Category Archives: Cyber War

2008, the Russians Hacked Obama’s Campaign Too

Posted on by

Why are we learning this now? It is a dereliction of duty to advise the American electorate, campaign operators and all later political candidates, regardless of the kind of race. Further, should we be blaming Obama on this and did he invite the FBI to investigate? If so, the matters of phishing operations and Russia should have been a clarion call.

Further, why would Obama and Hillary even consider ‘resetting’ relations with Russia? Oh yeah……’cut it out Vladimir’..remember that?

Okay read on….the anger mounts.

Exclusive: Russian Hackers Attacked the 2008 Obama Campaign

Jeff Stein: Russian hackers targeted the 2008 Barack Obama campaign and U.S. government officials as far back as 2007 and have continued to attack them since they left their government jobs, according to a new report scheduled for release Friday.

The targets included several of the 2008 Obama campaign field managers, as well as the president’s closest White House aides and senior officials in the Defense, State and Energy Departments, the report says.

It names several officials by title, but not by name, including “several officials involved in Russian policy, including a U.S. ambassador to Russia,” according to a draft version of the report, authored by Area 1 Security, a Redwood City, California, company founded by former National Security Agency veterans.

“They’re still getting fresh attacks,” the company says.

The attacks on their email accounts have continued as the officials migrated to think tanks, universities and private industry, the company says. The favored weapon of the Russians and other hackers is the so-called “phishing” email, in which the recipient is invited to click on a innocent-looking link, which opens a door to the attackers.

Michael McFaul, Obama’s ambassador to Russia from 2011 to 2014, tells Newsweek that he gets “frequent” warnings of phishing attacks by an unnamed “foreign government” from both his Google email service and Stanford University, where he is now a professor of political science. He says his “colleagues, assistants and people like that” at Stanford also get attacked “on a fairly regular basis.”

“I have not been successfully penetrated, to the best of my knowledge,” McFaul says, speaking Thursday in a brief telephone interview. So far as he knows, “I have not been compromised.” There were three other U.S. ambassadors to Russia during Obama’s eight years in office who could not immediately be reached for comment.

The role of Russia in attacks on the 2008 campaigns of Obama and his Republican rival, Senator John McCain of Arizona, has not been previously reported.  On the eve of a U.S.-China summit meeting in 2013, U.S. intelligence officials told NBC News that Beijing alone was responsible for a 2008 cyberattack on the Obama and McCain campaigns.

China can’t be excluded as a perpetrator in those attacks, Area 1 Security’s report says, but its new data “show that Russia tried to hack several members of the Obama campaign and could have done so at the same time as someone that achieved massive data exfiltration.”

Blake Darché, a former NSA technical analyst who co-founded Area 1 Security, tells Newsweek that “state-sponsored Russian hackers have been targeting United States officials and politicians since at least 2007 through phishing attacks.” Russian hackers reportedly breached the Joint Chiefs of Staff email system in 2015.

The company says one of the Russian targets was a “deputy campaign manager” in the 2008 Obama campaign, but was otherwise unidentified in its report. There were a number of them over a period of time. One was Steve Hildebrand. Reached in Sioux Falls, South Dakota, where he now runs a specialty bakery and coffee shop, Hildebrand says he was “not aware” that he might have been a Russian target and didn’t remember being warned about cyberattacks of any kind during the campaign. Another senior 2008 campaign aide (and later White House National Security Council spokesman), Tommy Vietor, tells Newsweek he had “no knowledge” of Russian hacking at the time.

Besides top officials in the Energy, Defense and State departments, the Area 1 Security report cites a half-dozen positions in the Obama White House that were targeted from 2008 through 2016, including the president’s deputy assistant, special assistant, the special assistant to the political director, advance team leaders for first lady Michelle Obama, and the White House deputy counsel. None of them could immediately be reached for comment.

Among the State Department targets named by Area 1 Security were three top offices dealing with Russia and Europe. Evelyn Farkas, who served as the Obama administration’s deputy assistant secretary of defense for Russia/Ukraine/Eurasia from 2012 to 2015, says she could not discuss matters that remain classified, but says “the biggest impact” she remembered offhand was the Russian hack of the Joint Chiefs.

Among the three top, unnamed targets at the Energy Department was the director of the Office of Nuclear Threat Science, which is responsible for overseeing the U.S. Nuclear Counterterrorism Program.

The Area 1 Security report names the “Dukes,” also known as “Cozy Bear” and APT-29, for the Obama attacks, the same Russian actors named in the 2015 and 2016 hacking of the Democratic National Committee (DNC) and the State Department.

In an interview, Darché calls the Dukes a front for Russia’s “premier intelligence-gathering arm,” which would be the SVR, or External Intelligence Service, the Kremlin equivalent to the CIA, although he declined to specifically name it. As opposed to the DNC hacks launched to steal and publicize information damaging to the campaign of Hillary Clinton, he says, the Russian offensives that Area 1 Security uncovered were clandestine “intelligence gathering operations” designed to secretly penetrate a wide variety of institutions and industry.

Clinton had harshly criticized the Kremlin’s suppression of human rights and seizure of the Crimea, while her rival Donald Trump had repeatedly said he wanted to be “friends” with Russian President Vladimir Putin.

Oren Falkowitz, a former analyst at the National Security Agency who co-founded Area 1 Security, says he launched the company to stop phishing attacks, which until then was thought to be impossible because so many employees continue to click on risky links in emails. The key to the company’s success was persuading clients to let it monitor its servers, he told The New York Times in a 2016 interview.

In Friday’s report, Area 1 Security says it uses a “vast active sensor network” to detect and trace phishing attacks. It says it could imagine the Dukes “operating a giant spreadsheet where new targets are added, but never leave.” It “moves quickly, compromising a server or service to send out phishing emails from it, and then leaves, never returning to check for  bounced email messages to cull from its list.”

Most ex-officials don’t realize they are carrying “the blemish of being a Russian target into their new workplace,” the Area 1 Security report says.  As a result, “they give the Dukes beachheads in companies and organizations they never even planned on or imagined hacking,” such as Washington think tanks, defense contractors, lobbyist offices,  financial institutions and pharmaceutical companies stocked with high ranking former political, military and intelligence  officials.

Russia is “notoriously persistent in pursuing targets,” the report says. “It’s a lesson on why every organization needs great security.”

***

FireEye CEO: Russians are at Work in Election Hacking

FireEye CEO Kevin Mandia said Thursday that strengthening U.S. cybersecurity defenses begins with protecting the country’s own systems first, and he is hopeful the Trump administration will implement a strategy to defend from cyber threats, during an interview on FOX Business’ “Countdown to the Closing Bell.”

“You gotta protect critical infrastructure and under times of duress, you have to be able to have shields up as a nation, and I think this order is going to move toward that,” he said, referring to the executive order President Trump signed Thursday, aimed at strengthening the America’s infrastructure to help prevent cyberattacks.

Cyber hacking has been in the forefront of an FBI investigation over Russia’s alleged involvement in the 2016 presidential election. Mandia said he believes acting FBI Director Andrew McCabe will continue the investigation into these claims.

“When you awake the sleeping giant, they get the job done and I think the FBI, whenever they apply the resources at their disposal and their capability, they can get the job done as they see fit,” he said.

Mandia believes the Russians are at work in election hacking and thinks it will continue to happen.

“The tool in every emerging nation’s tool box now [is] a cyber component,” he said.

The FireEye CEO added that the risks from cyberattacks can’t be eliminated because persistent hackers are exploiting human trust and not exploiting systems.

Russian “information operations troops” (“cyber troops”)

Posted on by

Image result for Minister of Defense Sergei Shoigu Image result for russian cyber army

Russian ‘Cyber Troops’: A Weapon of Aggression

Eurasia Daily Monitor: Speaking to the Russian parliament (Duma) last February, Russian Minister of Defense Sergei Shoigu announced the creation of “information operations troops” (“cyber troops”) within the Armed Forces. He emphasized that state “propaganda should be smart, accurate and effective” and that that these new formations “will be much more efficient than the ‘counter-propaganda’ department that operated during the Soviet period” (TASS, February 22). It is dubious, however, that the responsibilities of “cyber troops” will be reduced solely to “propaganda.” Rather, it seems that this unit is to become the main tool of Russia’s offensive cyber operations as a part of “information warfare.” The official history of the Russian cyber troops goes back to 2012, when Dmitry Rogozin (at the time heading the Russian Foundation for Advanced Research Projects in the Defense Industry) addressed the issue publicly for the first time. In 2013, an anonymous source confided that formations of this kind had been established under the umbrella of the Russian Armed Forces (RBC, February 22), but at the time there was no solid evidence available.

Then, in April 2015, the official state news agency TASS reported that a unit of Russian “information operations forces” were deployed to the territory of the Crimean Peninsula (TASS, April 17, 2015). Nonetheless, in the meantime, the Russian side continued to deny the existence of cyber troops. For instance, in January 2017, the first deputy director of the Russian Duma Defense Committee, Alexander Sherin, claimed that “Russia does not have such formations.” Similar statements were made by top-ranking Russian officials related to security and mass communications, such as Viktor Ozerov and Alexey Volin (Interfax, January 16). This silence was interrupted only by Defense Minister Shoigu’s official announcement in February.   Commenting on the main tasks of the cyber troops, Franz Klintsevych, a high-ranking member of the Russian Federation Council (upper house of parliament), identified the disclosure of subversive activities by foreign intelligence services in electronic, paper and TV media outlets. He suggested that the cyber troops would deal with such hacker attacks as their main responsibility. But this assessment fails to fully reflect the true essence and tasks of the new unit. According to Yaakov Kedmi—who used to head Nativ, the former Israeli intelligence service charged with facilitating the immigration of Jews from the Soviet Bloc—“cyber troops” exist in “all serious armies” and are subordinated to their respective defense ministries. Their main tasks are “propagandist” (propaganda and counter-propaganda) and “operational” (activities designed to distract the adversary by providing false information). Yet, he also highlighted that so-called “political propaganda” falls outside the range of responsibilities for such formations (Kommersant, February 22).

Another revealing bit of information on the secretive cyber troops can be found in research conducted by Zecurion Analytics, a Russian software company established in 2001. According to a report the firm published several months ago, Russia may be placed in the top five countries with the “most powerful” cyber troop units, in terms of the number of personnel employed (which Zecurion Analytics estimates at approximately 1,000) and financial expenditures (around $300 million per annum). The company’s head, Vladimir Ylianov, has stated that the main tasks of Russian “cyber troops” include espionage, cyber attacks, and informational warfare (Kommersant, January 1). This assessment, however, also may underestimate the real capabilities of these cyber forces. Thanks to introduction of so-called “research units,” Russian cyber defense is inseparable from the Armed Forces and its resources, which exponentially increases its offensive potential (see EDM, November 30, 2016).

A somewhat different opinion was expressed by pro-Kremlin cyber security specialist Igor Panarin. He hopes that the creation of the cyber troops will allow Russia to overcome its inferiority in the cyber domain compared to other countries, like the United States, and beef up its offensive capabilities. According to the expert, the 2008 Russian-Georgian War in fact demonstrated that Russian failed to act efficiently when it came to offense, and it instead relied on “defense and containment” in its cyber operations. Panarin suggested that unlike the Department of Information and Mass Communication, which was created under the umbrella of the Ministry of Defense in 2016 and tasked with defensive activities, the cyber troops—which could and should act in concert with the Federal Security Service (FSB) and the Foreign Intelligence Service (SVR)—will be specifically charged with conducting offensive operations in the “cyber sphere” (kiber prostranstvo) (Militarynews.ru, February 22). If accurate, this demonstrates Russia’s continuing development of offensive cyber capabilities and a delineation between “cyber” and “information” operations.

Related reading: 3 of 4 Zero-Days Microsoft Patched Yesterday Were Used by Russian Cyberspies

Panarin also outlined a number of supplementary steps Russia needs to take, which included the following elements (Vz.ru, February 28, 2017):

1. The establishment of a State Council (that is to include various governmental structures, public diplomacy organizations, media sources, representatives of business, political parties and non-governmental organizations) tasked with issues related to “information confrontation” (informatsionnoye protivoborstvo—understood as a struggle in the information sphere with the broad aim of achieving information dominance over one’s opponent);

2. The establishment of a position of a “Presidential Advisor” on information operations, tasked with the coordination of informational-analytical units connected with the “cyber troops,” the Ministry of Defense, FSB, Federal Protective Service (FSO), SVR and other key ministries;

3. The creation of a media holding—based on existing media resources of Russian TV Channel One, All-Russia State Television and Radio Broadcasting Company (VGTRK), RT and others—subordinated to the Ministry of Foreign Affairs of the Russian Federation. It is imperative to copy the US experience while implementing this initiative, Panarin alleged; and finally

4. The formation of separate centers of information operations pertaining to the FSB, FSO and SVR.   Panarin’s suggested program should be seen as an extremely ambitious and far-reaching strategy, fully complying with the steps and activities already conducted by the Russian side in the domain of cyber security and information operations. Within this development of the country’s cyber capabilities, the Russian cyber troops should be seen mainly as an offensive operations force, and not as a defensive mechanism.

–Sergey Sukhankin

For reference, here is the testimony before 

 THE SELECT COMMITTEE ON INTELLIGENCE DISINFORMATION A PRIMER IN RUSSIAN ACTIVE MEASURES AND INFLUENCE CAMPAIGNS

 

No Cyber Policy, Doctrine, Protection, Result of Senate Hearing

Posted on by

President Trump signed another executive order today. This one is on cyber security and protecting infrastructure. Read it here.

Image result for trump signs executive order BusinessInsider

No one wants to participate in the hard debate regarding cyber, where it is noted to be the highest threat for the homeland. At least the Trump White House is taking note, yet this executive order may not be enough or engage the private sector. It is gratifying however that some inside and outside experts are in fact having talks on an international basis with cyber experts. That is always a good thing.

At issue on this topic is the path forward and the estimated costs. Cyber is a battlespace where it should be noted it could cost what conventional military operations costs against adversaries and could take as long if not forever. All government infrastructure is dated, unprotected and there are no measures to correct in a priority ranking.

The other item of note, there is no legal or case law condition where the cyber attackers are prosecuted. Exactly why did Sony not sue North Korea? If there is no consequence, even ceremoniously, then expect more hacks. Of note, to sue and or sanction North Korea, China would have to be included, as the internet connectivity to North Korea is provided by China and further, China trained the hackers in North Korea….sheesh right?

Politico reports: The directive is Trump’s first major action on cyber policy and sets the stage for the administration’s efforts to secure porous federal networks that have been repeatedly infiltrated by digital pranksters, cyber thieves and government-backed hackers from China and Russia.

“The trend is going in the wrong direction in cyberspace, and it’s time to stop that trend and reverse it on behalf of the American people,” White House Homeland Security Adviser Tom Bossert told reporters during a Thursday afternoon briefing.

Cyber specialists say the order breaks little new ground but is vastly improved over early drafts, which omitted input from key government policy specialists. The final version, cyber watchers say, essentially reaffirms the gradually emerging cyber policy path of the past two administrations.

As part of the executive order’s IT upgrade initiative, administration officials will study the feasibility of transitioning to shared IT services and networks across the government. An estimated 80 percent of the $80 billion federal IT budget goes toward taking care of aging systems.

Senior Trump adviser Jared Kushner’s Office of American Innovation will play a significant role in the federal IT modernization effort, multiple people tracking the efforts have told POLITICO. Earlier this month, Trump signed an executive order creating the American Technology Council, with Kushner as director, to help coordinate that effort. More here.

*** Personally, it must be mentioned there is a problem with this operating out of the White House and certainly out of Jared Kushner’s office, he is way too tasked to be effective. Other professionals in the cyber realm agree, the matter of a ‘net’ command and operations that collaborate with the private sector should be it’s own command and separated from NSA.

There was a significant hearing today on The Hill while the FBI hearing was going on. Those on the witness panel included James Clapper, Jim Stavridis and Michael Hayden. The Senate Armed Services Committee hosted this session and it included high rate discussions including why there is no cyber doctrine, why there are no offensive measures and what the highest cyber threats are for the homeland.

NSA Chief Testimony, Cyber Security Threats and Solutions

Posted on by

French presidential candidate Marcon was hacked on Friday before the Sunday voting. Per the NSA Chief, U.S. Tipped Off France on the Russia hacks. The U.S. tipped off France when it saw that Russians were carrying out cyberattacks targeting French President-elect Emmanuel Macron, NSA chief Adm. Mike Rogers told a Senate panel on Tuesday. Macron’s campaign revealed it was hacked just hours before a campaigning blackout in the country ahead of the presidential election on Sunday. Macron ended up handily defeating his rival, Putin-backed Marine Le Pen. “We had become aware of Russian activity. We had talked to our French counterparts and gave them a heads-up—‘Look, we’re watching the Russians. We’re seeing them penetrate some of your infrastructure. Here’s what we’ve seen. What can we do to try to assist?’” Rogers told the Senate Armed Services Committee.

*** Meanwhile….there is no strategy or policy position on U.S. cyber warfare. However…

Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense

The failure of the government to provide adequate protection has led many cybersecurity analysts, scholars, and policymakers to suggest that there is a need for private-sector self-help. If the government is unable or unwilling to take or threaten credible offensive actions to deter cyberattacks or to punish those who engage in them, it may be incumbent upon private-sector actors to take up an active defense. In other words, the private sector may wish to take actions that go beyond protective software, firewalls, and other passive screening methods—and instead actively deceive, identify, or retaliate against hackers to raise their costs for conducting cyberattacks. Taking into consideration U.S., foreign, and international law, the U.S. should expressly allow active defenses that annoy adversaries while allowing only certified actors to engage in attribution-level active defenses. More aggressive active defenses that could be considered counterattacks should be taken only by law enforcement or in close collaboration with them.

Key Takeaways

If the government is unable or unwilling to deter cyberattacks, it may be incumbent upon private-sector actors to take up an active defense.

Before the U.S. authorizes private hack back, it must consider not only U.S. laws, but also foreign and international laws governing cyberspace.

Congress should establish a new active cyber defense system that enables the private sector to identify and respond to hackers more effectively.

***

Heritage: Americans want their cyber data to be safe from prying eyes. They also want the government to be able to catch criminals. Can they have both?

It’s an especially pertinent question to ask at a time when concerns over Russian hacking are prevalent. Can we expose lawbreakers without also putting law-abiders at greater risk? After all, the same iPhone that makes life easier for ordinary Americans also makes life easier for criminals.

Manhattan District Attorney Cyrus Vance Jr. has described the operating system of the iPhone as “warrant-proof,” saying criminals are using the devices – encrypted by default – to their advantage. In one instance, he quoted an inmate who, ironically, called the iPhone a “gift from God.”

Divine involvement is a matter of debate, but there’s no question that when it comes to the choice of breaking the cybersecurity of criminals without also endangering the personal data of ordinary Americans, well, the devil is in the details.

This is especially true given the evolving nature of the threat. Even if we wanted to give the government access to all the metadata it wants (when, where, and who called), technology is moving away from phone calls to text messages and other non-telephony applications. Traditional metadata will be of limited use to law enforcement in pursuit of the savvy criminal of the future. Law enforcement needs to develop new strategies and investigative techniques without making us all prey.

It’s nearly impossible to assess the total monetary value for all successfully prosecuted cybercrimes in the U.S., let alone estimate the number of criminal cases that would have fallen apart without access to a smartphone’s data. The Department of Justice doesn’t publish such data. But, according to the 2014 Center for Strategic and International Studies report “Net Losses: Estimating the Global Cost of Cybercrime,” global cybercriminal activity is valued at $400 billion a year. Cybercrime damages trade, reduces competitiveness, and limits innovation and global growth.

The fundamental problem is that no one in the government is responsible for securing the internet for all of us. The Department of Homeland Security is responsible for safeguarding our nation’s critical infrastructure, yet the insecure internet presents cyberthreats to non-enterprise users affect individual security, safety and economic prosperity. Who is responsible for their security?

Some elements of the federal government are so focused on hunting down information against a few horrendous criminals that they don’t seem to realize they’re doing it at the expense of our right to privacy and online protection. We can appreciate their dedication in these noble causes, but the fact remains that the internet has become a host to more and more personal information ever since Steve Jobs introduced the first iPhone.

Since then, the smartphone has evolved to have much more control over our lives, homes and vehicles. There is no sign of less data being held in the cyberspace.

In attempting to square this cyber-circle, the government would be wise to take a cue from the medical profession, which uses the Hippocratic oath to dictate an underlying requirement to refrain from causing harm to patients.

There is no such oath for members of the Department of Justice. They simply affirm that they will faithfully execute their duties without affirming that they will do so without harming the citizenry as a whole.

DOJ lawyers focus on individual prosecutions. That is too narrow of a definition of success. It forces them to use all means they can muster to make their prosecutions successful with little or no consideration of the larger harm their efforts may cause to the population in general.

That is a problem today and will only be magnified in the coming years as technology advances and the gap between those advances and the DOJ’s understanding of them widens. Within this environment, where insecurity breed’s criminality and stopping individual high-value criminals can motivate the DOJ to undermine security, one can only wonder, who is responsible for our security?

The world has changed. A new paradigm is needed to ensure the safety and security of all American’s data predicated on applying airtight security to our data. There is no return to the past. Perhaps the Trump administration will make this need for security a priority in a manner the previous administration did not.

China Gave Trump an Ultimatum to Deal with N. Korea?

Posted on by

BEIJING – China urged the United States to sack the head of the U.S. Pacific Command in return for exerting more pressure on North Korea amid concerns over its growing nuclear and missile threats, a source close to U.S.-China ties said Saturday.

The Chinese leadership headed by President Xi Jinping made the request, through its ambassador in the United States, to dismiss Adm. Harry Harris, known as a hard-liner on China, including with respect to the South China Sea issue, the source said.

China urged U.S. to fire Pacific Command chief Harris in return for pressure on North KoreaAdm. Harry Harris, head of the U.S. Pacific Command, addresses the Lowy Institute think tank in Sydney last December. | AFP-JIJI

China’s envoy to the United States, Cui Tiankai, conveyed the request to the U.S. side, to coincide with the first face-to-face, two-day meeting between President Donald Trump and Xi in Florida from April 6, but the Trump administration likely rejected it, the source said.

China is a longtime economic and diplomatic benefactor of North Korea.

As the head of Pacific Command, Harris, who was born in Japan and raised in the United States, plays a vital role in the security of the region.

He was responsible in ordering last month the dispatch of the USS Carl Vinson aircraft carrier to waters near off the Korean Peninsula in a show of force amid signs the North was preparing to test-fire another ballistic missile or conduct a sixth nuclear test.

The Trump administration has called for exerting “maximum pressure” on North Korea to prod it to give up its nuclear and missile programs. The administration has said all options — including a military strikes — remain on the table.

Harris has pushed for the U.S. deployment of the advanced Terminal High Altitude Area Defense (THAAD) anti-missile system to South Korea. China has opposed the deployment, saying it could undermine its security interests and the strategic balance of the region.

He has also called for continuing U.S. “freedom of navigation” operations in the contested South China Sea. Overlapping territorial claims, as well as land construction and militarization of outposts in disputed areas in the sea, remain a source of tension in the region.

According to the source, Cui also asked the Trump administration not to label China as a currency manipulator. As per the request, the United States did not label China as such, in light of Beijing’s role in helping Washington deal with the North Korean issue.

*** Related reading: 2013 Study Finds North Korea Has Indigenous Capabilities to Produce Nuclear Weapons

An example of the open-source evidence used for Kemp's study: A 2011 image from a television broadcast in North Korea showing Kim-Jong Il inspecting a flow-forming machine located in an underground tunnel. This type of machine is able to produce centrifuge rotors for North Korea's uranium-enrichment program.

An example of the open-source evidence used for Kemp’s study: A 2011 image from a television broadcast in North Korea showing Kim-Jong Il inspecting a flow-forming machine located in an underground tunnel. This type of machine is able to produce centrifuge rotors for North Korea’s uranium-enrichment program.

***

Is the United States partners in the Asia Pacific region ready to deal with 5000 tunnels and an underground operation?

Image result for north korea underground tunnel  The entrance of an ‘intrusion tunnel’ under the DMZ between South and North Korea, Telegraph

North Korea’s Secret Strategy in a War with America: Go Underground

North Korea, one of the most secretive countries in the world, is no stranger to building underground military facilities. Whether a tunnel dug under the demilitarized zone designed to pass thousands of troops an hour, or bunkers to accommodate the regime’s leadership, North Korea has built extensive underground facilities designed to give it an edge in wartime.

One of the earliest examples of North Korean underground engineering was the discovery of several tunnels leading from North Korea under the demilitarized zone to South Korea. The first tunnel was located in 1974, extending one kilometer south of the DMZ. The tunnel was large enough to move up to two thousand troops per hour under the DMZ. A U.S. Navy officer and South Korean Marine corporal were killed by a booby trap while investigating the tunnel. Thanks to a tip from a North Korean defector, an even larger tunnel was discovered in 1978, a mile long and nearly seven feet wide.

Since then at least four tunnels have been discovered, with reinforced concrete slabs, electricity for lighting and fresh air generation, and narrow railway gauges to shuttle dirt and rock back to the tunnel entrance. Collectively, the four tunnels would have likely been able to move a brigade’s worth of troops an hour under South Korea’s defenses.

It’s difficult to determine how many tunnels exist. One report says that Kim Il-sung, the founder of the North Korean state and Kim Jong-un’s grandfather, ordered each of the ten frontline combat divisions to dig two tunnels. If completed, that would theoretically mean another dozen or so tunnels remain undiscovered. A former South Korean general, Han Sung-chu, claims there are at least eighty-four tunnels—some reaching as far as downtown Seoul. The South Korean government does not believe Han’s numbers—nor the claimed ability to reach Seoul—are credible. A forty-mile tunnel would reportedly generate a seven-hundred-thousand-ton debris pile, which has not been picked up by satellite. Despite the warnings, the last major tunnel was discovered in 1990 and South Korea seems to believe that the tunneling danger has passed.

If it has passed, it may be because North Korea has decided to tunnel in different ways. The North Korean People’s Liberation Army Air Force is believed to have three different underground air bases at Wonsan, Jangjin and Onchun. The underground base at Wonsan reportedly includes a runway 5,900 feet long and ninety feet wide that passes through a mountain. According to a defector, during wartime NK PLAAF aircraft, including MiG-29 fighters and Su-25 Frogfoot ground-attack aircraft, would take off from conventional air bases but return to underground air bases. This is plausible, as one would expect North Korean air bases to be quickly destroyed during wartime.

Another underground development is a series of troop bunkers near the DMZ. A North Korean defector disclosed that, starting in 2004, North Korea began building bunkers capable of concealing between 1,500 and two thousand fully armed combat troops near the border. At least eight hundred bunkers were built, not including decoys, meant to conceal units such as light-infantry brigades and keep them rested until the start of an invasion.

Other underground facilities are believed to have been constructed to shelter the North’s leadership. According to a South Korean military journal, the United States believes there are between six thousand and eight thousand such shelters scattered across the country. This information was reportedly gathered from defectors in order to hunt down regime members in the event of war or government collapse.

North Korea is believed to have hundreds of artillery-concealing caves just north of the DMZ. Known as Hardened Artillery Sites, or HARTS, these are usually tunneled into the sides of mountains. An artillery piece, such as a 170-millimeter Koksan gun or 240-millimeter multiple-launch rocket system, can fire from the mouth of the cave and then withdraw into the safety of the mountain to reload. These sites are used to provide artillery support for an invasion of South Korea or direct fire against Seoul itself. As of 1986, and estimated two hundred to five hundred HARTS were thought to exist.

According to a report by the Nautilus Institute, North Korea is also thought to have “radar sites in elevator shafts that can be raised up like a submarine periscope; submarine and missile patrol boat bases in tunnels hewn in rock; tunnels a kilometer or more in length for storing vehicles and supplies, or to hide the population of a nearby city.”

How would the United States and South Korea deal with these underground facilities in wartime? First, it would have to locate the facilities. These facilities are hard to spot via satellite, and gleaning information from defectors is perhaps the best way to learn about them in peacetime. Once war commences, signal intelligence will pick up radio transmissions from previously unknown underground locations, enemy troops will from concealed positions or tunnel entrances, and artillery counter-battery radars will fix the positions of HARTS. It is likely that, despite advance preparations, many of these positions will be a surprise to Washington and Seoul.

Once located, there are three ways of dealing with the sites. The first and safest way to deal with them is to bomb them from above. This presents the least risk to allied forces, but it will also prove difficult to determine whether air or artillery strikes have had good effect. The use of bombs or artillery shells may cause cave-ins that prevent allied forces from entering an underground complex and exploiting any intelligence found inside.

Another option is to simply station troops outside tunnels and shoot anyone who ventures outside. While also a safer option, an underground complex will always have multiple exits—the tunnels Kim Il-sung ordered his divisions to dig were to each have four or five exit points. The most thorough way to deal with the tunnels would be to enter them. This would be by far the most effective way to deal with regime holdouts, but also the most dangerous.

Pyongyang’s eventual defeat in any wartime scenario is a given, but its underground headquarters, fortifications and troop depots have the potential to not only enhance the Korean People’s Army’s ability to mount a surprise attack, but also to prolong the war, confounding the high-tech armed forces of its adversaries. Such underground shelters, wherever they are, will likely be the site of the endgame phase of the war, as the regime is driven underground by rapidly advancing allied forces. Only then will we discover the true extent of North Korea’s extensive underground empire.