The international wheels of justice may grind slowly, but after several reports on the topic, including one from the organization itself, the United Nations is beginning an official investigation of North Korea and its allegedly state sponsored illicit hacking activities. At issue is roughly $2 billion in illegal gains that have found their way back to the Democratic People’s Republic of Korea, ostensibly to fund its program of developing a nuclear arsenal of its own. The UN published its own report about such cyber attacks, but many mainstream media outlets have recently referenced key excerpts in the report.
The UN’s allegation described a broad-based system of 35 cyber attacks that has victimized some 17 countries across the globe. The Republic of South Korea has been far and away the primary target of these attacks. The UN mentions a total of ten attacks, with India next in line at three, but the rest of the countries were limited to one or two attacks apiec. These countries were Bangladesh, Chile, Vietnam, Nigeria, Kuwait, Liberia, South Africa, Slovenia, Costa Rica, Gambia, Guatemala, Tunisia, Malaysia and Malta.
According to the UN report: “Democratic People’s Republic of Korea cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programs, with total proceeds to date estimated at up to two billion US dollars.”
Independent of the UN report, there have been several other studies from crypto analysis firms that have delved into the nature of cyber attacks in the industry, primarily in the area of cyrpto exchange compromises. Several billions of dollars have been lost in just the past few years by crypto exchanges across the globe, and the attacks appear to be very organized and subsidized on specific occasions by North Korea and other nations bent on raising illicit funds and disrupting the western world.
The UN report details three specific areas of attack: 1) The SWIFT international network for coordinating the flow of cross-border transfers of funds; 2) Various crypto exchanges and their customers, and 3) Crypto-jacking, the process of secretly commandeering the computing power of unsuspecting individuals and then using this power to mine cryptocurrencies for rewards. The UN reports highlights a great deal of detail as to how these illicit activities are carried out:
- SWIFT Attacks: The Society for Worldwide Interbank Financial Telecommunication (SWIFT) system is a favorite target of cyber-criminals, since enormous sums of money are transported across these channels everyday, but the level of security remains a formidable defense. The weak link appears to be the computer systems given to employees. Crooks have gained access via this avenue, but have only managed to send erroneous messages through the system. Attempts to insert malware have resulted in several instances of fake ATM transactions that have affected as many as 20 countries.
- Crypto Exchange Compromises: By far, the largest amount of illicit funds have been stolen in this arena. It is not clear if all professional hacking gangs have been funded directly by North Korea, but firms like Chainalysis have determined that hackers fall into two distinct “personalities” – the ones that hit quick and convert immediately, and the ones that prefer to wait until the dust settles before cashing out. In every case, the crooks may use as many as 5,000 laundering transactions to layer fund movements and disguise crypto destination addresses before conversion to fiat currencies. Investigative tools have evolved at record pace to assist law enforcement and victimized exchanges to recover or at least “freeze” stolen amounts at endpoint addresses.
- Crypto-Jacking: The prevalence of this activity is directly tied to the value of the mined tokens. The recent rally of Bitcoin to rise from a December bottom of $3,130 to roughly $11,000 today has incentivized miners to step up their activities and encouraged crooks to do the same. The easiest path for criminals is to employ crypto-jacking ruses to avoid the expenses of both hardware and electricity when earning mining rewards. Unsuspecting victims discover their fate when monthly utility bills suddenly skyrocket to the stratosphere. By then, the crooks have departed the scene.