As nearly two years of warming relations between the US and Democratic People’s Republic of Korea (DPRK) increasingly seem to be over, Washington is doubling down on efforts to force concessions from Pyongyang by further curtailing hacking operations ostensibly linked to the government.
Trump administration officials are “taking cyberintelligence that we have and sharing it with countries around the world to help them defend themselves against what the North Koreans are doing and also prepare them to take action against it, basically to undermine North Korea’s capability to carry out malign cyberactivities,” an anonymous administration official told The Washington Times for a Sunday story.
The paper noted a February report by Recorded Future, a private intelligence analysis firm, that highlighted North Korea’s alleged internet-based cybercrime as having “three primary tactics for generating revenue: internet-enabled bank theft; use and exploitation of cryptocurrencies and blockchain technology; and low-level information technology work and financial crime.”
In an excerpt of his new book “The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics” that appeared in Wired on Saturday, Georgetown University cybersecurity professor Ben Buchanan described how such operations work in detail, noting the efforts to combat them come in the wake of a sophisticated US currency counterfeiting scheme that was shut down.
“North Korean operatives found a better way to rob banks. They did not have to break through reinforced concrete or tunnel under vaults to get at the money, and they had no need to use force or threats. Instead, they simply duped the bank’s computers into giving it away,” Buchanan wrote.
In one example given by the author, North Korean hackers allegedly shut down the printing system used by the Central Bank of Bangladesh to record all transactions made through the SWIFT international bank wire service before hacking into the bank’s account system, nearly making off with $850 million. The New York Federal Reserve identified the operation and shut down most of the transactions, but the hackers still purloined $81 million.
In another operation, North Korean hackers allegedly broke into the computer database at Cosmos Cooperative Bank in India in the summer of 2018. A massive “ATM cash-out” operation unfolded, in which operatives in 28 countries attempted to make cash withdrawals of between $100 and $2,500 each over a two-hour period, with the cards’ authentication checks wired through their own system, tricking Cosmos into distributing the funds - $11 million in all.
Hackers also allegedly targeted South Korean bitcoin exchange Youbit, nabbing 17% of its financial assets, and attacks on cryptocurrency exchanges have netted the DPRK more than $500 million, Buchanan wrote.
In a Saturday op-ed for 38 North, Stephanie T. Kleine-Ahlbrandt, a Stimson Center nonresident fellow and finance and economics expert on the DPRK Panel of Experts at the UN Security Council, noted that despite the existence of the Financial Services Information Sharing and Analysis Center, “banks, governments, cryptocurrency exchanges and other targets have been reluctant to share information on cyber attacks despite the utility of such information in helping to thwart and reduce the damage of attacks.”
“The US should model such information sharing itself while supporting other countries to establish inter-agency working groups to enable policymakers, regulators, supervisors, law enforcement authorities and other relevant authorities to cooperate with each other to develop and implement effective policies, regulations, and other measures to address cyber attacks with a view to addressing security gaps, developing regulatory approaches to cryptocurrencies, and sharing information on investigations,” Kleine-Ahlbrandt wrote. “Public-private partnerships for information sharing should also be supported and expanded.”
According to the UN, the DPRK uses the funds mainly to finance its weapons programs, which are the primary target of economic sanctions directed by the UN and US. On Monday, Pyongyang fired two short-range rockets into the Sea of Japan which, while not a violation of sanctions or previous self-imposed moratoria, still served to further cool relations with both Seoul and Washington.