to be a commanding officer who is neat and tidy in character and behavior and has a careful planning ability and propulsive force to push ahead with what should be done.”  In contrast to many of his peers, O is not a heavy drinker and was not a major participant in the social culture of other DPRK elites.  He is married and has six children. Reports describe him as highly intelligent, humble and loyal to Kim Jong Un (nkleadershipwatch.org/). North Korea has long employed a covert strategy for more aggressively engaging perceived threats. In the past decades since the end of the Korean War in 1953, it has only expanded such operations on a more global scale.
 
Conclusion 

The recent actions taken by the U.S. under the Trump administration have been aggressive and a sharp departure from the traditional dealings between the two countries. This has created a new dynamic, strategic and political thinking on both sides. In light of this new and unorthodox approach to North Korea’s missile testing, it is likely that North Korea will begin a withdrawal from more overt military acts that could provoke unnecessary hostility with more powerful U.S. forces. It will become more reliant on its global intelligence network and covert special warfare operations to engage in any aggressive acts against the west.
   
Going forward, U.S. policy makers should expect to see North Korea place greater emphasis on using indirect means to engage the west and their neighbors.

-They will heighten their criminal activity particularly in the areas of currency counterfeiting, narcotics sales and any other industry that works towards destabilization when it involves the United States and Japan.
 
-Expect North Korea to use aggressive indirect means of covert operations with Special Forces as the more common means by which they engage the United States and its allies.
 
-Expect that North Korean intelligence will try to reach out and develop stronger relations with radical terrorist groups such as al Qaeda and Hezbollah who could provide the necessary resources to initiate more devastating attacks.
   
The DPRK intelligence and covert military program has long been a key component of their military strategy. It has developed an extensive network that has been the more preferred means by which the country pursues aggressive foreign policy. For a long time, the North Koreans have been working to create a more efficient and modernized intelligence organization and Special Forces program with greater emphasis on cyber warfare and other technological innovations. A director has been appointed who is staunchly anti-west, a foreign policy hawk and a modernist who has embraced technological innovation and a wide nuclear weapons program. It is apparent that for a long time North Korea has been gradually looking to embrace a more extensive covert strategy as the primary way it intends to wage war in the future.  
  
Sources

https://georgewbush-whitehouse.archives.gov/nsc/nssall.html

http://www.dia.mil/News/Speeches-and-Testimonies/Article-View/Article/567085/2014-annual-threat-assessment/

http://www.dia.mil/News/Speeches-and-Testimonies/Article-View/Article/653278/statement-for-the-record-worldwide-threat-assessment/

https://intelnews.org/tag/north-korean-reconnaissance-general-bureau/

http://militaryhistorynow.com/2014/12/03/the-blue-house-raid-north-koreas-failed-commando-assault-on-seoul/

https://intelnews.org/tag/north-korean-reconnaissance-general-bureau/

http://www.bbc.com/news/technology-32925503

http://www.euronews.com/2017/03/09/singapore-closely-studying-un-report-on-north-korea-arms-trade

https://www.northkoreatech.org/tag/reconnaissance-general-bureau/

https://www.northkoreatech.org/2014/07/07/north-korea-doubles-hackers-in-two-years-says-yonhap/

https://www.northkoreatech.org/2012/02/12/pyongyang-satellite-monitoring-station/

https://www.northkoreatech.org/2014/03/07/dprk-military-could-turn-to-cyber-warfare-for-lower-costs/

https://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20100830.shtml.aspx

http://38north.org/wp-content/uploads/2010/06/38north_SR_Bermudez2.pdf

https://nkleadershipwatch.wordpress.com/leadership-biographies/gen-o-kuk-ryol/

http://www.nkleadershipwatch.org/leadership-biographies/gen-o-kuk-ryol/

Declassified document ORE 3-49, Consequences of U.S troop withdrawal from Korea, in Spring 1949, Central Intelligence Agency, 28 February 1949.

Declassified document ORE 44-48, Prospects for Survival of the Republic of Korea, Central Intelligence Agency, 28 October 1948.

Krause, Troy P, COUNTERING NORTH KOREAN SPECIAL PURPOSE FORCES, Air command and staff college, Air University, 1999.

Kuzichkin, Vladimir, My life in Soviet Espionage: Inside the KGB, Ivy Books, New York, 1990.

H-Diplo Article Reviews, Balázs Szalontai.  “In the Shadow of Vietnam:  A New Look at North Korea’s
Militant Strategy, 1962-1970.”  Journal of Cold War Studies 14:4 (Fall 2012):  122-166. Reviewed by Jiyul Kim, Oberlin College. 

---