With North Korea’s digital heists lightening the load of international sanctions and funding its weapons programs, the international community must do more, Stephanie Koorey writes.
Cyber attacks are becoming commonplace in today’s world. Perhaps most spectacularly, the United States government was left reeling by the Colonial Pipeline attack which resulted in the country’s southeast being starved of oil back in May.
Then in June, meat-packing conglomerate JBS Foods decided – foolishly – to pay off the perpetrators of a ransomware attack that affected American and Australian operations, to the tune of $11 million.
These attacks were attributed to Russian state-sponsored, Russian-speaking criminal groups, but Russia is not alone in this; Iran and China are also active state sponsors of cyber attacks. The Australian Strategic Policy Institute has analysed many of these adversarial attacks and others, and the Center for Strategic and International Studies even hosts a running tally of significant world-wide cyber attacks.
In this context, it is reassuring that Australia continues to mature as a cyber literate country. Its Ministers for Defence and Home Affairs issued a media release on Australia’s position, in keeping with G7 members, on ransomware that came out of the G7 Summit. Shadow Assistant Minister for Cyber Security Tim Watts also reiterated his challenge to the government for a ransomware strategy in a private Member’s bill on 21 June.
This is timely action. A recent NATO summit also acknowledged cyber as a significant threat domain, with the concluding communique stating Article 5 – which provides that if a NATO ally is the victim of an attack, each and every other member will consider it an attack against all members – could be invoked in response to a cyber attack.
One crucial actor, however, is not being discussed enough in these preparations: North Korea.
It would be foolhardy to overlook the sophistication, reach, and purpose of North Korean state-sponsored cyber units, not only because they could cause disruption like that seen from other state-sponsored attacks, but because they can be used to outmanoeuvre the sanctions regime in place on the country.
Since late 2006, when North Korea claimed to have successfully tested its first nuclear weapon, both the United Nations (UN) Security Council and the European Union, and individual countries including Australia imposed a range of sanctions against the perpetually rogue state.
Now its extensive use of cyber attacks as sanctions-evading digital heists, particularly in the financial sector, is reaping substantial income for the country, dampening the impact of the sanctions.
In fact, some of these sanctions were enforced as punishment for cyber attacks on American territory that could be traced back to North Korea. In late 2019, the United States imposed further sanctions on North Korean hackers said to be based in the country’s intelligence agency, the Reconnaissance General Bureau.
Cyber activity is now one of the North Korea’s most successful and lucrative, although not only, means of circumventing the UN sanctions regime. The attacks appear to be deliberate state-orchestrated fundraising activities and are very likely contributing to funding nuclear weapons and intercontinental ballistic missile programs.
In 2017, WannaCry was the first ransomware worm cyber attack attributed to North Korea. It spread across the globe, infecting over 200,000 machines in 150 countries with ransomware that essentially held computers hostage until a set amount of Bitcoin was paid for release – or until a kill switch was found.
It flooded through the United Kingdom’s National Health Service and American hospitals in Pennsylvania, and even displayed itself on public and private electronic billboards. While the attack yielded less than expected in actual Bitcoin ransom payments – figures vary as it is still active and Bitcoin’s value is intensely volatile – it was still ‘Internet-shaking’, and clearly meant to generate revenue.
The attack on Sony, on the other hand, was political, and aimed at coercing the company and its president into not releasing The Interview, a satirical comedy that depicted the killing of Kim Jong-Un. While the company hesitated, it was eventually released.
Less well known are North Korean hackers’ extensive attacks on the banking sector, again mostly in South Korea, though attacks have been made on Japan and across the developing world. They are credited with one of the largest and most audacious bank robberies ever conducted, the 2016 Bangladesh Bank heist, which aimed to steal $1 billion.
The heist was cleverly operated across numerous time zones to take advantage of Islamic and Chinese New Year holiday shutdowns as well as United States East Coast Reserve Bank opening times, and laundered at least some of the proceeds through a casino in the Philippines, ending up with an estimated haul of $81 million.
Other successful heists include a 2015 attack on bank in Guatemala, with a reported loss of $16 million, and an unsuccessful attempt against India in 2016 involved a bank in Australia. North Korean hackers have also has also undertaken worldwide attacks on Automated Teller Machines, yielding tens of millions of dollars.
The United States is certain enough of the North Korean connection to multiple major cyber attacks that it issued an arrest warrant for a North Korean national by the name of Park Jin Hyok. The Federal Bureau of Investigation has his details on its ‘Most Wanted’ cyber listings, and the details of the alleged state-sponsored attacks are available in the 179 page affidavit from the District Court of California.
These attacks cannot be responded to effectively through traditional statecraft. The United States 2019 Cyber Threat Advisory on North Korean attacks lists ways to build cyber resilience, and the United States and Australia have both been building offensive and defensive capacities, such as Australia’s Information Warfare Division, which commenced in 2017.
The stakes are clearly high, and if North Korea is using these attacks on the banking sector to fund “rapid progress” in its nuclear weapons program, Australia and the international community need to step in and do more.