Nuclear warfare is not the only threat North Korea poses – despite its global isolation, the country’s hostile digital capabilities give it a global reach, Marc Kosciejew says.
Throughout this summer, North Korea and the United States have been playing nuclear war brinkmanship. North Korea revealed advanced nuclear weapons and intercontinental ballistic missile capabilities while threatening attacks against the US and its allies. American President Donald Trump, in response, warned that North Korea “will be met with fire and fury and frankly power, the likes of which this world has never seen before” if its provocations continued.
The United Nations Security Council, meanwhile, unanimously adopted its most punishing sanctions on North Korea because of its continued defiance of previous international bans on its nuclear and missile programs.
Apart from its nuclear capabilities, it is estimated that North Korea currently has at least 1,700 cyberattackers working for the State.But Pyongyang’s dangerous nuclear provocations – and Washington’s charged reactions – are not the only serious threats posed by these escalating tensions. North Korea also presents a growing threat in the digital realm as it employs increasingly sophisticated cyberattacks, especially financial hacking, against international targets.
Despite its global isolation, North Korea’s hostile digital capabilities give it a global reach. Cyberattacks are effective ways for the country to inflict significant damage with little risk of military responses. Its cyberattacks are directed against diverse targets, from governments to movie studios, to access information, cause disruption, and recently, steal money.
North Korea, interestingly, has a relatively long history of cyberattacking its enemies and other targets. The country began developing its cyberattack capabilities in the early 1990s. According to some North Korean defectors, the Communist regime selected adolescent math prodigies to teach and train them to become software developers, online information warfare experts, digital propagandists, and hackers. These students were simultaneously taught foreign languages so they could operate abroad.
Indeed, to the present day, North Korea sends students to study in China, India, and Russia to learn coding, programming, and software techniques to then return home to serve as state-sponsored cyberattackers.
Since then, North Korea has been improving, refining, and keeping pace with other more powerful countries’ similar cyberweapons programs. In 2009, North Korea’s top spy agency, the Reconnaissance General Bureau, established the Lazarus group, an elite team of cyberattackers to engage in hostile action and activities in the digital realm. It was around this time, moreover, that South Korean cybersecurity and intelligence officials began detecting cyberattacks emanating from Pyongyang.
The US has warned that North Korea’s attacks will be met with fire and fury. Photo: ReutersNorth Korea is estimated to presently have at least 1,700 cyberattackers, assisted by more than 5,000 supervisors, instructors, and support staff, in its Lazarus group. Some of them are based in North Korea itself, while others are based abroad, usually in China, India, and Russia where they may have been sent to study, working in legitimate computer-based businesses and waiting for North Korean instructions to carry out attacks.
These so-called North Korean sleeper cells or moles in foreign lands are subject to constant strict monitoring by political minders for possible breaches in their allegiance to the government or Communist ideological purity.
Pyongyang has been engaging in digital hacking attacks against international financial targets and digital currencies in attempts to earn some profits
Although North Korea has long used cyberattacks for espionage, sabotage, and propaganda, its moneymaking purposes have grown in importance and priority for the impoverished country. North Korea’s financial hacking, in fact, is a rare State-sponsored form of cyberattacks. Countries rarely use cyberattacks for financial gains. Indeed, most countries’ digital hacking attacks focus on cover espionage, surveillance, and data theft; however, North Korea increasingly prefers to financially profit from its hackers.
According to Kim Seung-joo, a professor at the Graduate School of Information Security at Korea University and a cybersecurity advisor to the South Korean government, North Korea’s cyberattacks “have shifted to making money, attacking banks and private companies, apparently because the North’s other means of raising foreign currency are increasingly blocked under United Nations sanctions.”
Indeed, due to these stringent international sanctions, Pyongyang has limited ways of generating money and is growing desperate for cash. Digital hacking of banks and other financial institutions provides it with a novel way to help bring in money and fund its rapidly advancing nuclear and missile programs.
According to a recently released report from the Financial Security Institute, a South Korean government-backed organisation, Pyongyang has been engaging in digital hacking attacks against international financial targets and digital currencies in attempts to earn some profits.
This report’s claims are buttressed by various cybersecurity firms that have been monitoring North Korean cyberattacks. The cybersecurity firm FireEye, for example, similarly claims that Pyongyang is “increasingly engaged in financially motivated activity” to generate income and circumvent the intensifying sanctions imposed upon it to try to stop its nuclear and missile programs.
As Luke McNamara, a senior analyst at FireEye, states, “we’ve seen an increasing trend of North Korea using its cyber espionage capabilities for financial gain. With the pressure from sanctions and the price growth in cryptocurrencies like Bitcoin and Ethereum, these exchanges likely present an attractive target.”
The Financial Security Institute report, which analysed suspected North Korean cyberattacks on South Korean governmental and commercial institutions over the past two years, identified twin hacking programs – named Andariel and Bluenoroff – emanating from Pyongyang.
North Korean leader Kim Jong-Un smiles during a visit to the Chemical Material Institute of the Academy of Defence Sciences. Photo: ReutersAndariel apparently focuses on hacking South Korean banks and financial institutions, as well as government agencies, defence contractors, and other businesses, with methods specially tailored for the country. The report claims that the Andariel hacks are not only targeting these South Korean financial institutions, but also customers’ financial information by stealing bank card data and selling it on the black market or using it to draw cash directly from personal bank accounts and ATMs.
Bluenoroff, meanwhile, apparently concentrates on hacking foreign banks and financial institutions. According to Kaspersky Lab, another cybersecurity firm, Bluenoroff is allegedly responsible for hacking attacks on financial institutions in at least eighteen countries, most notably the $81 million heist from the Bangladesh central bank in 2016. As James A. Lewis, a cybersecurity expert at Washington’s Center for Strategic and International Studies, states, “North Korea was always a State criminal, sheltered behind sovereignty, and now they’ve moved this into cyberspace.”
North Korea’s hostile actions in the real and digital realms are becoming increasingly strident and serious, threatening both the US and the world with the simultaneous menaces of nuclear war and cyberattacks. Although it is isolated and cut off from most of the world, it nevertheless poses a clear and present physical and virtual danger. It is vital for the international community to try to counter and defuse North Korea’s growing threats, and its escalating tensions with the US, through further diplomatic engagement.
If the world does not make such attempts, the spectres of nuclear war and a digital catastrophe loom ever larger.
Marc Kosciejew is a lecturer and former head of department of library, information, and archive science at the University of Malta. In 2007, he toured North Korea and is one of the first English-speakers to publish on its library system.