Skip to main content

North Korea's most powerful weapon (Hint: It's not a nuclear arsenal)

(Image credit: Image Credit: Etereuti / Pixabay)

With all the talk associated with North Korea’s prospects of launching a nuclear attack, there is often an overlooked, existential threat that continues to fly under the radar – cyberattacks. In truth, North Korea’s cyber warfare operations pose a much greater risk to the West than the prospect of nuclear war. 

North Korea has invested heavily in cyberattack operations to disrupt its Western enemies. Western intelligence services blamed the 2014 attack against Sony on North Korea’s spy agency, the Reconnaissance General Bureau. North Korea is also believed to be responsible for the cyber heist at Bangladesh’s central bank and the global WannaCry ransomware attack from earlier this year.

Pyongyang’s cyber spies conduct low-cost, high-impact, deniable attacks around the world to harm enemies, disrupt the West and steal money. Financial institutions are particularly at risk of theft as North Korea bleeds funds to support its nuclear program. While North Korea’s track record on cyber heists is mixed, the army of more than 6,000 hackers is undeniably persistent, and undeniably improving, according to American and British security officials who have traced these attacks and others back to the North, as noted by a New York Times report.  

The goal for North Korea’s cyberattack operations, beyond flying under the radar, is to inflict death by a thousand cuts — a deliberate and organized disrupt-and-attack approach in line with the country’s national strategy. Arguably, the more money and resources North Korea can steal via cyberattacks, the stronger its kinetic military can become. 

As noted in a recent report, “experts believe that North Korea derives more than $1 billion a year from its attacks. That includes this past summer’s WannaCry ransomware attacks, which crippled thousands of computers around the world, forcing users to pay up in order to decrypt their hard drives. Among the prominent victims of the attack was Britain’s health service. They also target banks in hacks that are more smash-and-grab, making fraudulent withdrawal requests. The hackers are also particularly interested in anonymized cryptocurrencies.”  

Cryptocurrencies, such as Bitcoin, allow North Korea and other rogue states to circumvent traditional sanctions. North Korea continues to survive in the face of increasingly tough sanctions because a secondary black market of bitcoin, smuggling and cyber attacks keeps them floating. 

Starting in 2012, there has been a direct correlation between ransomware’s emergence and Bitcoin. While it’s difficult to suggest that correlation is causation (especially when Bitcoin is now used by so many legitimate and illegal businesses), a cursory look at the ransomware economy gives some insight into how Bitcoin is helping illicit economies (and nation states) proliferate. 

The most notable innovations contributing to the success to such economies have been the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to “follow the money.” Bank transfers and credit card transactions traditionally aid in the quick takedown of scams. Bitcoin means there’s no bank to identify the account holder. 

As a result, comparing 2016 vs. 2017 YTD, the ransomware marketplace on the dark web has grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502%. This economy extorts, according to the FBI, ransom payments that totaled about $1B in 2016, up from $24M in 2015. 

North Korea’s Investments in Cyber Capabilities vs. Kinetic Military 

North Korea invested in cyber capabilities while the West reinforced kinetic military supremacy. Russia and China have no interest in collapsing the current regime for fear of a North Korea and South Korea reunification that would park a western-friendly democracy on their borders.    

The West needs to strengthen its offensive and defensive cyber capabilities to deal with North Korea as a threat. North Korea knows the U.S.’s late-to-the-game focus on cybersecurity is an Achilles heel. They are exploring and exploiting this weakness. 

Past administrations have failed at pursuing adequate cybersecurity policies while the current administration has not taken up the banner. The United States should (and must) do more. 

The most important way the United States can thwart North Korean (and other) cyber attacks is by investing in robust cyber defense at both the government agency and commercial levels.  The Federal Government must work with States to promote upgrades to our infrastructure that will defend against cyber attacks and cyber terrorism, funding to institutions to enhance security and outreach to citizens regarding the threat.     

We must enhance our intelligence agencies’ ability to gather intelligence in North Korea from human sources and must thwart cyber attacks by engaging in disruptive cyber operations.  In short, our cyber spies have to better those in North Korea, otherwise we will always play a game of poker where the adversary knows half our cards.        

A World Without Sanctions 

North Korea’s weapons’ tests have led to international sanctions, while its cyberattacks have been met with little to no pushback. This despite the overwhelming intelligence suggesting the North is using its hacking teams to steal money, protect its political agenda, and conduct espionage.

North Korea’s leader, Kim Jung Un, appears to be playing a game of cyberwar poker, betting that no western nation will respond to a covert cyberattack with military action. In that regard, sanctions might do very little to curb the current situation. Only when a cyberattack from North Korea causes real-world casualties will the idea of a military strike be entertained. To date, North Korea has remained firmly under the radar in this realm. 

As I’ve noted before, hacking is just the latest form of espionage. North Korea has been laughed at by the rest of the world for a long time. No longer. As it continues to spy, extort money, and stay under the radar, North Korea must be taken seriously as an existential threat to the rest of the world.  

Eric O’Neil, National Security Strategist at Carbon Black 

Image Credit:  Etereuti / Pixabay

Eric O’Neill
Carbon Black’s national security strategist and former FBI operative who helped capture Russian spy Robert Hanssen, Eric O’Neill is a thought leader on several issues including counterterrorism and national security.