Analysts say the nuclear-armed North Korea is at the forefront of cyberwarfare, stealing billions of dollars and posing a clearer and more present danger than its banned weapons programs.
Pyongyang faces multiple international sanctions for its atomic bomb and ballistic missile programs, which saw rapid progress under North Korean leader Kim Jong Un.
But as global diplomacy focuses on its nuclear ambitions, the North has quietly and steadily increased its cyber capabilities, and analysts say its army of thousands of well-trained hackers is proving equally dangerous.
“North Korea’s nuclear and military programs are long-term threats, but its cyber threats are immediate and realistic threats,” said Oh Il-seok, a researcher at the Institute for National Security Strategy in Seoul.
Pyongyang’s cyberwarfare capabilities first gained global significance in 2014 when it was accused of hacking Sony Pictures Entertainment in revenge for “The Interview,” a satirical film that made fun of leader Kim.
The attack resulted in the posting of several previously unreleased films as well as a vast mine of confidential documents.
Since then, the North has been blamed for a number of large-scale cyber attacks, including an $ 81 million heist by the Central Bank of Bangladesh as well as the global WannaCry ransomware attack in 2017, which infected some 300,000 computers. in 150 countries.
Pyongyang has denied any involvement, describing the US claims on WannaCry as “absurd” and a Foreign Ministry spokesman saying, “We have nothing to do with cyber attacks.”
But the US Department of Justice indicted three North Koreans in February for “participating in a vast criminal conspiracy to carry out a series of destructive cyber attacks.”
In its annual Threat Assessment 2021 report, Washington acknowledged that Pyongyang “likely has the expertise to cause temporary and limited disruption to certain critical infrastructure networks” across the United States.
The northern cyber program “poses a growing threat of espionage, theft and attack,” the document from the office of the director of national intelligence said.
He accused Pyongyang of stealing hundreds of millions of dollars from financial institutions and cryptocurrency exchanges, “possibly to fund government priorities, such as its nuclear and missile programs.”
– ‘The best defense’ –
North Korea’s cyber agenda dates back to at least the mid-1990s, when then-leader Kim Jong Il reportedly declared that “all wars in the years to come will be computer wars.”
Today, Pyongyang’s 6,000-strong cyber warfare unit, known as Office 121, operates out of multiple countries, including Belarus, China, India, Malaysia and Russia, according to a US military report released in July 2020.
Scott Jarkoff of cybersecurity firm CrowdStrike gives them a high rating: “They are extremely sophisticated, dedicated and capable of leading advanced attacks.”
Office 121 recruits are trained in different coding languages and operating systems at special institutions such as Mirim University, said former student Jang Se-yul, who defected in 2007.
Now known as the University of Automation, it welcomes just 100 students per year among the top-rated schoolchildren in the North.
“We were taught that we must be prepared against US cyber warfare capabilities,” Jang told AFP.
“At the end of the day, we were taught that we have to develop our own hacking programs because attacking the enemy’s operating system is the best defense.”
Cyber warfare is particularly attractive to small, poor countries like the North that are “overwhelmed in terms of equipment such as airplanes, tanks and other modern weapon systems,” said Martyn Williams, a researcher at the Stimson Center.
“Hacking just requires a computer and an Internet connection.”
– Keyboards above the weapons –
Most state-funded hacking groups are primarily used for espionage purposes, but experts say North Korea is unusual in deploying its cyber capabilities for financial gain.
Pyongyang has locked itself down to protect itself from the coronavirus pandemic, adding to the strain on its economy, and has for years sought to earn foreign currency in multiple ways.
And Williams added, “Stealing it is much faster and potentially more lucrative than doing business, especially if you have skilled hackers.”
The US indictment in February accused the three North Koreans of stealing more than $ 1.3 billion in cash and cryptocurrency from financial institutions and businesses.
When published, Deputy Attorney General John Demers called North Korea agents “the world’s top bank robbers”, adding that they “used keyboards rather than guns, stealing wallets. digital cryptocurrency instead of bags of money ”.
The rise of cryptocurrencies such as Bitcoin has presented hackers around the world with a whole new range of increasingly lucrative targets.
Also, Jarkoff said, their decentralized networks were a particular asset to the North, providing a way around financial sanctions.
“This allows North Korea to easily launder money in the country, outside of the control of the global banking system,” he said.
“Cryptocurrency is interesting because it is uncontrolled, borderless, and relatively anonymous.”
sh / slb / gle