North Korea’s Hacker Army Is Just as Serious as Nukes and It’s Keen on Stealing Your Crypto

News and Analysis

North Korea has thousands of government-backed hackers trained to steal money and valuable information, disrupt infrastructure, and harass the ruling party’s targets, vice president for international security and diplomacy at the Asia Society Policy Institute Daniel Russel told Business Insider.

In this piece, we highlight the key points from the interview and recollect some of the big attacks on cryptocurrency exchanges that were traced back to North Korean hackers.

“This Is Not Hacking; This Is Cyber Warfare”

According to Daniel Russel, the North Korean cyberwarfare effort goes back to at least 2010. The country has been raising an “elite cyber force” under control of the Korean People’s Army and the Reconnaissance General Bureau, the country’s military and secret service. With an estimated force of around 7,000 people, the hacker army is likely to be a serious threat.

“Cyberweapons kind of level the playing field for North Korea in a way that nukes can’t,” Russel told Business Insider, “Cyberwarfare has a very different risk-return calculation. It’s a low-cost, asymmetric, relatively speaking, low-risk weapon system. And the US is the most vulnerable country on planet Earth to disruptive cyberattacks.”

He noted that a hefty part of the infrastructure in the U.S. was built in the “pre-digital era” and eventually retrofitted with internet linkage lacking appropriate cybersecurity safeguards. Unfortunately, it’s not easy to get the country’s dams and railroads up to date.

“Something like 80% of America’s critical infrastructure is privately owned. Who’s going to pay to upgrade the power plant? Who’s going to pay to upgrade the air traffic control systems? Who’s going to pay to upgrade the rail systems, the cellphone network? Good luck getting these private companies to sell their shareholders on investing billions of dollars in upgrades,” Russel said.

As the world embraces IoT technologies and 5G networks, the opportunities for high-level hackers are only getting wider.

To make matters worse, North Korean specialists work from outside their isolated homeland using nearby countries like Russia, China, and India as platforms for launching cyberattacks.

“That makes it very hard to get a definitive attribution that the attack originated in North Korea and raises the risk that China or Russia will get the blame. It also makes it harder for services in countries like the US to retaliate because you’re running the risk of retaliating against China or Russia for something that’s actually masterminded and executed by the North Koreans,” the expert explained.

Since North Korea is effectively cut off from the rest of the internet, the government can control the flow of information both into and from the heavily censored domestic intranet system. This is another factor that makes tracing the attacks back to their source harder.

On the bright side, there are organizations that have the expertise and technology necessary to follow whatever few leads those government hackers may have left.

“People who are real experts, Mandiant, FireEye, or CrowdStrike, or for that matter the CIA or the NIS, South Korea’s intelligence service, have a very sophisticated ability to conduct forensic detective work in the cyber realm. In many cases, they can identify patterns, code, servers, and the like to trace things back to North Korea.”

According to Daniel Russel, there are three types of “projects” North Korean hackers undertake.

The straightforward one is spying and stealing state secrets, like when they stole thousands of defense papers from South Koreans back in 2016.

“North Korea is also believed to have stolen a PowerPoint summary of the US military’s top-secret operation plan, called Op Plan 5027, which is the war plan for the United States,” Russel said.

Another is harassment and retaliation cyberattacks. The well-known example here, he noted, is the 2014 Sony Pictures hack when allegedly North Korean specialists leaked the company’s and its employees’ confidential data demanding to withdraw The Interview.

And then there’s cyber theft:

“Cyber theft effectively neutralizes UN and U.S. sanctions against North Korea. If North Korea is denied a billion dollars in the sale of coal and iron and mushrooms, but it can go out and steal a billion dollars, then sanctions are not going to have the intended effect.”

This is another aspect where innovation plays in favor of the isolated South-East Asian country. Cryptocurrencies turned out to be of particular use for them.

Stolen Bitcoins Funding Outcast Regime

The notorious WannaCry 2.0 ransomware that locked computers in over 150 countries and demanded $300 in Bitcoin as ransom back in 2017 is one of the projects attributed to the North Korean hackers.

In fact, cryptocurrency-centered cybercrime on their part is one of the key points of the Guidance on the North Korean Cyber Threat advisory paper issued in April 2020 by the U.S. government agencies.

“Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities—including cybercrime—to generate revenue for its weapons of mass destruction and ballistic missile programs,” the document warns.

The paper also mentions cases of cryptojacking, a method that involves hijacking a remote device to use it’s processing power to mine cryptocurrencies. According to the UN Security Council 1718 Committee Panel of Experts’ 2019 mid-term report, there were several incidents in which infected computers mined private coins and sent them to servers located in North Korea. Apparently, Monero was the hackers’ main coin of choice.

Interestingly, in January 2020, an Ethereum developer was charged with one count of conspiracy to violate the International Emergency Economic Powers Act after he allegedly visited a crypto-conference backed by the North Korean government and shared his expertise in blockchain and cryptocurrencies.

Just recently, in March 2020, two Chinese nationals were charged with laundering $100 million in cryptocurrency. The money reportedly originates from a 2018 crypto-exchange hack and is part of the total $250 million stolen.

“This indictment makes clear that the money these people laundered was part of a $250 million theft by North Korea in a cyberattack on a global cryptocurrency exchange. So this isn’t just imaginary stuff,” Daniel Russel stressed.

The official Department of Justice release also notes that the case is tied to the theft of around $48.5 million from a South Korean crypto-exchange. In both cases, the actors backed by North Korea have allegedly laundered the funds through multiple automated transactions and used fake identification documents to pass the platforms’ KYC measures.

“The hacking of virtual currency exchanges and related money laundering for the benefit of North Korean actors poses a grave threat to the security and integrity of the global financial system,” U.S. Attorney Timothy J. Shea of the District of Columbia said via the official release.

Given that the stolen coins eventually fund North Korea’s cyberwarfare infrastructure, not to mention the actual warfare infrastructure and weapons of mass destruction, the threat to the global financial system is but a part of the deal.

Ultimately, this is the other side of the coveted financial freedom associated with cryptocurrencies.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.


Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts

Tags: , , ,