North Korea has long been known as a hermit kingdom, but it is learning to embrace the internet.
The Asian country has “dramatically” changed its internet use patterns, according to a new report, which could make imposing sanctions and defending American networks more difficult.
North Korea is using cyber operations to conduct low-level financial crimes and the country’s leaders are increasingly using the internet as a part of their daily life, according to an Oct. 25 report from Recorded Future, a threat intelligence firm.
North Korean leader Kim Jong Un is quick to embrace technology and then cast it aside, directing hacking operations along the way as he runs the country “like a criminal syndicate,” according to the Recorded Future report.
One example of North Korea’s technological experimentation is its use of social media. In recent months, it appears North Korean leaders are embracing LinkedIn, although it is not clear what their goals are.
Hackers from the country have also developed “an asset-backed cryptocurrency scam,” according to the report, which helps “to raise funds for the Kim regime.”
North Korea has begun to “professionalize their use of the internet,” and the web has become a more regular tool for top officials, according to Recorded Future. The development “will exacerbate existing challenges in sanctions enforcement and computer network defense.”
Although North Korean hackers have been accused of dramatic cyber operations that include stealing $81 million from the Bank of Bangladesh and hacking into Sony Pictures, “from a numbers prospective, those operations are a small percentage of what North Korean operators do every day,” Priscilla Moriuchi, the director of strategic threat development at Recorded Future, told Fifth Domain.
“The majority of their average day-to-day work is this kind of low-level financial crime because they have a salary that they have to earn every year.”
Moriuchi told Fifth Domain that there was no change in North Korean cyberactivity following Kim’s June meeting with President Donald Trump.
Recorded Future’s report comes as senior U.S. officials have identified North Korea as one of its main threats in cyberspace, and the Department of Justice has brought legal action against accused hackers.
Along with Russia, China and Iran, North Korea is “operating beyond the bounds of what we would consider reasonable,” Rob Joyce, senior adviser to the National Security Agency, said during an Oct. 23 event hosted by Palo Alto Networks. Joyce described North Korea as “a nation state stealing hard currency … they are bank robbers.”
The Department of Justice indicted Park Jin Hyok, a North Korean hacker, Sept. 6 for his role in crimes that include the WannaCry 2.0 global ransomware attack. North Korea’s government is responsible for “hundreds of millions, if not billions, of dollars’ worth of damage,”assistant attorney general John Demers said when the charges were filed.
U.S. officials have found it is difficult to deter North Korea’s profitable hacking activity.
Because North Korea is not widely connected to the internet, there are not many digital targets for U.S. Cyber Command, according to a former U.S. intelligence official.
For years, U.S. officials were cautious about hacking North Korea because a large portion of its internet travels through China, current and former White House officials have told Fifth Domain. There was an apparent fear that if the Americans were caught in the act of hacking by the Chinese, officials from Beijing might think they were being targeted, instead of North Korea.
But Moriuchi said there were other ways of digitally deterring North Korea. Stopping North Korean cyberactivity will require “taking them out at the knees,” she said, and treating the country’s digital operations as if it were a criminal syndicate. It means arresting North Korean hackers if they travel outside the country, indicting officials and working with partner law enforcement agencies.