For years, the international community has slapped North Korea with painful economic sanctions aimed at constraining its nuclear ambitions. Trade of arms and military equipment has been prohibited, exports of coals and minerals have been banned, and the assets of North Korean officials have been frozen. To make matters worse, the ongoing Covid19 pandemic has hit Pyongyang harder than any previous sanction. After closing its border with China, trade with Beijing has been reduced by 95%, leading to a scarcity of food and basic necessities such as soybean oil, sugar, and flour. Trains and flights in and out of the country have been stopped since March 2020, thus freezing tourism and labor exports, two major sources of foreign currency. It would therefore be easy to conclude that North Korea has recently been living in total economic isolation, that is, were it not for cyberspace.
In the physical world, a country like North Korea can be forced into isolation. Yet, in cyberspace, Pyongyang is everybody’s neighbor. Often described as the fifth domain of warfare, cyberspace has a low cost of entry while offering a high degree of anonymity. Pyongyang has seemingly exploited this domain to circumvent economic sanctions, raising millions of dollars through ransomware attacks. North Korean hackers have in fact been accused of hacking international financial institutions to steal foreign currency, which is in turn used to finance Pyongyang’s nuclear program. For this reason, they have recently been branded as “the world’s leading bank robbers”. But North Korean hackers might also have been the architects behind a cyber-attack directed against Sony Pictures Entertainment back in 2014. The entertainment company was about to release “The Interview”, a comedy that portrayed two journalists assassinating Kim Jong-un in Pyongyang. North Korea’s requests to cease the production of the movie had largely been ignored, then, in November, Sony’s employees entered their office and found images of red skeletons on their computers. “We’ve obtained all your internal data, including your secrets and top secrets”, said a message on the screens, “if you don’t obey us, we’ll release the data shown below to the world.” This makes North Korea a rare cyber-creature: a country which is using cyberattacks not only for espionage, but also to fund its own operations, and – even more strangely – to punish comedic depictions of its leader.
In 2017, the Trump administration accused North Korea of being responsible for the WannaCry malicious software, which blocked computers in more than 150 countries. In response, Pyongyang denied any responsibility and declared “we have nothing to do with cyberattacks.” Following the malware intrusion, victims were asked for a ransom payment in exchange for unlocking their systems and data. In two hospitals in Jakarta, the malware blocked patient files, including medication records. In the UK, hospitals had to cancel thousands of medical appointments after losing access to computers. In China, some gas stations had to ask their customers to pay by cash only, after their digital payment system stopped working. In France, the carmaker Renault had to suspend its production in order to stop the spread of the worm. In different ways, the WannaCry computer worm caused unexpected levels of disruption all around the world.
Constrained by a set of international sanctions and by the destructive force of the ongoing pandemic, Pyongyang is now searching for new means to ensure its survival in a hostile environment. And cyberspace offers plenty of opportunities. Following the public’s growing interest in digital currencies, North Korean hackers have currently turned their attention to the world of cryptocurrencies. Allegedly, they have built at least nine cryptocurrency apps to trade cryptocurrencies and create digital wallets, such as Ants2Whale, CoinGo, and iCryptoFX, designed with a back door that can provide North Korean hackers with access into computer systems. In August 2020 one of these Apps was used to break into a financial institution in New York to steal $11.8 millions in cryptocurrency. In addition, exchanges that trade Bitcoin and other cryptocurrencies have fallen victims to North Korean cyberattacks, as these exchanges offer easy access to storage facilities known as “hot wallets”: hot, because they are connected to the Internet, as opposed to the storage method known as offline “cold wallets”. In total, according to a UN report, North Korea might have stolen more than $300 million in cryptocurrencies over recent months, partly in order to support its nuclear program.
In the past, most of North Korea’s criminal operations involved the smuggling of cigarettes, counterfeit money, trading of endangered species, and illegal drugs such as methamphetamine. Today, cyberspace allows conventionally weaker actors to challenge their stronger competitors more easily. North Korea can thus pursue an asymmetric strategy to put pressure on the international community: through cyberattacks, Pyongyang is not only countering its economic isolation, but it is also funding its nuclear program.
It is hard for the international community to find an effective response: retaliation seems highly ineffective, because North Korea has a primitive infrastructure that is less vulnerable to cyberattacks. Imposing further sanctions also appears a non-viable option: many sanctions have already been imposed, and North Korea is becoming increasingly adept at finding workarounds to its economic isolation.
For decades, North Korea has searched for solutions to the same old questions: how to mitigate and instrumentalize its weaknesses to stay relevant in a hostile international system. Now, it seems that cyberspace offers the answers.
Carlotta is a MA candidate in International Affairs at the Defence Studies Department, King’s College London.