North Korea Internet Use Spikes As Regime Relies on Hacking and Crypto to Circumvent Sanctions

The internet has become a "critical tool" for the North Korean regime to evade sanctions and make money through cybercrime and fraud, researchers say.

A study into the web use of the leaders and ruling elite—rather than the public—was conducted by Insikt Group, a division of intelligence outfit Recorded Future, between January and November last year. The team found a 300 percent spike in network activity compared to 2017.

"The Kim regime has developed a model for using and exploiting the internet that is unique—it is a nation run like a criminal syndicate," the report said.

Intended as a way of getting around tough global restrictions, the nation's top brass are using a model that generates revenue via covert bank robberies and fraud, combined with some non-criminal actions like cryptocurrency mining and IT work.

The U.N. Security Council has a broad range of economic and financial sanctions designed to curb the regime's attempts to create nuclear weapons and limit trade. The U.S. imposes its own set of sanctions via the treasury department.

The fingerprints of North Korea-aligned hackers have previously been found on ransomware outbreaks and cyber-intrusions on crypto exchanges, casinos and banks. Security experts have done extensive probes of one state-hacking unit known as "Hidden Cobra."

According to Insikt Group, the regime relies on the digital currency Monero to launder or move the proceeds of criminal activities. It is believed officials are involved in cryptocurrency mining and a suite of "low-level" fraud involving counterfeit video games and software hacks. A major source of financing comes via its exploitation of the SWIFT global banking infrastructure.

"For the North Korean political and military elite, the internet has become a critical tool," the researchers wrote in their report, published on February 9.

They added: "This includes not only using the internet as a mechanism for revenue generation but as an instrument for acquiring prohibited knowledge and skills, such as those enabling the development of North Korea's ballistic missile programs, and cyber operations.

"North Korea has developed an internet-based model for circumventing international financial controls and sanctions regimes imposed on it by multinational organizations and the West."

Researchers said their analysis, building on statements from defectors, found North Koreans involved in cybercrime are often sent abroad to "obtain advanced training."

The team said North Koreans linked to nefarious activity during last year were traced to India, China, Nepal, Kenya, Mozambique, Indonesia, Thailand and Bangladesh.

They wrote: "North Korea is not only exploiting third-party nations to train cyber operators, but also possibly even to acquire nuclear-related knowledge banned by U.N. sanctions."

The report covers the period of negotiation between the regime's leader Kim Jong-un and President Donald Trump, which included unprecedented meetings but ended in stalemate.

It seems most web use now takes place on weekdays, unlike previous analysis in 2017 when use appeared to spike during Saturday and Sunday, researchers noted.

In 2018, the U.S. charged North Korean citizen Park Jin Hyok for his alleged role in "multiple destructive cyberattacks," including the massive WannaCry outbreak in 2017, the theft of $81 million from Bangladesh Bank in 2016 and the 2014 cyberattack on Sony Pictures.

The team warned other reclusive countries are likely taking note.

"North Korea has developed a model that leverages the internet as a mechanism for sanctions circumvention that is distinctive but not exceptional," the report said.

"This model is unique but repeatable, and most concerningly can serve as an example for other financially isolated nations in how to use the internet for sanctions circumvention. We believe we will begin to see other isolated nations use some of the same criminal and non-criminal techniques leveraged by North Korea to generate revenue and evade their own sanctions."

It could "serve as an example for other financially isolated nations, such as Venezuela, Iran, or Syria, for how to use the internet to circumvent sanctions," the team warned.

 Kim Jong Un, Donald Trump
North Korea's leader Kim Jong Un (R) walks with President Trump (L) during a break in talks at a US-North Korea summit, at the Capella Hotel on Sentosa island in Singapore on June 12, 2018. SAUL LOEB/AFP/Getty