Dealing with N. Korea’s cyber threat
North Korea appears to have restarted its nuclear reactor, enabling it to augment its ongoing production of approximately seven or more nuclear weapons per year. Pyongyang’s missiles and nuclear weapons have long garnered fear, international condemnation, and tough sanctions.
The regime’s cyber activities, however, have elicited less response, despite their repeated attacks on governments, financial institutions and industries.
What started as rudimentary denial-of-service attacks against South Korea has been expanded into a robust array of disruptive military, financial and espionage capabilities with global reach. The regime’s cyber guerrilla warfare has stolen classified military secrets, engaged in cyberterrorism, absconded with billions of dollars in money and cyber-currency, held computer systems hostage and inflicted extensive damage on computer networks.
Its targets have ranged from nuclear power plants and other critical infrastructure to telecommunications, media and corporations. Following the onset of COVID, Pyongyang even trained its cyber-weapons on pharmaceutical companies developing COVID vaccines.
Pyongyang’s cyber protection rackets refrain from attacking entities in return for payment. Its cyber retaliation squads attack those who oppose the regime or demean its leaders. The most notable of the latter was the 2014 Sony hack inflicting financial damage on the company while threatening “9/11 style” attacks against any theater showing the movie “The Interview,” which ridiculed leader Kim Jong Un.
North Korea’s cyber weapons and tactics are consistent with its asymmetric military strategy. As the regime’s conventional military forces deteriorated in comparison with those of the United States and South Korea, Pyongyang developed new weapons to counter the growing gap in capabilities, including nuclear weapons, missiles and cyber operations.
North Korean strategists have designated cyberspace as “the fifth major battlefield” along with ground, air, sea and space. Kim describes cyber warfare is a “magic weapon” and an “all-purpose sword.”
North Korea’s cyber operations are also consistent with the regime’s long history of using criminal activities to acquire money. In recent years, Pyongyang prioritized financial targets to evade international sanctions and augment the regime’s coffers for its nuclear and missile programs.
Cybercrimes are more lucrative and cost-effective than its longstanding criminal activities (counterfeiting and supplying slave labor) and its more recent practices of smuggling and illicit ship-to-ship transfers of oil.
Compared to these other criminal enterprises, cybercrimes are quite low-risk. They are difficult to detect, and there is little likelihood of international retribution.
All of which has made cybercrime a big business in the Hermit Kingdom. North Korea was estimated to be responsible for 65 percent of all global cybercrime in 2017-2018. In August 2019, the United Nations estimated that Pyongyang had cumulatively gained $2 billion from cybercrime. Some experts now assess that North Korean cybercrimes may generate $1 billion a year — a third of the value of the nation’s exports.
North Korean hackers have proved adept at deeply penetrating even highly secure computer networks of governments, militaries, banks and international financial transaction systems, as well as critical infrastructure targets. It is certainly possible — many would say likely — that Pyongyang’s cyber warriors could inflict tremendous damage during a crisis or hostilities on the Korean Peninsula.
Nor is America safe from their predations. The U.S. intelligence community assesses that North Korea is one of the top four cyber threats capable of launching “disruptive or destructive cyberattacks” against the United States. In other words, Pyongyang has the potential to engage in cyber warfare with disproportionately massive impact — a cyber 9/11, if you will.
North Korea could paralyze critical infrastructure systems such as communications, dams, electrical grids, hospitals, nuclear power plants, supply chains and traffic-control systems. It could steal massive amounts of money or undermine the stability of the international financial system or worldwide markets. It could also conduct ransomware attacks on banks to gain money, flood the system with fraudulent transactions, or disable or destroy financial computer networks.
To date, however, neither the UN nor the U.S. have imposed many sanctions or taken other legal actions against North Korean cyber groups or the foreign countries that give them safe haven to operate and launder their ill-gotten money. The United States, in conjunction with foreign governments and the private sector, needs to augment cyber defenses and respond more forcefully to attacks.
Failure to do so enables North Korea to continue undermining the effectiveness of international sanctions and leaves the United States and its partners exposed to a potentially devastating cyberattack in the future.