Q. I think North Korea’s cyber capability is another issue that needs to be discussed alongside denuclearization. North Korean hackers targeted American and European banks, utilities, and oil and gas companies even when the two leaders were having their second meeting in Hanoi. I’d like to ask about the cyber capability of North Korea and how much risk it can create. (Park Ji-hye, a student at Korea University School of Media & Communication)
The following is the answer by Dr. Boo Hyeong-wook, a research fellow at Korea Institute for Defense.
North Korea is known to have nurtured some 10,000 combatants specialized in cyberattacks. It’s one of the poorest countries in the world, and doesn’t have an advanced cyber infrastructure, but we’ve witnessed sophisticated cyberattacks from North Korean hackers. In last August, the FBI reported the 179-page criminal complaint to a federal court that alleges North Korean hacker Park Jin Hyok hacked on behalf of the regime. The North used to conduct simple DDoS (Distributed Denial-of-Service) attacks or hack emails, but its cyber capability has greatly advanced to a level that it can now launch cyberattacks anywhere in the world.
In the past, North Korea waged cyberattacks against South Korea including DDoS attacks, hacking into financial and transportation networks such as Seoul Metro, accessing illicitly to the data system of nuclear power plants, and attempting to steal an operation plan by hacking into the defense system. As such, North Korea boasted its cyber capability by posing a threat to South Korea, thereby unnerving the strategic environment of the Korean Peninsula and heightening military tensions.
Recently, however, there’s been a shift in North Korea’s cyber activities. While refraining from using its cyber capability for military purposes, Pyongyang is focused on earning money. Due to strengthened international sanctions that have choked off the regime’s access to foreign currency, North Korea seems to be doubling its efforts to secure hard money. This explains the WannaCry ransomware attack in 2017 and breaches increasingly made to cryptocurrency exchanges last year. Cyberattacks to American and European businesses conducted during the Hanoi summit can be also interpreted in the same context.
Though North Korea is refraining from ostentatiously using its cyber capability for military purposes, undermining safety of online transactions is a serious issue. A Japanese media outlet lately cited the report of a United Nations panel of experts which said the North stole a total of 570 million dollars by carrying out cyberattacks on cryptocurrency markets. In addition to causing serious financial damage, North Korea is taking advantage of financial networks, the foundation of capitalism. What should we do about it?
In the end, it all boils down to denuclearization. The regime has become cash-strapped due to economic sanctions, and sanctions were put in place because of the North’s development of nuclear weapons. If sanctions are lifted, the regime would have no reason to order North Korean hackers to continue to carry out cyber activities to earn foreign currency. In this sense, the issue of North Korea’s cyber threat can be resolved relatively easily. Therefore, it is important to change the incentive structure of North Korea, and this requires the regime to take sincere toward denuclearization. The denuclearization process is connected to the direction of the North’s cyberattacks. I hope that we can see progress in North Korea’s denuclearization and it brings itself with an opportunity for us to tame another wild ambition, the North’s cyber threat.