North Korea challenges the West on multiple fronts
In the current climate of nuclear brinkmanship between the United States and the Democratic People’s Republic of Korea (hereafter referred to as North Korea), one might wonder how the situation was allowed to reach this point. The US and its allies have imposed sanctions on North Korea before, but the nuclear weapons tests keep coming. What gives?
As it turns out, North Korea has not been sitting back and contritely absorbing the economic damage. Over the past few years, the Kim Jung-un regime has devoted significant resources to ratcheting up its hacking skills. Recent examples of its cyber escapades include Asian bank heists that garnered millions of dollars. One particularly brazen theft netted the North Koreans over $81 million at the expense of a Filipino bank.
They are also behind the May 2017 Wannacry ransomware attack, which spread to hundreds of thousands of computers worldwide last by exploiting a Windows operating system vulnerability known now as Eternal Blue. A clandestine Internet-based group known as The Shadow Brokers released Eternal Blue, along with other hacking tools, into the wild, allowing anyone with the necessary tech savvy to turn it against any system of their choosing.
Cybersecurity firms Kaspersky Labs, Symantec and Fireye used patterns and clues within Wannacry’s code to conclude that the Lazarus Group, a hacking group known to be connected to the North Korean government, was indeed responsible. Subsequently, the preeminent US cyber-intelligence agency, the NSA, corroborated this story by issuing a statement pointing the finger at the Kim Jung-un regime.
At the time, the malware exploit only made off with about $140,000 in Bitcoin from those willing to pay, although actually putting lives at risk by affecting medical services in the UK. Bitcoin, a cryptocurrency, is a fully digital currency that uses high-grade encryption to ensure the privacy and dependability of transactions online. At first, the three bitcoin “wallets” reported to be the depositories of this ransom money saw no activity, but on August 2, after more than 300 unique payments, the perpetrators finally began to reap their ill-gotten loot. In a rapid succession of seven withdrawals, the three wallets were quickly emptied.
You have to give the North Koreans credit: market timing might have been a motive for cashing in. In recent months, Bitcoin has enjoyed a meteoric appreciation, and will now even split into two separate cryptocurrencies. Reported estimates state the return on waiting at about 20%.
While the NSA predictably has not revealed its intelligence sources, Internet security research groups Recorded Future and Team Cymru have recently published new findings on the pattern of North Korean cyber activity. The first finding of interest has to do with private – or more accurately elite – activity, and it is striking. As on the economic front, North Korea is not anywhere near as closed as it once was. From the report:
“Our analysis demonstrates that the limited number of North Korean leaders and ruling elite with access to the Internet are actively engaged in Western and popular social media, regularly read international news, use many of the same services such as video streaming and online gaming, and above all, are not disconnected from the world at large or from the impact North Korea’s actions have on the community of nations.”
The second major finding is that the DPRK routes substantial traffic through Internet nodes abroad. Of course China is in this mix, but the surprise of the report is that Chinese networks only account for about 10% of traffic, with India being a more significant player and Indonesia, Mozambique, New Zealand, Kenya and Nepal all playing a role as well. These patterns underscore the need for greater coordination on cyber issues as well as sanctions enforcement.
The history of North Korea/Iran coordination on nuclear weapons development further highlights the need to work against the efforts of such regimes.
In that regard, the US State Department’s loss of its cyber coordinator, Christopher Painter, is a step in the wrong direction. Not only that, but it would seem to run counter to US President Donald Trump’s own May 11 executive order calling for a review to strengthen cybersecurity. It is part of a much larger pattern. Cyber is not the only area to see devastating cuts under the Trump administration, but it should not be swept under the rug with the rest.
North Korea’s recent opening of an embassy in Tehran, accompanied with a statement of friendship and cooperation between the two countries, further demonstrates the need for vigilance and proactivity. Facing the growing North Korean threat will take coordination, innovation and persistence. The US must get its own cyber house in order and coordinate with allies such as Israel, South Korea, Japan, the United Kingdom, France and others. An enterprising cyber adversary such as North Korea cannot be defeated otherwise.
The writer is a doctoral student at the California Western School of Law where he studies international and intellectual property law. Follow him on Twitter @ Acrimms.