• United States



Christopher Burgess
Contributing Writer

Theft of North Korean secrets may have pushed Kim Jong Un into talks

News Analysis
May 14, 20186 mins
CybercrimeData BreachSecurity

The ultimate insider has made off with North Korea's cyber intelligence, counterintelligence and nuclear secrets, causing people to think that's why Kim Jong Un met with South Korea's leader.

There are many theories on what propelled Kim Jong Un, leader of North Korea (DPRK) to tone down the bellicose rhetoric and meet at the Inter-Korean Peace House in Panmunjom with President Moon Jai-en of South Korea (ROK) in March 2018. They range from a natural catastrophe at the DPRK’s nuclear research facility to the weight of the economic sanctions levied against the DPRK was taking its toll.

Let me add one more to the mix. It was the defection to the west of a high-level DPRK official who has knowledge of DPRK’s activities against the west. An individual whose knowledge of both nuclear cyber and intelligence efforts being pursued by the DPRK may have been of sufficient weight to tip the proverbial scales. Put more simply, his hole cards were showing, and Kim Jong Un doesn’t know who has seen them.

Who is this DPRK defector?

According to the DailyNK (located in Seoul), a man identified only as “Mr. Kang,” a senior-colonel in his late 50s, defected to the west while posted as head of the Foreign Counterspionage Office of the DPRK’s Ministry for State Security. Mr. Kang, was in charge of operations in Russia, China and Southeast Asia. By any measure he would be considered an ultimate insider.

What type of operations was Mr. Kang involved in?

Covert nuclear liaison

Mr. Kang is reported to have directed those operations in China and Russia, which developed talent for the DPRK’s nuclear program. In addition, he provided key support to the nuclear program by organizing the covert exchanges between Russian and Chinese scientists with those of the DPRK.

DPRK’s counterfeit $100 super note  

Mr. Kang is also reported to have absconded with a considerable amount of cash when he disappeared from the Zhongpu International located in Shenyang, China, on Feb. 25, 2018. In addition to cash, he is believed to have taken with him the counterfeit plates/machine associated with the DPRK’s counterfeiting of the U.S. $100 bill, a counterfeit that was so precise it was known as the “super note.”

In late 2017, it was reported that a new super note $100 was discovered in the Seoul branch of the KEB Hana Bank. Speculation immediately followed that the DPRK had resumed the printing of counterfeit U.S. currency to bolster their hard currency reserves. Those plates, will provide a leg-up for the U.S. Secret Service, if they receive them, to providing guidance to the global banking system on the identification of the new variant of the super note.

Why Mr. Kang is damaging to the DPRK?

Mr. Kang was a senior officer within the Foreign Counterespionage group. He was known as part of the “Troika,” which had responsibility for DPRK’s cyber, counterintelligence and nuclear efforts. This included the remit to thwart other nation attempts to penetrate the DPRK regime.

His knowledge, in the hands of a DPRK adversary, would provide an optic into what the DPRK intelligence apparatus knew about the adversary’s efforts and what methods were being used by the DPRK to thwart those efforts. In addition, Mr. Kang’s knowledge of the DPRK’s efforts to penetrate the government and industries of other nations will prove invaluable. 

In a nutshell, he is a walking, talking version of the DPRK intelligence playbook. If you are riding the intelligence collection carousel focused on the DPRK, you’ve just grabbed the brass ring with Mr. Kang’s defection.

Why would Mr. Kang defect?

There has been no information that would lead one to believe Mr. Kang’s breaking trust with the DPRK had anything to do with ideological beliefs. All available information indicates he was running for his life.

What is Group 109

The DPRK population’s access to information is limited. Netflix hasn’t quite made its way to the DPRK, and the 28 websites available to the the privileged within the population constitutes the online experience.

Like water finding its way down a rocky slope, so too do the people of North Korea in their quest for information. To thwart these efforts, Kim Jong Un created Group 109, which is responsible for identifying those who may be watching and distributing foreign media — television programs, information, etc.

Group109 monitors mobile phone users via a number of methods, including the “Red Star” operating system, which allows the government to access users of the 3G cellular network’s devices to scan for subversive or illegal content. They also conduct physical searches of the homes of those who are suspect.

Mr. Kang’s son’s home was searched by Group 109, as he had been detected watching South Korean and U.S. movies. During the search they found “ledgers” that allegedly detail Mr. Kang’s activities and monies earned in secret from his perch in China — money that would be viewed as illicit and illegal personal gains.

What is the DPRK doing about it?

Pyongyang summoned Mr. Kang for discussions. Alarm bells went off. This was enough for Mr. Kang to deduce that his gig was up and to either go to the “discussions” and face the music of his personal indiscretions and greed, which would most likely include meeting his demise, or run. He chose the latter, leaving his family to fend for themselves.

Once his absence was noted, Kim Jong Un is reported to have dispatched two teams of assassins to locate and eliminate Mr. Kang.

Mr. Kang’s information on the cyber, nuclear and intelligence activities no doubt caused the EKG to display a few spikes, but it was personal for the leader of the DPRK. Mr. Kang’s ancestry makes him a “prominent” individual within the DPRK — he was blood. The DailyNK explains, “From Kim Jong Un’s perspective, Mr. Kang was vital to preserving North Korea’s lineage.”

Given Kim Jong Un’s willingness to execute and assassinate family members, Mr. Kang may have made the right decision.

Mr. Kang is believed to have found his way to either the U.K. or France.

Kim Jong Un knows his playbook has been laid bare, and while he no doubt has a few cards up his sleeve to pull out at the appropriate time, he has shown up at the table in Panmunjom and can be expected to show up in Singapore on June 12, 2018.

Christopher Burgess
Contributing Writer

Christopher Burgess is a writer, speaker and commentator on security issues. He is a former senior security advisor to Cisco, and has also been a CEO/COO with various startups in the data and security spaces. He served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Cisco gave him a stetson and a bottle of single-barrel Jack upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit, Senior Online Safety.

More from this author