Analysts say there is evidence of North Korea activity in cryptocurrency markets and cyberattacks, but differ on whether the recent flurry of diplomatic activity has had an impact on the regime's online behavior. Photo by KCNA/UPI |
License Photo
NEW YORK, May 11 (UPI) -- North Korea engages in cybercrime to make money -- but not all analysts agree whether the regime should be blamed for recent attacks, or whether the country is showing a change in online behavior with its turn to diplomacy.
James Lewis, a senior analyst on cybersecurity at the Center for Strategic and International Studies, told UPI in a phone interview this week the main objective of North Korea cyberattacks on banks and companies is to have a "coercive effect on South Korea, Japan and the United States," three allies who have coordinated on North Korea sanctions.
But the threat North Korea poses against the United States is overhyped, he said.
"North Korea is not a bigger threat on the cyber front than Russia or China. They are also the least capable among our opponents Russia, China, Iran," Lewis said. "They also have the most to lose."
Kim Jong Un's shrewd approach to leadership also means he knows better than to challenge the United States in a way that could backfire against his grip on power.
"If you're Kim, you're basically a god-king. People worship you, you control the whole country, you have palaces, immense wealth," Lewis said. "Why would you put that at risk? A cyberattack against the U.S. homeland could put this whole thing at risk so I think he's very cautious."
But while North Koreans might think twice before using cyberattacks for political objectives, "they're on a spree when it comes to crime," the analyst said.
Raj Samani, chief scientist at network security firm McAfee, said attributing recent cyberattacks to North Korea should be approached with care.
"A number of our research investigations reveal technical indicators that point to this threat actor [North Korea]," Samani said in an email response to UPI. "However, it is important to note that technical indicators are by no means absolute in terms of evidence."
Samani also said McAfee has witnessed an increase in the volume of cyberattacks and new tactics targeting the banking sector and the Olympic Games.
The analyst did not specifically name North Korea as the culprit even as "targets are evolving with multiple actors focusing on cryptocurrencies, to provide a quicker return on investment than traditional tactics including ransomware."
That trend across all cyber breaches is on the rise in 2018, Samani said.
North Korea's attacks on computers began to raise concerns in 2009, when the regime conducted a distributed denial-of-service or DDoS attack against U.S. and South Korean public and private sites, according to Priscilla Moriuchi, director of strategic threat development at Recorded Future on Thursday.
Speaking at The Korea Society in New York, Moriuchi said North Korea's "intent to disrupt" South Korea spread to the United States, culminating in the "game changing" attack on Sony Pictures in 2014.
The breach demonstrated North Korea was "willing to attack a United States business and not only disrupt their operations but destroy information."
"They're willing to release information that destroys the reputation of people, individuals and that company broadly," Moriuchi said.
The analyst also said North Korea made an entry into the decentralized cryptocurrency market in 2017 that show a sophisticated mastery of transactions involving bitcoin.
Cryptocurrency is a "meaningful and valuable operation" for North Korea, Moriuchi said.
"Our calculations, just at the base level, the bitcoin we know North Korea has stolen at the very minimum 11,000 bitcoin, were worth around $15 million," she said, adding at peak in mid-December the coins would have been worth $220 million.
The analyst also said North Korea's recent turn to diplomacy and its plans for a summit between Kim and U.S. President Donald Trump are not correlated with a change in North Korea's cyber behavior.
The regime became more secretive after Moriuchi's firm did a study of North Korea leadership online browsing patterns in 2017.
Since then the North Koreans have chosen to "hide themselves more, and not opening themselves up," the analyst said.
But Lewis said North Korea's engagement with the United States, including the recent meetings with U.S. Secretary Mike Pompeo, are a sign the leadership has real problems and could be preparing to reform some of its ways.
Kim is struggling with maintaining a sustainable economy and has often had no choice but to let North Koreans make contact with the outside world, particularly with China.
"When people connect, they go and watch South Korean soap operas, listen to K-pop," Lewis said. "They see everyone else is living better than they are."
"Kim had a real political problem, he couldn't keep the borders anymore...A lot of what he is doing is looking ahead."
Trump and Kim are to meet on June 12 in Singapore.
