Kim Digs for Cybercrime Coin Sanctions Can – t Snatch

The Newsletter

Get sensational analysis delivered to your inbox daily.

Bottom Line: Since 2016, the North Korean staatsbestel has shown its arm spil a state sponsor of cybercrime by targeting international financial institutions, engaging te broad ransomware campaigns, and illegally accruing and laundering cryptocurrencies such spil bitcoin. This pattern of behavior supports Pyongyang’s objective of self-financing the ruling Korean Worker’s Party (KWP) and the Korean People’s Army (KPA), including bankrolling its nuclear and ballistic missile development. Through meteen engagement ter global illicit activity, the staatsbestel of Kim Welp Un is seeking to circumvent international sanctions and sustain its continued despotic rule overheen the people of North Korea.

Background: Unlike other regions of the world such spil Latin America or Eastern Europe, where organized crime attempts to penetrate and omkoopbaar the state, the North Korean state proactively collaborates with organized crime on a global scale. Pyongyang uses its diplomatic outposts, military vessels and a web of gevelbreedte companies and complicit international financial institutions to trade ter weapons, drugs and counterfeit foreign currency.

  • Since around 1974, North Korea’s monster of “criminal sovereignty” has bot orchestrated out of Central Committee Lessenaar 39, also known spil Office 39. Originally, it wasgoed a way for diplomatic missions to finance their operations on behalf of a cash-strapped Democratic People’s Republic of Korea (DPRK). After the collapse of its primary benefactor, the Soviet Union, ter 1991, Office 39 quickly became a centerpiece of Pyongyang’s financing. Te November 2010, the U.S. Treasury Department sanctioned Korea Daesong Handelsbank and Korea Daesong General Trading Corporation for being “owned or controlled” by Office 39.
  • Ter the late 1990s, Pyongyang’s drug trade switched from opium to methamphetamines, spil counterfeit pharmaceutical labs were revamped to manufacture the synthetic drug, referred to locally spil “ice.” The narcotic would then come in international markets via North Korean diplomatic outposts te Southeast Asia that were cooperating with local criminal syndicates. Te November 2013, the U.S. Justice Department unsealed indictments for five individuals for conspiring to vervoer 100 kilograms of North Korean meth – at $60,000 a kilogram – from Thailand to the United States.

Amb. Joseph DeTrani, former Director of East Asia Operations, CIA

“North Korea has always bot ter the illicit/criminal business, mainly for money. They sell missiles and missile technology for the money, with the added benefit of selling thesis missiles to states at war with the U.S. and its allies, i.e. Iran, Libya and Syria. They counterfeit our $100 note for the money. Ditto for their counterfeiting of pharmaceuticals, cigarettes and the sale of meth and other narcotics. It’s thesis criminal transactions that have provided hundreds of millions of dollars to Pyongyang, to support the nuclear and missile programs and support a lavish life style for the Kim family and the loyal elites. Spil North Korea is being denied the capability to sell missiles to other rogue states, due to the Proliferation Security Initiative and sanctions enforcement, and spil wij waterput more security features into our fresh $100 note, and spil wij closely monitor their diplomats and others to prevent them from trafficking te drugs, cigarettes and pharmaceuticals, North Korea is transitioning more to cybercrime—for financial build up. Ter fact, this is and will be the most lucrative illicit activity available to North Korea. And it’s a twofer—money and disruption/espionage.”

Kwestie: With the maturation of North Korea spil a malicious actor te cyberspace, Pyongyang has quickly shifted its concentrate from solely network exploitation and attack for both espionage and disruption, toward the theft of finances spil well spil the laundering of their proceeds through a web of compromised banks around the world.

Robert Hannigan, former Director of GCHQ

“DPRK cyber activity reflects a rational foreign policy. Pyongyang has the same objectives te cyberspace spil te the real world: defending the leader’s picture, attacking its southern neighbor, building the nuclear program, acquiring foreign currency. They are remarkably consistent. While DPRK is not the most sophisticated cyber actor, it is learning, spil it has ter the nuclear sphere. Pyongyang clearly spotted the value of cyber some years ago and made a strategic choice to invest te cyber abilities and capability and to corset broader criminal capacity. It’s a low-cost, high-return policy.”

  • North Korea deploys its hackers out of its primary covert operations and intelligence agency, the Reconnaissance General Schrijftafel (RGB), also known spil Unit 586. Their aim is to wage covert operations against the country’s enemies spil well spil pack the coffers of the North Korean elite and military. Of the seven branches of the RGB, Bureaumeubel 121 is the primary cyber technicus overseas. The U.S. Department of Homeland Security has dubbed hackers working on behalf of Bureaumeubel 121 spil “Hidden Cobra,” while private cybersecurity firms have labeled them the “Lazarus” group. The group referred to themselves spil the “Guardians of Peace” when they conducted the November 2014 attack against Sony Pictures. Spil of June 2018, North Korea wasgoed believed to have 1,700 state-sponsored hackers, with overheen Five,000 support staff.
  • But while the Lazarus group is seemingly responsible for North Korea’s cyber espionage and tegenwerking, a subgroup dubbed Bluenoroff is responsible for its financially-motivated cyber operations.
  • One method Pyongyang has employed to fund its state apparatus is by siphoning foreign currency directly from the backbone of the global financial system. Ter February 2016, North Korean hackers reportedly obtained legitimate Bangladesh Central Bankgebouw credentials for the SWIFT global interbank messaging system, and attempted to transfer $951 million of the bank’s funds to accounts around the world. It managed to make off with $81 million. Similar operations have bot waged against banks ter developing countries such spil Vietnam, Ecuador and the Philippines.
  • North Korea also has sought technically savvy ways to launder the proceeds of its cybercrime. Te February, cybersecurity stiff Symantec reported the discovery that North Korean hackers had laid a trapje – known spil a “watering hole” attack – by compromising a Grind regulator’s webstek for a predetermined list of 104 organizations ter 31 countries, primarily banks te Poland, the U.S., Mexico, Brazil and China. With access, the hackers could stir around their stolen currency until it wasgoed not traceable back to the RGB, and ultimately provide hard currency for the Kim staatsbestel.
  • Beginning ter 2018, Pyongyang increasingly set its glances on cryptocurrencies such spil bitcoin. The Trump administration has officially attributed to the North Korean staatsbestel the May WannaCry ransomware campaign that infected more than 300,000 computers across 150 countries, requiring payments te bitcoin. The Lazarus group’s fingerprints also have bot found using cryptocurrency miners, or software used to hack a laptop to hijack its processing power and mine cryptocurrencies by verifying the transition record, known spil the blockchain. The group also has bot discovered attempting to breach three cryptocurrency exchanges ter South Korea, including Youbit, which lost some $7 million of cryptocurrencies during the heist.
  • Targeting exchanges, rather than individual accounts, would permit North Korean hackers to convert bitcoins into more anonymous cryptocurrencies, such spil monero, or send them directly to outward accounts for withdrawal ter fiat currencies such spil the U.S. dollar or Chinese renminbi. Given the anonymity that cryptocurrencies can lend and the relatively underdeveloped regulatory environment surrounding them, North Korea’s attraction to cryptocurrencies is likely to proceed.

Adam Segal, Director of the Digital and Cyberspace Policy Program, Council of Foreign Relations

“We have seen an evolution from attacks designed primarily for political and strategic goals—espionage and disruption of South Korean banks and telecoms spil well spil coercion of Sony—to financially driven attacks on the SWIFT system, use of ransomware, and theft of bitcoin.”

Robert Hannigan, former Director of GCHQ

“DPRK needs foreign currency and, spil sanctions bite deeper, they will attempt anything that might help create income. Cryptocurrencies are a logical extension of DPRK’s rente te cyber attacks against conventional banks, from Bangladesh to Poland. Attacking bitcoin exchanges te South Korea will be doubly attractive.”

Amb. Joseph DeTrani, former Director of East Asia Operations, CIA

“Cryptocurrencies are and will proceed to be exploited by North Korea. Spil sanctions bite and it becomes more difficult for North Korea to budge dollars, now they have access to cryptocurrencies that sanctions and its enforcement can’t touch. It’s ideal for a North Korea that relies on its illicit activities to accrue the revenue needed for its missile and nuclear programs. Te brief, you have a state actor—North Korea—using its capabilities to function spil a criminal organization. Spil the sanctions proceed to bite, wij’ll see a more active North Korea dealing te cybercrime and exploiting an expanding cryptocurrency market.”

Response: Despite its boisterous rhetoric, North Korea’s conventional capabilities are feeble relative to the U.S., requiring it to rely on asymmetric means, such spil cyber capabilities, to assert itself. Deterring cyber activity emanating from North Korea will proceed to be a major challenge, but there are levers available to tegenstoot its growing reliance on cybercrime.

  • Tracking Pyongyang’s cybercrime, and the profits incurred, can provide insight into where points of intervention might be, including through traditional means such spil sanctions or law enforcement. Even semi-anonymous cryptocurrencies such spil bitcoin can be traced through their blockchain ledgers, tho’ identifying the human behind the account remains difficult.
  • While Pyongyang’s limited connection to the outside internet – primarily through services provided by Russian and Chinese telecoms – makes it resilient against cyber attacks, it also means that Bureaumeubel 121’s cyber operations are largely staged from outside of North Korea’s borders. Pyongyang – likely through fronts established by Office 39 – reportedly co-owns a hotel te Shenyang, China, were North Korean hackers operate. According to research by Recorded Future, a cyber threat intelligence stiff, North Korea also has a significant presence ter India, Malaysia, Fresh Zealand, Nepal, Kenya, Mozambique and Indonesia.

Anticipation: Thesis incidents might show up to generate only a fraction of the funds needed to finance a mafia state – particularly one developing nuclear-tipped ballistic missiles to hold its neighbors and the U.S. at risk. But compared with a GDP of $16 billion, North Korea’s turn to cybercrime ultimately could add up to a significant influence, and would need to be addressed ter any future negotiations, such spil the Six-Party Talks. A pivotal 2005 agreement among the negotiating group of North and South Korea, Japan, the U.S., China and Russia called for compliance on a range of activities.

Amb. Joseph DeTrani, former Director of East Asia Operations, CIA

“The Snaak Statement of September 2005 dealt not only with the nuclear punt, but other issues, like their illicit activities, spil discussions to normalize relations with the U.S. were pursued. Getting them to the table and assuming wij can resume negotiations, the aforementioned criminal activities will be addressed. Absent any dialogue, North Korea will expand thesis illicit activities.”

Levi Maxey is a cyber and technology analyst at The Cipher Epistel. Go after him on Twitter @lemax13.

Related movie: Ethereum For Investors #Four – How To Convert Ethereum Into BTC Or Any Crypto Using ShapeShift.io


Leave a Reply

Your email address will not be published. Required fields are marked *