Despite onerous economic sanctions placed on it by the UN for more than a decade, North Korea has somehow managed to finance an ever-expanding weapons of mass destruction (WMD) program. And now the United Nations has finally discovered how the rogue pariah state has managed to do it – according to a new report prepared for the UN Security Council, a brand new spree of cybercrime carried out by North Korea against the world’s largest financial institutions and cryptocurrency exchanges has resulted in more than $2 billion for the nation’s WMD program.
Details of the new UN report on North Korea cybercrime activities
According to a leaked draft version of the UN report, North Korea has been vastly upgrading its cybercrime capabilities, with many of the cyber attacks carried out by shadowy hacker organizations financed, managed or overseen by the Reconnaissance General Bureau, a top North Korean military agency. The U.S. government has even assigned a codename – “Hidden Cobra” – to these cybercrime operations, and a number of think tanks have detailed how the North Korean state has managed to expand its overseas cybercrime activities.
However, the new UN report is the first one that establishes a direct link between cybercrime and WMD programs. According to the report, North Korean hacker organizations under the control of the Reconnaissance General Bureau have carried out at least 39 attacks since 2016, targeting financial institutions in 17 countries, to finance WMD programs. This is in addition to North Korean cybercrime activities carried out with the blessing of the North Korean state – such as those of the high-profile Lazarus cybercrime group – but not directly at the behest of the North Korean state.
What is remarkable is just how sophisticated the new North Korean cybercrime activities have become, especially when it comes to financing WMD programs. An earlier report from the Washington-based think tank 38 North had already warned that the North Koreans “should not be underestimated” when it comes to carrying out attacks to steal funds from financial institutions in order to finance WMD programs. The growing arsenal of cyber weapons at the disposal of North Korean hackers includes viruses, worms and Trojan horses. And, as cryptocurrencies have become increasingly popular, the North Koreans have also developed sophisticated cryptomining operations that are designed to steal Bitcoin or other coins from cryptocurrency exchanges.
As an example of what North Korean hackers are capable of doing, cybersecurity experts point to the $80 million cyber attack on the Bangladeshi Central Bank, which was carried out by North Korea’s Lazarus cybercrime group. In that attack, the hackers showed a sophisticated understanding of how the modern financial system works, including the complicated system of codes and passwords needed to trick financial institutions into wiring money into bank accounts controlled by North Korean cybercrime units.
The link between cybercrime and WMD programs
In the past, North Korea has engaged in a number of illegal, dangerous and ill-advised activities in order to earn hard currency for the state. This has included, according to experts, using North Korean diplomats stationed abroad to engage in drug smuggling and contraband activities, as well as North Korean slave laborers based in the West to bring home hard currency earnings. But, in the grand scheme of things, a few isolated deals here and there may go a long way toward lining the pockets of the North Korean elite, but don’t represent a series challenge to the regime of economic sanctions imposed by the West. And, in the past, they were not enough to finance huge WMD programs.
But the new cybercrime activities are a warning that the North Korean state has managed to find a way to not only evade sanctions, but also to engage in the sorts of activities that can be used to finance WMD programs that include ballistic missile programs and nuclear programs. Whereas the traditional banking sector may be “off limits” to North Korea, the same is not true of some overseas banks and cryptocurrency exchanges. It’s harder to trace the global flow of Bitcoin, for example, because the actual identity of the cryptocurrency holder is largely anonymous and all transactions are encrypted. Thus, when money is used to fund nuclear and ballistic missile programs (or other WMD programs), North Korea manages to avoid government oversight and regulation.
Implications for global diplomacy
When a rogue state like North Korea is able to carry out sophisticated attacks to steal hard currency from financial institutions and cryptocurrency exchanges to finance WMD programs, it has follow-on implications for global diplomacy. Most obviously, cybercrime gives North Korea a way to “break” economic sanctions. Who cares if you’re banned from exporting certain goods, the thinking goes, as long as you can steal funds from financial institutions to make up for any shortfalls?
And, less obviously, cybercrime gives North Korea a way to flex its muscles on the Korean Peninsula. U.S. President Donald Trump has repeatedly tried to get North Korea to give up its nuclear program, but so far, to no avail. In fact, if anything, the North Korean state has grown ever bolder in its tests of ballistic missiles – including, possibly, intercontinental ballistic missiles capable of hitting the West Coast of the United States. That, obviously, complicates matters for U.S diplomats, who are used to negotiating from a position of strength.
The need for greater regulation of cryptocurrencies
The big takeaway lesson here for the global community is that there is greater need for regulation of new eras of finance such as cryptocurrencies. These assets, by their very nature, are harder to trace and subject to less government oversight. They are also borderless and anonymous, enabling nation-states to break sanctions. No wonder the North Korean hackers are carrying out widespread and increasingly sophisticated attacks on financial institutions. In the modern world, crypto assets are remarkably useful. As result, the new report on the link between cybercrime and WMD programs should be a wakeup call for the United Nations and the West. If they wait any longer to take action, it could be too late.