North Korea’s cyber fingers are in many pots

The DPRK continues to demonstrate they are the nation state acting like a criminal state, as their cyber activities garner cold hard cash for the regime.

North Korea’s cyber fingers are in many pots
Chris Price via Creative Commons

While the world is fixated on the missiles being launched from North Korea (DPRK) with ever increasing regularity, many lose sight of the ugly underbelly of Kim Jong-un’s regime. The regime is a nation state that uses criminal activity against countries, companies and individuals. 

Cyber crime DPRK style

In a demonstration of their ability to utilize existing infrastructure for disruption operations, in September 2017, we saw DPRK launch a series of SMS (text) messages to the U.S. military population in South Korea (ROK), advising the recipients to prepare to execute the emergency evacuation plan. Accompanying this SMS were messages sent via Facebook Messenger. To their credit, the U.S. Forces Korea (USFK) anticipated such activity and had in place a “double check before you go” process, so no one grabbed their "go bag." 

Also in September, we saw FireEye attribute three separate attacks that mined Bitcoins off of ROK cryptocurrency exchanges by DPRK’s cyber teams. The success of these attacks may have been one of the considerations in the ROK Financial Services Commission's recently announced ban on Initial Coin Offerings (ICO) in the ROK.

Earlier this week, The Express interviewed Robert Hannigan, former director of U.K. security and intelligence agency Government Communications Headquarters (GCHQ), about DPRK. His message was explicit and unambiguous: DPRK cyber experts are “after our money.”

Hannigan noted how the WannaCry ransomware attack, which nearly crippled the U.K.’s National Health Service in May 2017, is an example of DPRK's capabilities. (The NSA also attributed WannaCry, which touched people and organizations in 150 countries, to the DPRK, specifically the Reconnaissance General Bureau — DPRK’s spy agency).

The BBC reminds us of the history of DPRK using their cyber skills to garner cold hard cash with DPRK's attempt to extort millions from Sony in retaliation for the entertainment company’s intent to release a satiric film about DPRK’s leadership, "The Interview." Then in 2016, there were the multiple exploits of the Swift payment system, which hit 35 banks and heisted $951 million, including $81 million from the Central Bank of Bangladesh.

DPRK cyber capabilities

Knowledge of the DPRK cyber operations capabilities has been the focus of the Center for Strategic Studies for many years. In the center’s December 2015 report “North Korea’s Cyber Operations – Strategy and Responses,” they note how DPRK’s peacetime strategy includes “launching low-intensity unconventional operations to disrupt the peaceful status quo without escalating the situation to a level the DPRK cannot control or win.”

To that end, the report demonstrated a modicum of prescience (or spot-on analysis) when they noted the likelihood of DPRK continuing “cyber operations with diplomatic offensives, psychological operations, military exercises, missile tests or other provocative behavior.”

DPRK criminal activities

Many of the diplomatic missions of DPRK are expected to self-fund their existence. In a brief expose on how the DPRK diplomats make ends meet, The Telegraph discusses both legitimate (flea markets) and the criminal (black markets, bootlegging and drugs).

Don’t feel too sorry for them. There is ample evidence that DPRK is involved in the production of illicit drugs, counterfeit currency, cigarettes and pharmaceuticals and that he diplomatic missions are the store fronts.

The 2008 Congressional Research Service’s report “North Korea Crime-for-Profit Activities” estimates more than $500 million per year is garnered for DPRK via criminal activities.

While the report indicated a decrease in counterfeiting activities, a late-2016 piece, also from The Telegraph, notes how DPRK may be back into the U.S. $100 bill counterfeit currency production after a few years' hiatus. The counterfeit $100 super note, which the DPRK perfected, caused the U.S. to adjust how its currency is printed.

A DPRK citizen was recently arrested after attempting to pass $5 million in $100 bills during a money exchange action in China. The individual changed the U.S. counterfeit currency into Chinese currency and then deposited the latter in Chinese bank accounts.

In September 2017, The Global Initiative Against Transnational Organized Crime issued its report “Diplomats and Deceit: North Korea’s Criminal Activities in Africa,” which skewers DPRK and its diplomatic missions for their criminal enterprises across Africa. The report updates what the CRS noted in 2008, with the addition of an amplified discussion on DPRK’s part in the export of rhinoceros horns and ivory.

Bottom line: Expect more cyber crime activities

DPRK will continue to use their cyber capabilities to raise much needed hard currency for their regime. Indeed, with the newest sanctions levied by the United Nations and supported by China, we may expect DPRK to double down and demonstrate just how formidable a nation state hell-bent on monetizing their criminal activity really is.

NEW! Download the Winter 2018 issue of Security Smart