Kim Yong Chol: The man behind North Korea’s Cyber warfare.

U.S. top spy James Clapper has “extraordinarily unfriendly” secret meeting with North Korean chief cyber warrior shortly before Sony attack

By Nate Thayer
January 9, 2015

Ten days before the attack on the Sony movie depicting the assassination of Kim Jong Un, North Korea’s head of cyber warfare hosted an “extraordinarily tense and unpleasant” secret banquet in Pyongyang for a most unlikely guest of honor–the U.S. top spy James Clapper.

U.S. Director of National Intelligence James Clapper (l) at release ceremony of U.S. prisoners presided over by the North Korean head of secret police Kim Ho Wong

One U.S. official said “nobody was enjoying themselves or smiling” at the dinner hosted by General Kim Yong Chol, head of North Korea’s Reconnaissance General Bureau.
The Reconnaissance General Bureau is the nerve center for North Korean espionage and terrorism–coordinating North Korean covert operations which have blown up civilian airlines, assassinated opponents and political leaders, kidnapped foreign nationals, sold arms to rogue armed groups and governments from Syria to Iran, and commands North Korea’s cyber warfare network of as many as 5800 elite cyber warriors. General Kim and his RGB are sanctioned and banned from international travel by the United Nations, the U.S., and the European Union, among others and reports directly to the core inner power circle surrounding Kim Jong Un.
The dinner did not end well.
The 12-course feast of seafood, chicken, salad, Kimchi, beer, and wine “was delicious. I just wish we’d had a more relaxed conversation,” Clapper said. “I was hosted by the head of what is called the Reconnaissance Guidance Bureau, which is their kind of combination intelligence and special operation force.”
After the meal, General Kim Yong Chol dispatched emissaries to Clapper’s hotel and informed him that Pyongyang “could not guarantee my safety and security”, that “the citizens of Pyongyang were aware of our presence” and “were ‘agitated’, quote, unquote,” Clapper told CBS News on November 16.
Three days later, North Korea launched its cyber attack crippling Sony, according to U.S. officials.
“If Clapper had a deliverable message to give to Kim Yong Chol, would they not have launched the cyber attack on Sony? That is a perfectly valid question. I am not sure we have the answer to that. Kim Yong Chol would be in a position to know the answer to that question,” said Joseph DiTrani, former North Korea Mission Manager for the Director of National Intelligence, in a January 9 interview. A 30 year veteran of the CIA, DiTrani now heads the private Intelligence and National Security Alliance.

North Korean Reconnaissance General Bureau chief General Kim Yong Chol (l) with then North Korean supreme leader Kim Jong Il on a visit to the RGB military unit headquarters in 2010

“Kim Yong Chol is a very important player. He is the operations guy–the go to guy for cyber warfare issues, proliferation issues, arms sales to Iran and Syria,” said DiTrani.
“They were expecting some big breakthrough. I was going to offer some big deal, I don’t know, a recognition, a peace treaty, whatever. Of course, I wasn’t there to do that, so they were disappointed, I’ll put it that way,” Clapper told the Wall Street Journal in November.
The notoriously short-tempered General Kim Yong Chol and his RGB has been on the radar screen of the Americans for a long time.
Ditrani said General Kim Yong Chol “has a reputation of being difficult, a straightforward in-your-face strong personality who speaks his mind, has the respect of the troops and the direct ear of Kim Jung Un. It is also known that he is not enamored with the U.S.”

North Korean head of cyber warfare General Kim Yong Chol

Clapper was the highest level U.S. government official in 14 years and on a less than 24-hour secret mission to visit the country to gain the release of two Americans being held prisoner. North Korea had compiled a comprehensive dossier on Clapper including the detailed flight missions a younger Air Force lieutenant-general Clapper flew in Vietnam in the early 1970’s, U.S. officials said.
“Director Clapper has got 16 intelligence agencies under him and could respond with full authority if confronted with North Korea saying ‘We are not proliferating nuclear weapons, we don’t have missiles’. Clapper could look them in the eye and say: ‘We know what you’re doing’,” said DiTrani.
Waiting on the airport tarmac in Pyongyang was an official U.S. government airplane with two dozen heavily armed American special operations soldiers –the largest contingent of U.S. troops to officially enter North Korea since the end of the Korean war 60 years earlier, said U.S. officials and North Korean watchers.

U.S prisoner Matthew Miller boarding U.S. government plane in Pyongyang with top U.S. spy General James Clapper

At the time, few took notice of who hosted Clapper’s banquet in North Korea and U.S. Department of National Intelligence spokesman Michael Birmingham said in an email interview in December “There is nothing more that will be said about the trip either on the record or on background. If that changes, we will let you know.”
Since, Washington levied sanctions on the Reconnaissance General Bureau on January 2 in retaliation for the cyber attack. The U.S. Treasury Department called the RGB “North Korea’s primary intelligence organization” which controls the regimes “major cyber operations.”
WHO IS GENERAL KIM YONG CHOL?
Gen. Kim Yong Chol, a former bodyguard of Kim Jong Il, got on the fast track to the center of power after 2008, simultaneously with the ascent of the current regime supreme leader Kim Jong-un.
In 2009, he took command of what has become one of the most powerful offices of the North Korean government, the newly reconstituted Reconnaissance General Bureau, in charge of all overseas clandestine spy operations for the regime. It was then the RGB absorbed the reconnaissance department of the armed forces; the all-powerful “operations department” of the ruling party which dispatched covert agents and assassination teams abroad; and the former “Room 35″, in charge of foreign intelligence operations and illegal arms sales, drug trafficking, and other foreign currency earning operations that funded the elite core power figures and reported directly to the Kim family and ruling Korean Workers’ Party. Room 35 orchestrated the kidnapping of citizens from at least 11 countries, including South Korea’s most famous actress and her movie director husband in 1978, as well as the bombing of a South Korean civilian Airplane that killed 125 people in 1987.
General Kim Yong Chol is said to have commanded the clandestine attack sinking a South Korean naval ship in 2010. Shortly afterwards he was put in charge of foreign sales and distribution of internationally banned weapons to rogue nations and guerrilla armies.

RGB head General Kim Yong Chol with regime leader Kim Jong Un

General Kim Yong Chol was elected to the powerful Central Committee of the ruling Korean Workers Party and the Central Military Commission during the 3rd Korean Worker’s Party Conference on September 28, 2010–the same day Kim Jong Un was ever seen in public and formally unveiled as heir to his father as North Korea’s next leader.
The previous month, in August 2010, President Obama signed an Executive Order that first named Kim Yong Chol and his RGB as “facilitating North Korean trafficking in arms and related material; procurement of luxury goods; and engagement in illicit activities, including money laundering, the counterfeiting of goods and currency, bulk cash smuggling and narcotics trafficking” and freezing their assets, citing them as “WMD proliferaters” and “isolating them from the U.S. financial and commercial systems.”
Those and other sanctions on General Kim have not slowed down his rise to his current position at the very epicenter of North Korean power. In February, 2012, only weeks after Kim Jong-un assumed power after the December death of his father, Pyongyang announced the creation of a new medal–the “Order of Kim Jong-il” awarded for services in building a “thriving socialist nation”. The small group of first recipients included Kim Yong-chol. The next day, Kim Yong-chol was promoted to four-star general rank.
General Kim Yong Chol and his Cyber Warriors
North Korea is the only country in the world where access to the internet is banned. Official media have called the “stealth Internet” a means for “providing information for impure elements who concoct anti-government conspiracies in anti-imperialist, independent countries.” The regime defines the internet itself as “cyber terrorism” where “the United States attempts to largely disseminate a US-style sense of values, bourgeois ideology and culture, and falsely fabricated materials, whereby it fosters social disturbance and political instability and instills the reactionary and tainted US-style ideology, culture, and way of life into people.”

Kim Jong Un in 2012

Since 2009, General Kim has deployed North Korean cyber warfare units abroad, according to U.S. and South Korean governments and media reports, and is said to have directed 2010, 2011, 2012, and 2013 cyber attacks on South Korean banks, media, and U.S. military facilities.
North Korea’s preeminent covert cyber warfare entity, Unit 121, was promoted to the status of a “Department” under the Reconnaissance General Bureau after General Kim Yong Chol consolidated his control of the RGB in 2009. It was then when cyber warfare manpower rapidly expanded from 500 to about 3,000 in 2012, said former cyber warfare specialist Kim Heung-kwang, who defected to South Korea in 2004.
“The 121st Unit, originally under the Korean People’s Army General Staff Reconnaissance Bureau, was reorganized in 2008 into technical reconnaissance teams, with a mission that includes infiltrating computer networks, hacking secret information, and planting viruses to paralyze enemy networks,” said an article in the U.S. Naval War College Review in 2012. “Cyberspace has now become the fifth battlefield, where an important ‘non-war’ must be fought and victory won through a ‘minimal damage’ strategy.”
“The North merged secret intelligence departments formerly under the Workers’ Party into a new Reconnaissance General Bureau early”, Hwang Won-dong, chief of intelligence at the South Korean Defense Ministry told the Korean Herald in 2010.
The RGB is structured into six departments: Bureau 1: operations; Bureau 2: reconnaissance; Bureau 3: overseas intelligence; Bureau 5: inter-Korean talks; Bureau 6: terrorism; and Bureau 7: technology and cyber and support teams for the previous 5 bureaus.”
There is no Bureau 4 because the Korean number four is pronounced similarly to the word for “death”.

In 2009 and 2011, the United States was targeted by DDOS cyber attacks by North Korea and U.S. officials intensified their assessment of North Korea’s cyber warfare capabilities. “North Korea currently operates technical reconnaissance teams consisting of approximately a thousand members under the People’s Army General Staff Reconnaissance Bureau; professional North Korean hackers have usually been placed in China, from where they continuously attempt to hack the internet,” according to the U.S. Naval War College Review. “The 121st Unit, originally under the Korean People’s Army General Staff Reconnaissance Bureau, was reorganized in 2008 into technical reconnaissance teams, with a mission that includes infiltrating computer networks, hacking secret information, and planting viruses to paralyze enemy network.”
“Strange thing that happened in the heart of the U.S., the ill-famed cesspool of injustice, is now afloat in the world as shocking news,” said a December 21, 2014 statement headlined “U.S. Urged to Honestly Apologize to Mankind for Its Evil Doing” issued by the Policy Department of the National Defense Commission–also headed by General Kim Yong Chol–calling for a halt to the release of the Sony movie.

The above tables are from a paper published by a Washington D.C. think tank, the Korean Economic Institute, which receives direct funding from and supervision by the South Korean government and intelligence services

The above tables are from a paper published by a Washington D.C. think tank, the Korean Economic Institute, which receives direct funding from and supervision by the South Korean government and intelligence services

The above tables are from a paper published by a Washington D.C. think tank, the Korean Economic Institute, which receives direct funding from and supervision by the South Korean government and intelligence services

“The Sony Pictures Entertainment, the biggest movie producer in the U.S., which produced the undesirable reactionary film “The Interview” daring to hurt the dignity of the supreme leadership of the DPRK and agitating even terrorism…was exposed to surprisingly sophisticated, destructive and threatening cyber warfare and has been thrown into a bottomless quagmire….This is an official stand of the army and the people of the DPRK on what happened in the heart of the U.S.”
“Cyber warfare is asymmetrically advantageous for the North” noted defector Kim, observing its indigenous internet servers are largely not connected to the internet, which makes North Korea immune to cyber attacks. “But South Korea and other enemy countries, or any other country for that matter, will undergo major chaos if their computer system were to crash. For this very reason North Korea is fascinated with cyber warfare. You can steal any classified information from enemy states, incapacitate their servers and cause social panic through psychological warfare.”
According to South Korea’s Defense Security Command (DSC), most attacks by North Korean hackers take place via China.
At s South Korean conference held by their Defense Security Command in 2009, they estimated the South Korean military was targeted with cyber attacks “95,000 times per day, with eleven percent of the attacks being ‘sophisticated attempts to extract military intelligence’. 10,450 cases of hacking attempts: 81,700 attempts to infect computers with viruses; 950 ‘denial-of-service (DoS)’ attacks; and 1,900 ‘falsification of Internet homepages’.”

RGB head General Kim Yong Chol with Kim Jong Un overlooking the area where General Chol is accused of attacking South Korean territory

On April 10, 2010 South Korea said cyber assault on South Korean banks and media in March that year came from the North. “Three South Korean banks and three TV outlets broadcasters were the target of malicious code infecting 48,000 computers on March 20,” the South Korean newspaper Yonhap wrote. Then, 58 internet servers associated with the bank and 14 Web sites were targeted on March 25 and 26.
“An analysis of cyber terror access logs, malicious code and North Korean intelligence showed that the attack methods were similar to those used by the North’s Reconnaissance General Bureau, which has led hacking attacks against South Korea,” said Lee Seung-won of the South Korean Ministry of Science.
In April, 2012 Pyongyang erupted threatening to reduce Seoul to ashes “in three or four minutes…by unprecedented peculiar means and methods of our own style” naming targets as the “rat-like elements including conservative media destroying the mainstay of the fair public opinion.”
In June, 2012 North Korea’s military named specific geographical coordinates of South Korean media groups and vowed a “merciless sacred war” would be launched because of criticism suggesting that thousands of children demonstrating loyalty to the Kim dynastic regime were orchestrated events. The North broadcast specific longitude and latitude coordinates of seven media outlets in Seoul and said if an apology for the “vicious smear campaign” wasn’t issued they would attack. “Officers and men of the army corps, divisions and regiments on the front, and strategic rocket forces in the depth of the country, are loudly calling for the issue of order to mete out punishment,” the official Korean Central News Agency announced.
If the media didn’t rescind the news stories which “recklessly challenges our army’s eruption of resentment, it will retaliate against it with a merciless sacred war of its own style as it has already declared,” the Army General Staff said, warning “time is running out.”
Shortly afterwards, several South Korean media outlets suffered sophisticated take downs of their entire computer networks.
In July, 2014 South Korean and Japanese media reported “North Korea has doubled the number of its elite cyber warriors during past two years and established bases at overseas for hacking attacks”, saying cyber warfare personnel now numbered 5,900, up from 3,000 in 2012.
In June 2013, South Korea said they had confirmed cyber attacks on the government Policy Coordination Office, the Presidential Blue House, and South Korean Media on the 63rd anniversary of the armistice that ended the Korean War.
Media reports in July, 2014 quoted military sources saying that the General Bureau of Reconnaissance cyber warfare hacking division alone comprised 1,200 professional hackers based abroad in Europe and Asia–primarily China.

U.S. prisoner Matthew Miller attending his release ceremony with top U.S. spy James Clapper in Pyongyang, November 9, 2014

“North Korea has a high-capacity to conduct robust cyber operations aimed at collecting foreign intelligence, disrupting foreign computers, information and communication systems, networks and critical infrastructures, and stirring public discontent and disorder in the enemy states,” wrote Dr. Alexandre Mansourov, a long time North Korean intelligence analyst for the U.S government, in a December 2014 academic paper titled “North Korea’s Cyber Warfare and Challenges for the U.S.-ROK Alliance” for the Korea Economic Institute, a Washington think tank. “The Korean People’s Army concentrated its efforts on strengthening the cyber war capabilities through establishing a command and control structure dedicated to cyber warfare, forming military units specializing in cyber warfare, training expert manpower, and advancing research and development of core cyber technologies.”
In addition to cyber warfare, General Kim controls the sale of weapons to countries such as Syria and Iran, has ordered the assassination of regime opponents abroad, launched military attacks on South Korea, has targeted numerous foreign media, banks and government agencies–including the U.S.–in cyber attacks in the last 5 years, and commanded other often deadly covert missions attacking foreign adversaries , according to numerous U.S, European, South Korean, and other foreign sources.
The RGB “specializes in the production of maritime military craft and armaments, such as submarines, military boats and missile systems, and has exported torpedoes and technical assistance to Iranian defense-related firms”, according to December 2011 United Kingdom and EU sanctions documents. The RGB is “responsible for approximately half of the arms and related material exported by North Korea” and RGB front companies “facilitated transactions involving … designated Iranian financial institutions…for the benefit of North Korea’s Reconnaissance General Bureau’s (RGB) weapons program.”

The Mirim Cyber warfare school in Pyongyang where North Korea’s cyber warriors are trained

Kim Yong Chol and his RGB are deeply involved in illicit weapons sales abroad including to both Syria and Iran, and have been named as having front companies based in Khish island, Iran, Syria, Libya, the United Arab Emirates, and elsewhere in Europe, Africa, and Asia.
O KUK RYOL
General Kim Yong Chol, significantly, long was supervised by one of the regimes most powerful figures, General O Kuk Ryol, the father of North Korea’s cyber warfare program and in charge of all foreign covert operations–from the distribution of U.S. counterfeit currency to international narcotics trafficking–since the early 1980’s.
General o Kuk Ryol and General Kim Yong Chol are said to have a contentious relationship. Numerous reports indicate that General Kim is hotheaded and has caused friction with core elite figures in the North Korean regime. General Kim Yong Chol technically reported to General O Kuk Ryol, who held the portfolio for overseas intelligence and special operations until at least 2009.
General O, whose ties to the ruling Kim family go back to childhood, has also been deeply implicated in numerous illicit activities abroad and is on numerous sanction lists. The UN described O Kuk-ryol as “supervising the acquisition abroad of advanced technology for nuclear and ballistics programs” in a list of sanctioned North Korean officials in 2009. The EU added him to its list in December of 2011.
O has long been believed to be a key figure behind the North’s production of counterfeit American currency and nuclear and missile programs as well as controlling a vast apparatus of special forces.
One of Gen. O’s son, O Se-won, was one of two relatives of Gen. O involved in North Korean counterfeiting and distribution of U.S. currency, according to U.S. officials. One son, O Se Won, is known to be close to Kim Jong Un and was implicated in the seizure of a North Korean ship smuggling heroin to Australia in the early 2000’s.
Ri Il-nam, a relative of General O, was formerly a diplomat accredited to the North Korean Embassy in Ethiopia and acted as a courier of fake U.S, currency notes, travelling between Pyongyang, Beijing, Ethiopia and elsewhere, according to a 2010 Washington Times report.
In an intriguing related matter, another son of General O Kuk Ryol, Major General O Se-uk, defected from North Korea to the United States in 2004. His defection has never been publicly acknowledged by either North Korea, the United States, or South Korea. The younger general O Se-uk was involved in North Korea’s early cyber warfare development, and now is under the protection of U.S. intelligence authorities. U.S. officials are uniformly silent when asked about the defection, but it is generally agreed his defection represented one of the most important high level defections ever from North Korea, given his personal connection to the most senior inner circle of political power and his knowledge of Pyongyang’s cyber and other covert operations.
The Reconnaissance General Bureau
Kim Yong-chol was first sanctioned by the U.S. government in August 2010, when President Obama issued an Executive Order that sanctioned a single North Korean official–General Kim Yong-chol–the RGB he commanded, and the Green Pine Associated Corporation, a North Korean front company the US and others identified as controlled by the RGB which sold arms to rogue regimes including Iran and Syria. The U.S. had concluded that General Kim Yong Chol commanded the secret spy submarine that attacked a South Korean navy ship in an “unprovoked attack that resulted in the sinking of the South Korean Navy ship Cheonan and the deaths of 46 sailors in March” of 2010.
Green Pine “was organized through the RGB and Gen. Kim Yong-chol, and Kim Jong-un had a managing role in the entity,” said North Korean analyst Michael Madden in an email interview in 2014.
Gen. Kim Yong Chol is implicated in ordering and commanding assassinations of political opponents abroad. Two North Koreans confessed to receiving orders from Kim Yong Chol to assassinate a high profile North Korean defector in 2010, Hwang Jang Yop, who defected to South Korea in 1997, according to the South Korean National Intelligence Service.
The RGB is also known by its military designation of “Unit 586” of the Korean People’s Army. The RGB is widely believed to have organized the attack on the Cheonan in March 2010. In April 2010, weeks after the deadly underwater explosion of the South Korean Naval ship, then leader Kim Jong Il visited the military unit visit on the anniversary of the founding of the KPA to congratulate them on their efforts. Kim Jong Il was escorted by RGB head and then Lieutenant General Kim Yong Chol.
In March 2013 Kim Yong Chol appeared in state media threatening to nullify the 60-year-old armistice agreement that brought a ceasefire to the Korean war. In April, 2013 North Korea announced it could not guarantee the safety of diplomats or foreigners after Kim Yong Chol met with foreign ambassadors in Pyongyang.
General Kim Yong Chol and Clapper Visit
During the three-hour secret dinner on November 8, 2014 for U.S. spy James Clapper hosted by General Kim Yong Chol, General Kim angrily denounced “US provocations” and U.S. military exercises with South Korea. Clapper had been dispatched on a secret mission to retrieve two Americans who had been imprisoned by North Korea.
Of his dinner with General Kim, Clapper said: “It reinforced for me something I have always understood about North Korea that it is a country that feels itself to be under siege and institutional paranoia and that was certainly reflected in a lot of things he said for example allegations about our exercises that we conduct in (South Korea). They did bring up the human rights issue at one point although we were well into the dialogue criticizing us for our interventionist approach, our interventionist policies in their internal matters,” said Clapper. “It was that sort of dialogue. It wasn’t exactly a pleasant dinner.”
At 11:15 the night of November 8, as the banquet came to a close, Clapper gave general Kim Yong Chol the letter from President Obama–or as Clapper told the Wall Street Journal “we decided to deploy the president’s letter.”
Gen. Kim Young Chol was visibly unhappy with Obama’s message which “didn’t apologize.”

U.S. government plane on the tarmac in Pyongyang, November 9, 2014. Inside were two dozen heavily armed U.S. special operations soldiers

When Clapper and his delegation woke the next morning, their North Korean interlocutors informed them the top U.S. spy was no longer considered an official U.S. envoy and “could not guarantee my safety and security.” America’s top spy and his delegation were then left alone at their government guest house to cool their heels for the remainder of the day with no idea what to expect next.
“We spent the rest of the (next) day waiting for quite some time until late afternoon. Then some MSS representative came by the state guesthouse and said ‘You have 20 minutes to pack up your luggage and then you are leaving.’ We check out and were taken to the Koryo hotel downtown and we were ushered into a room in which the amnesty granting ceremony I guess I would call it was conducted,” Clapper told CBS News.

U.S prisoner Kenneth Bae as he was presented to U.S. Director of National Intelligence James Clapper in Pyongyang November 9, 2014

Clapper was ushered into a room across from North Koreans said to from the North Korean prosecutor’s office. Behind them were the two U.S. detainees Kenneth Bae and Matthew Miller dressed in prison uniforms and flanked by Korean People’s Army soldiers.
The North Koreans top spy and Clapper’s counterpart–head of the Ministry of State Security, Gen. Kim Won Hong–entered and everyone rose to their feet as General Wong read a letter from Kim Jong Un granting Bae and Miller amnesty pardoning them for their crimes.
“Mr. Kim turned to me and said he hoped we could have future dialogue, but not on the subject of detainees,” Mr. Clapper said.

Clapper then left immediately for the airport with the two American prisoners and boarded the U.S. government airplane. The two dozen heavily armed American special operations soldiers and the plane’s crew, who had waited for 24 hours, immediately departed.