The North Korean Government’s Many Digital Heists

Ed Caesar, the New Yorker:

North Korea’s cybercrime program is hydra-headed, with tactics ranging from bank heists to the deployment of ransomware and the theft of cryptocurrency from online exchanges. It is difficult to quantify how successful Pyongyang’s hackers have been. Unlike terrorist groups, North Korea’s cybercriminals do not claim responsibility when they strike, and the government issues reflexive denials. As a result, even seasoned observers sometimes disagree when attributing individual attacks to North Korea. Nevertheless, in 2019, a United Nations panel of experts on sanctions against North Korea issued a report estimating that the country had raised two billion dollars through cybercrime. Since the report was written, there has been bountiful evidence to indicate that the pace and the ingenuity of North Korea’s online threat have accelerated.

According to the U.N., many of the funds stolen by North Korean hackers are spent on the Korean People’s Army’s weapons program, including its development of nuclear missiles. The cybercrime spree has also been a cheap and effective way of circumventing the harsh sanctions that have long been imposed on the country. In February, John C. Demers, the Assistant Attorney General for the National Security Division of the Justice Department, declared that North Korea, “using keyboards rather than guns,” had become a “criminal syndicate with a flag.”

There are elements of this report that I do not love,1 but it is an extraordinary look at the effects of an advanced persistent threat actor whose motivation is almost solely financial gain. American and Israeli governments collaborated on malware for espionage and hardware destruction in Iran; the Russian government unleashed Petya and NotPetya to attack Ukraine in an act of war; “Five Eyes” governments share the Warriorpride espionage framework (PDF) for smartphones. But none of these countries’ governments seem interested in siphoning cash just because they can. North Korea, sanctioned internationally and with limited resources, needs money and has invested in a world-class digital subterfuge team to get it.

  1. For example, Priscilla Moriuchi, who is now at Harvard and was previously at the NSA, said in an interview quoted here that “North Koreans understand criminality”. It sounds like Moriuchi means the North Korean government and its agencies, not North Korean people generally, but this imprecision frustrates me because it implies that an entire country’s population is criminally-minded. ↥︎