North Korea’s Illicit Money Machine

Background: Brief History of North Korea

Following World War II, the international order was divided over the ideological governance styles and practices of democratic capitalism and communism. Particularly, the U.S. a capitalist state wanted to promote democracy and capitalism globally, whereas the Soviet Union sought a communist world order. Although the U.S. and USSR were in a strategic competition for global dominance, they never once formally engaged in a hot or live war with one another. However, throughout the Cold War, the U.S. and the USSR fought combatively via proxy conflicts. Among the very first of these proxy engagements was the Korean War. After WWII, the Korean Peninsula, which was once a unified nation, had been divided into a communist northern state known as the Democratic People’s Republic of Korea (DPRK), and a democratic, capitalist, southern state, the Republic of Korea (ROK). During the war, China sent two million soldiers along with the Soviet Union’s logistical support to aid the DPRK, whereas the ROK was primarily reinforced by the U.S. In June of 1950, due in part to the influence of the PRC and the USSR, the DPRK crossed the border and invaded its southern neighbor, intending to establish a unified communist Korean nation. The Korean War, which lasted three years, saw horrific casualties and fatalities on all sides. Ultimately, upon the signing of the Korean Armistice Agreement, the war concluded, and a demilitarized zone was established between the North and South along the 38th Parallel. After the war, North Korea followed a far different trajectory than the Republic of Korea. Whereas the South experienced significant economic growth, the North was beginning to shield itself from the outside world, creating a “hermit kingdom” according to professor Mitchell Lerner of The Ohio State University, among many other experts.

 North Koreas Acquisition of Nuclear Weapons:

Beginning in the 1950s, Kim Il-Sung repeatedly emphasized the imperativeness of a ballistic and nuclear weapons program for the DPRK, as it would prevent North Korea from lagging too far behind the South. However, since 1950, the DPRK has been significantly impacted by severe U.S. and international sanctions for human rights abuses and failures to comply with international laws. Furthermore, the U.S. in addition to many Western countries has recently levied strict sanctions against the DPRK for cyber-crime offenses. Under the harsh leadership of North Korea’s first ruler, Kim Il-Sung, the DPRK actively sought methods of securing funding for a ballistic and nuclear missile program. Specifically, the DPRK frequently employs various illicit methods to circumvent the tight sanctions placed by the international community. Ultimately, the DPRK, according to many experts, wants nothing more than to ensure its continued existence and that of the Kim dynasty. Fast forward to 1984, and under Kim Il-Sung, North Korea test-fired its very first missile. Undoubtedly the employment of nuclear and conventional weapons was championed by not only Kim Il-Sung but his son Kim Jung-Il and grandson, Kim Jung-Un (KJU). However, of the three DPRK leaders, none have taken a greater interest in advancing the DPRK’s missile program than its current leader, KJU. Specifically, KJU has placed a great deal of emphasis on science, technology, engineering, and math as well as emerging technologies to advance the DPRK’s national agenda. The U.S. and the international community writ-large have condemned the DPRK’s military, scientific, and technological advancements and have issued strong sanctions against the North Korean government. 

North Korea’s Illicit Financing of its Missiles Program:

While the PRC, in violation of international sanctions, provides North Korea aid through cargo shipments, along with other measures, these means don’t outright provide the DPRK with enough capital to fully fund its desired missile program. Therefore, the DPRK utilizes several illicit activities to finance and grow its missile program. Particularly, the DPRK engages in the manufacturing and distribution of illegal narcotics manufacturing and the sale of counterfeit goods, trafficking arms globally, and producing and selling counterfeit currency. Yet, among the DPRK’s most recent lucrative financing activities for its missile program, has been its global hacking and malware campaign. Last year it was reported that the DPRK had stolen nearly $400 million worth of digitized assets from seven different attacks on various cryptocurrency platforms.  This is a significant development and should raise serious concern among states globally. According to some North Korean and national security experts, the DPRK likely goes after cryptocurrency as it is far less regulated than other forms of hard-copy currency, and thus it is easier to manipulate and bypass foreign sanctions. A recent United Nations investigation also determined that North Korea has stolen and continues to steal cryptocurrency to further finance its missile program. Yet, this all goes without stating the obvious, the DPRK is strictly prohibited by the UN from testing ballistic and nuclear missiles, let alone developing them. To be clear, it is not as if, the international community is “out to get the DPRK”, and therefore is prohibiting their acquiring of ballistic and nuclear missiles. Thus, it is inconsequential if the DPRK finances its missile program through legal or illicit means, simply financing it, to begin with, is in violation of sanctions. The DPRK both through its rhetoric and actions has proven its desire and capability to use asymmetric weapons systems against the U.S., RoK, and U.S. interests globally. Although the western media frequently discusses the DPRK missile threat and covers each test closely, there is a legitimate reason for concern. 

The employment of sophisticated offensive cyber measures by the DPRK is hardly a new tactic. Most notably, upon the release of the Sony Pictures film “The Interview”, DPRK launched an intrusive cyber operation against the Sony Corporation, leaking highly sensitive personally identifiable information. As I mentioned previously, the DPRK is extremely isolated from the rest of the world, and its citizens do not have access to the internet. Thus, this begs the question of how the DPRK can launch successful cyber-operations against the rest of the world? According to some experts, while the DPRK has limited internet access in its capital of Pyongyang, the PRC is complicit in allowing DPRK cyber military operators to come across the border and utilize China to launch attacks on its various targets. As with assisting the DPRK in evading sanctions, the PRC is highly culpable in its assistance efforts with the DPRK in cyberspace. However, the PRC has its reservations, as it greatly fears that an unstable DPRK could flood millions of North Korean refugees into China, which China lacks the resources or infrastructure to support. Beyond hacking operations, the DPRK has long employed ransomware attacks to assist in funding its missile program. Specifically, the WannaCry attack in which the DPRK targeted computers and servers running Windows operating systems, ultimately demanding ransom payments in Bitcoin. For the DPRK its global cyber ransomware operations are highly lucrative. According to the U.S. Department of Justice (DoJ) between 2015-and, 2019 DPRK ransomware hackers attempted to steal roughly $1.2 million from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa. Moreover, according to the WIRED, DPRK secured $80 million by “tricking” a network into re-routing funds. Additionally, the FBI recently reported that North Korea stole more than $600 million in cryptocurrency, from a single hacking operation. This is a critical development as it demonstrates that the DPRK is continuing to use hack and steal operations to generate significant revenue.

Recommendations

While the international community has levied strict sanctions against North Korea, the DPRK has consistently demonstrated its formidability in cyberspace as one of the preeminent state cyber threats that the U.S. faces. However, given the nature of where cyber operations occur, there is a strong likelihood that the U.S. has been effectively thwarting the DPRK in cyberspace, though the public will never know. Thus, it is difficult to evaluate how the U.S. is doing countering North Korea’s cyber threats and illicit financing campaigns. For example, when a bomb is dropped on a target, reporters can verify that. However, due to cyber operations taking place, mostly, outside of public view, little if any substantial reporting exists to confirm such activity. Yet, after the Sony hack, it has been reported that DPRK’s internet was cut, seemingly by the U.S. and its partners. Therefore, I would suggest that the DoJ, “name and shame”, the DPRK attackers, publicly indicting them on charges. Particularly, the process of openly outing hackers is critical as many enjoy life in the shadows and will stop once they have been caught red-handed and put in the public eye. Furthermore, I recommend that the Five Eye intelligence allies actively degrade and disrupt the operating networks and information systems affiliated with the DPRK attacks. Although such an aggressive maneuver may complicate relations with the PRC, the West must take greater action against the DPRK. Furthermore, Lastly, I would advise that the U.S. financial crimes enforcement network utilize targeted sanctions to freeze the DPRK’s financial assets and that of Worker’s Party members and high-ranking North Korean military officials. While the threat from the DPRK will not dissipate any time soon, the U.S. government, international partners, along with the private sector must continue to publicly discuss DPRK’s illicit financing, while actively thwarting such activities.