If confirmed, North Korea has perpetrated the first state-sponsored digital bank robbery in history. It shows that North Korea is getting desperate and therefore that sanctions are working but at the same time that the international community must take additional steps to safeguard commerce and trade.
According to the digital security firm Symantec, it has evidence that links North Korean online hackers to the theft of $81 million from the central bank of Bangladesh in February and to two lesser raids last year on commercial banks in the Philippines and Vietnam. The attack on the central bank of Bangladesh would have been much worse if not for alert officials in other banks blocking suspicious transfers. Pyongyang has refused comment on the issue, but Symantec says that the computer codes used by these hackers are identical to those used in the Sony Pictures attack of November 2014 in an attempt to block the release of the movie comedy about Kim Jungun called The Interview and those used on South Korean banks and media in 2013. US officials have laid both at Pyongyang's doorstep.
North Korea has long been attracted to raising funds from abroad by illicit means. Under Kim Jung-un’s father, the North became infamous for its exquisite counterfeiting of U.S. $100 banknotes. These “super notes” were so perfectly executed that often the only people with the ability to detect them were experienced bank tellers, who could detect subtle differences in the texture of the notes. A combination of new U.S. security features embedded in the banknotes and pressure on North Korea seems to have ended this scheme. However, earlier this year, Chinese media reported that new, fake 100-yuan banknotes are being detected and that Beijing suspects Pyongyang is the source.
It is not surprising that criminally entrepreneurial North Korea is turning to cybercrime, because cyber is proving to be one of the only areas of excellence within the North’s economy. Last year, a North Korean defector who was a computer science professor in Pyongyang warned that North Korea has built a cyber army of 6,000 well trained hackers, who not only operate inside North Korea but also operate outside the country, primarily across the border in China.
On June 13th, the South Korean police cyber investigations unit announced that it has discovered that over the past two years, North Korea had hacked into more than 160 South Korean firms and government agencies. The plot came to their attention in February after Pyongyang managed to steal information from two South Korean conglomerates, some of it defense technology. Moreover, the North’s revenge attack on Sony Pictures was highly effective in stealing and revealing embarrassing proprietary information. I suspect it will be a long time before a major studio decides to create another comedy about the North Korean leader.
Vigilance and robust security practices are obviously critical to defending international finance and trade against North Korea. A cyber security firm, Novetta, is spearheading a collaborative, industry-wide initiative to significantly bolster defenses against Lazarus, the group of hackers linked to the Sony and banking attacks. An investigation of the Bangladesh bank cyber heist by a government-appointed panel hints that hackers who stole the $81 million may have had insider help, which is not surprising, as cyber penetrations are often assisted by clandestine human operations. Thus, defending against the North is not just a matter of cybersecurity but also of counterintelligence awareness of the activities of its operatives residing abroad.
Although defensive measures are necessary, they are unlikely to be sufficient to deter and defeat North Korean cybercriminals, particularly as new U.S. and international sanctions continue to take an escalating toll. Although only a single data point, it is encouraging that North Korean exports of coal to China dropped by 35 percent last month—suggesting Beijing is beginning to implement a ban on North Korean coal and iron ore imports that it announced under new UN sanctions in early April.
Earlier this month, the U.S. Treasury Department designated North Korea a “primary money laundering concern,” enabling the United States to use the authority provided in Section 311 of the U.S. PATRIOT Act to ensure that U.S. financial institutions are not inadvertently transacting with North Korean financial institutions or with the Pyongyang government through shell companies.
A less publicized development is the decision by the Polish government to stop importing construction laborer from North Korea. The UN estimated last year that North Korea had 50,000 workers abroad earning between $1.2 billion to $2.3 billions for the regime.
If North Korea is found responsible for the recent cybercrimes against international banks, it is time for the international community to warn the North that it is at serious risk of losing its access to the SWIFT interbank payment system. Without this access, North Korean banks and their customers would lose the ability to easily transfer funds internationally, potentially wreaking havoc on what little international trade North Korea is still able to conduct. U.S. and other businesses worldwide depend on the SWIFT system to move literally billions of dollars every day. A threat of this magnitude cannot go unchallenged.
