Most countries have that ability. If the same standard is used for all nations, the US would have to be regarded as a major threat. We were one of the first to deploy cyber weapons, and lose control of them. That article is more propaganda than anything else.
Surely the current state-of-the-art cyber weapon was Stuxnet. Whoever conceived and coded that thing has set the bar so very high. It hit it's intended target with the precision of a laser guided bomb. Not only that , the target had full emr shielding , and was completely air-gapped . It's difficult to believe that a nation that is ruled by an extremely bad haircut could compete on that level.
If I understand it correctly, Stuxnet was delivered by USB. Someone had to plug that in. For all purposes, it's very similar to most web attacks, social engineering. Anyone can do that. It would be a simple matter to find a disgruntled employee in most any industry, corporation, government agency, etc would could be convinced or bribed into plugging in a malicious USB device. What really disgusts me about such articles is how they point at a potential adversaries abilities and actions while totally ignoring (or justifying) the same for ourselves and our allies. I''d wager that the NSA has spent more money on compromising things than North Korea has ever seen. Just about anything can be used to cause damage. Everyone has the ability to harm or kill. Having the ability is not the same as doing it. The nuclear weapons part of their argument is the absolute height of hypocrisy. Quite a few nations have them but we're the only ones that have ever used them, on civilians.
If everyone who has the capability of causing harm is regarded as an adversary, we'll end up alienating the entire world. Where will we stand if the rest of the world takes the same position regarding our cyber capabilities, especially when we hack our allies? Our policy boils down to "They are able to cause us harm so they probably will. We have to strike preemptively." What if the rest of the world adopts our policy? When did national security get achieved by global provocation?
US failed a Stuxnet-style attack against North Korea http://securityaffairs.co/wordpress/37333/intelligence/stuxnet-against-north-korea.html
I agree completely , the makers of Stuxnet knew from the start that the target system was well isolated. And it's target was so specific .... if it found itself on a network that included a certain Siemens Process Control system , it delivered its payload , in all other systems it infected , it did nothing , and remained hidden. Somebody plugged that USB in , for reasons we'll probably never know .... Ignorance ? .... most unlikely , there must have been very rigorous policies in place regarding employees and electronic devices , so that leaves ethical / ideological motives , financial gain , or fear . I think that both of these articles come with a large dose of " spin " :- http://securityaffairs.co/wordpress/37313/intelligence/north-korea-cyber-capabilities.html http://securityaffairs.co/wordpress/37333/intelligence/stuxnet-against-north-korea.html
A tactic like that could fail for other reasons, like glue in the USB ports. If I recall right, the Snowden leaks revealed another of their "standard operating procedures", blackmail. They find a higher level employee engaged in activities that their system, religion, etc badly frowns on, then use that for blackmail, putting the employee in a lose/lose situation. The US definition of the moral high ground. Something like that would be very effective in the religious countries of the middle east, not so much in NK. What really sickens me is that people don't see through some of that ridiculous spin. Just because an adversary has a nuclear weapon doesn't mean that they're going to target a US city. Contrary to what our "leaders" claim, the leaders of NK, Iran, etc aren't crazy and don't have a death wish. If they used a nuke on the US, they know we'd respond in kind, and blow them off the map completely. They'd want nukes for military targets, like the carrier groups that bomb countries into oblivion. Given our history over the last 50 years, any non-allied nation has to see that as a real possibility. In these cases "national security" translates into eliminating another nations ability to defend itself. History is repeating itself but very few see it, or even want to. I dread the day when someone starts employing the same cyber policies against us. The scary part is what could happen if they're not as careful regarding their targets or in their choices of where such code might work.