North Korea’s Spies Go High-Tech: Sneaky Tech Tricks Exposed

Interviews Former Prosecutor from National Security Division
Spy Equipment Evolves with Technology: From Shortwave Radios to Smartphones
Data Hidden in Steganography and the Cloud

With the evolution of time, the nature of espionage, its methods, and operational forms against the South has also transformed. The type of espionage common in the 1970s and 1980s is rarely seen in recent news. We gain insights from Choi Chan Min, a former national security attorney, who sheds light on the appearance of modern spies, how they are distinct from defector groups, and how they commend North Korea.

In 1987, Kim Hyun Hee and accomplice Kim Seung Il bombed Korean Air Flight 858 with a timed explosive. When they were pursued as suspects in Bahrain, they were arrested by the police. Facing imminent capture, they pulled out cigarettes they had prepared in advance. The cigarette filters contained suicide poison vials. Kim Hyun Hee swallowed a small amount and survived, but Kim Seung Il died from poisoning.

Timed bombs, suicide vials, poison needles, guns, and shortwave radios were the common tools we associate with spies.

Poison Needles and Guns, Now Only in Movies

In the past, this was the reality. When North Korea sent spies, they had to infiltrate by submarine, swimming to the coastline, or crossing the demilitarized zone. Because it was challenging to bring a lot of equipment during infiltration, they would hide radios, cipher tables, weapons, etc., in a prearranged cache (Dvok) and retrieve the equipment after infiltration.

In 1995, spy Kim Dong Sik, who successfully infiltrated the coast of Jeju Island, used weapons retrieved from seven caches. In 1997, spy Choi Jung Nam, who was arrested, stored guns and compasses in a cache he set up under a rock behind a bench at the top of an athletic park in Bongcheon-dong, Seoul.

Back then, they received orders through specific broadcasts (anti-South broadcasts). They execute the predetermined order when a particular song or word is played at a precise time. For instance, upon hearing a specific line like ‘The younger sister in Pyongyang is praying for the health of her brother who is serving in the military,’ they would carry out the operation.

Occasionally, spies receive specific directives from North Korea only after successfully infiltrating the South. If apprehended during this phase, they cannot disclose the mission’s purpose to the investigating authorities, as they are unaware of the exact order. This is where cipher tables become crucial. Historically, during early morning anti-South broadcasts, broadcasters would read out seemingly random sequences of numbers, embodying the essence of a cipher broadcast. Spies tune into these broadcasts and use their cipher tables to interpret the sequences and decipher their orders.

Spy Equipment Evolves as the World Changes

The world has changed significantly since the advent of smartphones, as has the world of spies. We can no longer find shortwave radios and cipher tables. This is because we now have email.

Emails can reveal send and receive records. Therefore, they temporarily share an email account and save letters, exchanging information and orders. Communication is possible without sending or receiving.

Hiding Orders in Plain Sight

To evade the eyes of investigative agencies, spies save computer file names such as “Jeju Island trip,” “Dongjak-gu restaurants,” etc. The program used for this is Steganography. The order form is revealed when you open the file through this program.

The development of steganography technology has made information activities in the world of spies more convenient. Through this, they encrypt documents and communicate with the North.

To use Steganography, they need to share an email account and password. During the pastor spy case in 2015, an investigator from the National Intelligence Service found an ID and password on the pastor’s Bible. Eventually, they logged in and secured the order.

Data Not on Mobile Phones, Found in the Cloud

In preparation for the seizure and search of their mobile phones, some self-made spies set complex passwords or stored essential data such as pictures not on their mobile phones but in the cloud.

Choi Chang Min, an attorney recognized for his expertise in national security within the prosecutor’s office, recounted an experience from years ago. He stated, “During the investigation of a case involving a group of defectors, we confiscated a mobile phone. The forensic analysis of the phone initially yielded no results, which was challenging. However, we managed to track down the cloud account linked to the mobile phone. In this cloud account, we discovered North Korean propaganda materials and a biography of Kim Il Sung titled ‘With the Century.'”

Even if you seize a mobile phone, there is a Supreme Court precedent that you cannot search and take the cloud. So, recently, investigative agencies have listed mobile phones and cloud accounts in their search and seizure warrants.

Can you unlock a mobile phone password? It’s challenging to get a password from spies who even keep their names and genders a secret. Lawyer Choi recalls a past investigation experience, saying, “Sometimes there are fingerprints in a pattern shape on the seized mobile phone screen, and we unlock the pattern by looking at it.” He explains, “For Face ID, the moment you hold up the mobile phone to the suspect’s face and ask, ‘This is your mobile phone, right?’ the Face ID is unlocked.”

Caught Trying to Pass Information with North Korean Hackers…

Graduates of North Korea’s Kim Chaek University of Technology mainly serve in hacker units. Nowadays, acquiring information through hacking has also become part of spy duties.

In April last year, an active-duty major from a special forces unit and a cryptocurrency exchange representative were arrested for trying to steal the South Korean Joint Command Control System through the active-duty major. The major fell into online gambling and debt and was trapped by North Korean hackers. The cryptocurrency representative also lost into debt due to online gambling, received cryptocurrency from North Korean hackers, and was trapped by North Korea.

The representative delivered a watch-type hidden camera and a PoisonTap to the major via courier, and the major was arrested by the counterintelligence agency, which had already noticed at the moment he tried to connect the PoisonTap to a PC in the military base. A PoisonTap is a device that can hack an internal network connected to a PC when connected via a USB port, and all information from the internal network can be remotely leaked.

Listening Devices Planted by Investigative Agencies… Spies Suspect Their Spouses

Our investigative agencies also use various equipment in the process of arresting spies. Wiretapping plays a significant role in gathering evidence.

If the meeting place of spies is known in advance, investigative agencies obtain a warrant from the court and install recorders in tables or ceiling lights to collect evidence. A listening device is also installed in the vehicle if a spy suspect is confirmed. In an actual case, a spy suspect found a listening device in his car when he went to a repair shop because his car battery was dead. However, he thought his spouse suspected him and installed it, leading to a couple’s quarrel.

Some self-made spies contacted their superiors using public phones. They figured out the routine and wiretapped that public phone. Technically, it is also possible to wiretap mobile phones. However, in our country, there are sensitive areas such as civilian surveillance, so telecommunications companies are uncooperative with the introduction of wiretapping equipment. As a result, investigative agencies have no choice but to rely on the seizure and search of personal mobile phones.

If you watch spy movies, there are scenes where listening devices are attached to the exterior walls of building windows to record internal conversations. This is possible. They also conduct wiretapping from a vehicle outside the building in this way.

“Wiretapping Warrants Should Be More Actively Used in Spy Cases”

All evidence is on the mobile phone. Murderers, bribe-takers, and spies all store information on their mobile phones. It is essential to look at a person’s mobile phone for investigation.

But the reality is not easy. Deleted KakaoTalk conversations are only stored on the Kakao headquarters server for three days. So, even if you have a warrant, it’s hard to find. Telecommunication companies are also more conservative about seizures and searches. Ultimately, investigative agencies must rely on the seizure and search of personal mobile phones.

Global companies like Google and Facebook are uncooperative with seizure warrants for ordinary criminals, but they actively cooperate in cases of murder, child sexual abuse, and terror.

Lawyer Choi said, “In our country, we need to adjust the scope or limit of seizure according to the crime,” and pointed out, “Spies use Steganography and put passwords on iPhone 15. If our counterintelligence agencies are still just following them around, it’s hard to respond appropriately.”

Special thanks to…

Attorney Choi Chang-min, Inhwa Law Firm
32nd Judicial Research and Training Institute, Bachelor of Law and Master of Law, Sogang University
Prosecutor, Seoul Central District Prosecutor’s Office
Chief Prosecutor of the First Public Prosecution Department, Seoul Central District Prosecutor’s Office
Director of Election Investigation Support, Public Prosecution Department, Supreme Prosecutors’ Office

By. Soo Jin Lee