A nuclear attack against the United States by North Korea would be “one and done”, while a cyber attack by North Korea is the gift that keeps on giving for Kim Jong Un. The former was never really a reality in our lifetime. But the latter is happening even as both nations prepare for the June 12 summit in Singapore.
The lack of a specific doctrine in cyber warfare has plagued policymakers for years. In April, President Trump finally sent a report to Congress on U.S. policy for deterring and responding to attacks in the fifth domain — cyberspace. We’ve had a nuclear doctrine for decades, and now our cyber warfare doctrine is starting to evolve and mature.So where does that put us with North Korea? It puts us negotiating away a threat that was still years away from becoming a reality, and not dealing with the threat that is staring us in our digital face. After all, there’s little chance the hacking activities of North Korea will be up for discussion.
International sanctions have severely crippled North Korea, making offensive cyber operations against financial institutions a necessary activity to generate much-needed cash. Even as both sides prepare for the summit in Singapore, North Korea continues to target banks in Latin America and Asia with ongoing attacks.
The nuclear ambitions of North Korea can be traced back to the early 1950’s. Yet, it took until 2006 before Pyongyang announced their first underground nuclear explosion. Contrast that with the 2014 Sony attack by North Korea, and their quick evolution into a major threat in cyberspace.
Had North Korea actually launched a nuclear missile, the military response would have been swift and deadly for Kim Jong Un. Instead, through cyberspace, North Korea can attack nations at-will with little chance of real penalty.
In 2017, North Korea’s reported WannaCry ransomware attack targeted hospitals, banks and scores of companies. The scope of the attack was made possible by our own National Security Agency (NSA) when a highly classified toolkit of vulnerabilities was compromised. Over 300,00 computers in 150 countries were infected. In the United Kingdom many hospitals were hard hit, causing thousands of appointments and surgeries to be rescheduled.
The only punishment? White House homeland security adviser Tom Bossert said “I hope they stop acting badly online. If they don’t, this president will act on behalf of the United States.” Ouch … Kim Jong Un must still be smarting from that tremendous rebuke.
North Korea’s offensive cyber operations will be the ultimate bargaining chip. The prospect of peace, ending a 65-year-old war and the de-nuclearization of the Korean peninsula give Kim Jong Un the advantage for the foreseeable future.
This advantage translates into a growing sophisticated malware threat that targets media, aerospace, financial and critical infrastructure organizations, both in the U.S. and globally. As recently as May 29, the FBI and DHS jointly issued an alert that details two families of malware tied to North Korea. Code-named HIDDEN COBRA, this hacking group has kept the intelligence, defense and cybersecurity community just as busy as China, Russia and Iran have.
Trend Micro, a Japan-based security firm, released an analysis in January 2018 on the Lazarus Group — a.k.a. HIDDEN COBRA. They concluded:
“Few cybercrime groups throughout history have had as much disruptive power and lasting impact as the Lazarus Group.”
Cyber warfare levels the global playing field in a way nuclear weapons can’t for North Korea. The risk-return calculation for hacking versus nukes is exponentially different. With the advent of cryptocurrencies like Bitcoin, and the relative anonymity that is inherent in the design, North Korea has been able to focus fewer resources to achieve bigger returns than a nuclear program ever could.
From Bitcoin mining to outright theft, North Korea is estimated to have made as much as $200 million last year from cryptocurrency. This allows the country to blunt the effects of U.S. sanctions, and continue funding critical nuclear research — for now. Imagine what their capability will be when they can double, triple and even decuple their spending. (I had to look it up too. That’s a tenfold increase.)
Nothing is off-limits for North Korea and their continued maturation as a sophisticated cyber threat.
In addition to HIDDEN COBRA, North Korea has spinoff groups that focus on specific kinds of targets and attacks. Their activity has been traced back to 2007 and includes a 2016 attack against a bank in Bangladesh that netted $81 million by compromising the bank’s system to obtain its credentials to then send messages on the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network. Had it not been for some unforced errors, North Korea might have stolen an additional $850 million.
Business is booming, and North Korea is branching out into mobile devices.
To take one example, the Lazarus Group created a fake copy of a legitimate Bible reading app in Korean. This Android app — really a mobile malware attack — was available from Google Play and was targeted at users in South Korea.
When Mark Zuckerberg testified before Congress on Russian activities during the 2016 election, much attention was paid to the fake profiles created on the Facebook platform. Nothing was mentioned about North Korea, Lazarus, HIDDEN COBRA, or Kim Jong Un and their fake profile campaigns.
If North Korea can be this effective in cyberspace, imagine what they will be capable of five years from now. Sticking our heads in the sand about North Korea and their offensive cyber capabilities, only to get the “deal” done, is denial.
Gavin De Becker in his book “The Gift of Fear” called denial a “save-now-pay-later” scheme. I can only imagine Kim Jong Un remarking to his band of sycophants, “And to think they were worried about our nukes.”
Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. Previously Morgan was a senior advisor in the U.S. State Department Antiterrorism Assistance Program and senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.