​Beware North Korea's most powerful weapon (hint: it's not a nuclear arsenal)

By Eric O' Neill, Carbon Black

With all the talk associated with North Korea's prospects of launching a nuclear attack, there is often an overlooked, existential threat that continues to fly under the radar - cyber attacks. In truth, North Korea's cyber warfare operations pose a much greater risk to the West than the prospect of nuclear war.

North Korea has invested heavily in cyber attack operations to disrupt its Western enemies. Western intelligence services blamed the 2014 attack against Sony on North Korea's spy agency, the Reconnaissance General Bureau. North Korea is also believed to be responsible for the cyber heist at Bangladesh's central bank and the global WannaCry ransomware attack earlier this year.

Pyongyang's cyber spies conduct low-cost, high-impact, deniable attacks around the world to harm enemies, disrupt the West and steal money. Financial institutions are particularly at risk of theft as North Korea bleeds funds to support its nuclear program. While North Korea's track record on cyber heists is mixed, the army of more than 6,000 hackers is undeniably persistent, and undeniably improving, according to American and British security officials who have traced these attacks and others back to the North, as noted by a New York Times report.

The goal for North Korea's cyber attack operations, beyond flying under the radar, is to inflict death by a thousand cuts - a deliberate and organised disrupt-and-attack approach in line with the country's national strategy. Arguably, the more money and resources North Korea can steal via cyber attacks, the stronger its kinetic military can become.

As noted in a recent report, "experts believe that North Korea derives more than $1 billion a year from its attacks. That includes the WannaCry ransomware attacks which crippled thousands of computers around the world, forcing users to pay up in order to decrypt their hard drives.

Among the prominent victims was Britain's health service. The attacks also target banks in hacks that are more smash-and-grab, making fraudulent withdrawal requests. The hackers are also particularly interested in anonymized cryptocurrencies.

Crypto-currencies such as Bitcoin allow North Korea and other rogue states to circumvent traditional sanctions. North Korea continues to survive in the face of increasingly tough sanctions because a secondary black market of bitcoin, smuggling and cyber attacks keeps them floating.

Starting in 2012, there has been a direct correlation between ransomware's emergence and Bitcoin. While it's difficult to suggest that correlation is causation (especially when Bitcoin is now used by so many legitimate and illegal businesses), a cursory look at the ransomware economy gives some insight into how Bitcoin is helping illicit economies (and nation states) proliferate.

The most notable innovations contributing to the success to such economies have been the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to 'follow the money'. Bank transfers and credit card transactions traditionally aid in the quick takedown of scams. Bitcoin means there's no bank to identify the account holder.

As a result, comparing 2016 vs 2017 YTD, the ransomware marketplace on the dark web has grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502 per cent. According to the FBI, this economy extorts ransom payments that totalled about $1 billion in 2016, up from $24 million in 2015.

North Korea invested in cyber capabilities while the West reinforced kinetic military supremacy. Russia and China have no interest in collapsing the current regime for fear of a North Korea and South Korean reunification that would park a western-friendly democracy on their borders.

The West needs to strengthen its offensive and defensive cyber capabilities to deal with North Korea as a threat. North Korea knows the U.S.'s late-to-the-game focus on cyber security is an Achilles heel. They are exploring and exploiting this weakness.

Past administrations have failed to pursue adequate cyber security policies while the current administration has not taken up the banner. The United States should (and must) do more.

The most important way the United States can thwart North Korean (and other) cyber attacks is by investing in robust cyber defence at both the government agency and commercial levels. The Federal Government must work with States to promote upgrades to infrastructure that will defend against cyber attacks and cyber terrorism, funding to institutions to enhance security and outreach to citizens regarding the threat.

Read more: Adobe kills a North Korean hacking group’s first zero-day

We must enhance our intelligence agencies' ability to gather intelligence in North Korea from human sources and thwart cyber attacks by engaging in disruptive cyber operations.  In short, US cyber spies have to better those in North Korea, otherwise we will always play a game of poker where the adversary knows half our cards.
A world without sanctions

North Korea's weapons' tests have led to international sanctions, while its cyber attacks have been met with little to no pushback. This is despite the overwhelming intelligence suggesting the North is using its hacking teams to steal money, protect its political agenda, and conduct espionage.

North Korea's leader, Kim Jung Un, appears to be playing a game of cyberwar poker, betting that no western nation will respond to a covert cyber attack with military action.

In that regard, sanctions might do very little to curb the current situation. Only when a cyber attack from North Korea causes real-world casualties will the idea of a military strike be entertained. To date, North Korea has remained firmly under the radar in this realm.

Hacking is just the latest form of espionage. North Korea has been laughed at by the rest of the world for a long time. No longer. As it continues to spy, extort money and stay under the radar, North Korea must be taken seriously as an existential threat to the rest of the world.

Tags cyber attacksnorth koreaBitcoinCarbon BlackWannaCry

Show Comments