Since May this year, North Korea has been consistently showcasing its sophisticated weapons. However, each new unveiling appears to be diverting the international community’s attention away from what the Pyongyang has been building behind the scenes.
According to The Associated Press, North Korea has reportedly generated nearly two billion dollars to fund its nuclear weapons programs with unprecedented cyber activities against financial institutions and cryptocurrency exchanges all around the world. As a result, United Nations experts are currently investigating at least thirty-five instances in seventeen victim countries, including Costa Rica, Gambia, Guatemala, Kuwait, and Liberia. Of the many targets for cyberattacks, South Korea is often the hardest-hit.
The Kim family, driven by its commitment to personal and regime survival, started to bolster its cyberattack capabilities in the late 2000s in order to alleviate the economic pressure from UN Security Council sanctions.
It should impress many observers that North Korea is equipped with such high skills even though the country possesses merely two internet connections—one that crosses the Yalu River into China, and the other that goes as far as Russia’s Far East. Seungjoo Kim, a professor at Korea University’s Graduate School of Information Security, has stated that it is partly because North Korean hackers usually operate in China and Europe where they have easy access to the internet.
“North Korea practices their craft under real conditions, like hacking cryptocurrency sites or stealing information,” he said, “These repeated exercises help to improve their skills.”
This is not the first time for North Korea to be labeled as a notorious hacking country. In 2014, a group, which identified itself as “Guardians of Peace,” carried out a series of cyberattacks on Sony Pictures in response to the film The Interview, a satire about Americans recruited to assassinate Kim. The hackers leaked sensitive information from the studio, including personal information about the Sony Pictures employees, their internal emails, copies of unreleased Sony films, and plans for future Sony movies. The offenders then utilized the Shamoon wiper malware to remove Sony’s computer infrastructure.
Not long after the Sony incident, North Korean hackers once again performed a heist by rupturing Bangladesh Bank’s systems and exploiting the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network to send fraudulent remittance orders to the New York branch of the U.S. Central Bank in 2016. In doing this, they were able to gain $101 million from five of the thirty-five fraudulent instructions they had sent out, with $20 million traced to Sri Lanka and $81 million to the Philippines.
The level of the regime’s commitment to developing its cybersecurity capabilities appears to be consistent with its years-long efforts to pursue other destructive technologies such as nuclear, chemical, and biological weaponry. It seems that although North Korea’s cyber operations are widely reported and studied, they are often handled separately from other issues on the Peninsula, which could increase the tendency for decision-makers to come to incomplete strategic conclusions.
Jeremy Straub, an assistant professor of Computer Science at North Dakota State University, has recently expressed his concern that significant damage—including mass injury and death rivaling the toll from a nuclear weapon—is possible from a cyberattack.
The variety of targets for cyber-attackers that could inflict such untold deaths ranges from water treatment plants to nuclear facilities. It is vital to remember the 1986 accident at the Chernobyl nuclear site led to an explosion that resulted in fifty deaths and left parts of the region uninhabitable for thousands of years into the future.
Although North Korea’s cyber capabilities may not be as refined as other countries, we never know how they might surprise us with an attack or another theft. Moreover, the fact that the Kim regime is able to acquire such money through other means signals that they have less of an incentive to negotiate with the United States on sanctions.
For instance, it appears that trade between North Korea and China may be back on track, giving Pyongyang another lifeline. Beijing’s total trade with Pyongyang reached $1.25 billion between January and June, up 14.3 percent compared to the same period in 2018.
As long as other sources of money and trade are available, North Korea will remain reluctant to engage in dialogue with Washington and can continue to fund its cyber capabilities.
The next step for the United States is to prioritize engagement with China, which retains its enormous influence over North Korea. It is an undeniable fact that Beijing has the power to provide Pyongyang unofficial sanctions relief given that more than 90 percent of North Korean goods go through China. Resolving the trade dispute with China should be the number one task in Washington, while America also remains open to engagement with the Kim regime.
Finally, it is also crucial for the international community to set out some rules and identify what constitutes a globally recognized act of war in cyberspace. There is an international agreement that militaries take responsibility not only for what they consider to be valid targets but also for any civilian casualties caused by their actions. However, there is no equivalent agreement in the cyberworld that requires countries to make significant incidental damage assessments before carrying out cyber operations.
Sooner or later, cyberattacks will have to be on the agenda parallel to nuclear weapons when dealing with North Korea. It would be better if that happened sooner rather than later.
Dong Geon Lim is a senior at George Mason University, majoring in Conflict Analysis and Resolution. He was a research assistant at the Korea Studies Program at the Center for the National Interest in summer 2019.