And North Korea’s lack of connectivity gives the regime an asymmetrical advantage against more wired states, specifically the United States and South Korea, if they were to try to retaliate with cyberattacks of their own.
North Korea leader Kim Jong Un (left) and US President Donald Trump shake hands after their meetings at the Capella resort on Sentosa Island in Singapore on June 12.
The development of North Korea’s cyber capabilities has allowed it to pursue a three-pronged strategy: engage in traditional espionage activities, earn money and provide the regime with a tool to deter its adversaries.
We can see elements of each objective in North Korea’s cyber activities.
The North has also engaged in espionage against South Korea. Attacks on South Korea’s Ministry of Defense and military contractors resulted in the loss of a large number of classified documents, including partial wartime operations plans, and blueprints for a naval warship from Daewoo Shipbuilding and Marine Engineering.
Hacking has also been especially helpful to North Korea as a means to evade sanctions and earn much-needed hard currency.
North Korea has gone after traditional banks, including the cyberheist of $81 million from Bangladesh’s central bank, but more recently it’s turning to cryptocurrencies.
The anonymous nature of cryptocurrency allows the regime to avoid detection. Estimates indicate North Korea has hacked over 100 banks and cryptocurrency exchanges and to have successfully stolen $650 million, including the $530 million heist from Coincheck earlier this year.
The recent effort at détente with the United States and South Korea seems to have had little effect on North Korean behavior online.
That sort of behavior could prove to be the undoing of any agreement with North Korea regarding its nuclear weapons or ballistic missiles.
Much as the failure to address Iran’s ballistic missile and alleged terrorist activities undermined support for the Iran nuclear deal, failure to address North Korea’s cyber activities could undermine a nuclear agreement with Pyongyang.
The best way to manage this would be to negotiate a cyber accord with North Korea that delineates what cyber activities would not be acceptable.
Any agreement should be built around a set of principles that limit North Korea’s cyber activities and move Pyongyang away from criminal behavior as opposed to more traditional espionage type activities in which many states engage.
Among these, North Korea should agree to refrain from using cyberattacks as a form of retaliation against legal activities taken by private citizens and corporations.
Second, North Korea should end its attacks on the global financial system and refrain from resorting to cyber theft to steal hard currency.
Lastly, North Korea should agree to not sell or provide its hacking services or software to third parties seeking to engage in the type of activities it has agreed not to engage in.
While North Korea’s nuclear weapons and ballistic missiles represent a future threat to the United States, North Korea is already using cyberattacks against the United States and its allies. An accord that limited North Korea’s cyber behavior to certain activities would help to support any nuclear agreement and to remove one more area of contention between the United States and North Korea.
If the relationship between the United States and North Korea is to be fundamentally reformed, North Korea’s cyber activities must as well.
Each day, South Korea is believed to face an average of 1.5 million cyberattacks from North Korea, and a team of the country’s hackers known as the Lazarus Group are believed to be the second-most active hacking operation in the world.
North Korea has pursued these capabilities to address specific challenges confronting the regime. Pyongyang faces a significant military gap with its neighbors and cyber capabilities provide an inexpensive way to level the playing field against more powerful states. Hacking and cyber attacks are anonymous enough that they give North Korea a degree of deniability.