North Korea remains a mystery to most of the Western world. The isolated Asian country is usually surrounded by headlines relating to nuclear weapons, sanctions, or failed beer festivals. But the country’s elite are undoubtedly web-savvy and seemingly know a thing or two about cryptocurrencies.
Between 2013 and 2015, North Korean hackers reportedly stole 100 million Korean won from its southern neighbor every month. These attacks were meant to boost North Korea’s hard currency which was struggling due to persistent sanctions levied against Kim Jong Un’s regime. “Since tracking down the culprits is very difficult, North Korea had jumped on the bandwagon of bitcoin extortion since around 2012,” explained Choi Sang-myong, a senior official at South Korea’s cybersecurity firm Hauri Inc.
In 2016, North Korea made cybersecurity news again with an $81-million heist from the Bangladesh central bank. The attack was said to be carried out by the notorious Lazarus Group. A group which the FBI labeled as “state-sponsored.” While the jaw-dropping heist did not involve Bitcoin directly, there is some speculation that some of the money quickly entered the cryptocurrency marketplace. While there is still no conclusive evidence suggesting that North Korea was the culprit, the country has been associated with many other examples in recent years, notably the Sony Pictures hack and the more recent WannaCry ransomware attack.
Read Crypto Insider’s full story on WannaCry here
The unprecedented attack infected over 200,000 computers across 150 countries, impacting even larger organizations such as Britain’s National Health Service, Spain’s Telefónica, and FedEx. The attack used EternalBlue, an exploit of Windows’ Server Message Block protocol. This garnered a lot of attention as it was a known vulnerability previously used by the US’ National Security Agency (NSA).
Infected users had their files encrypted, forcing them to pay a $300 ransom in Bitcoin. There were three hardcoded wallet addresses used to receive the payments, and like all bitcoin addresses, they are tied to publically viewable accounts. This led to the @actual_ransom Twitter bot which followed all transactions live. The last payment was made on July 24th, bringing the current total of payments to 52.19666 BTC (~US$149,545) While the owners’ identities remain unknown, there is much speculation that the attack was tied to Lazarus Group. Symantec has identified code in WannaCry which was linked to the groups’ previously used Backdoor.Contopee malware, in addition to several others. The NSA has also reportedly made connections between the attack and Lazarus Group.
Jake Williams, the founder of Rendition Infosec, a cybersecurity firm, noted “this is a case where you’ve got a weaponized, government-sponsored exploit [or hacking tool] being used to deliver ransomware. If North Korea goes unchecked with this, I would expect other developing nations to follow suit. I think that would change the cyberthreat landscape quite a bit.”
Potcoin and The Worm
Enter Dennis Rodman, everyone’s favorite eccentric cross-dressing basketball star-turned-unofficial-North Korean ambassador. In 2013, the former Chicago Bulls superstar took his first “diplomatic” venture to the Hermit Kingdom with Vice. The foray was mostly seen as lighthearted and humorous, as “Ambassador” Rodman and Kim Jong-Un shared laughs over a basketball game. Rodman noted that his goal was to build relations between North Korea and the West.
As tensions with the West escalated, however, this year’s trip was a bit more controversial. To make matters more interesting, the event was sponsored by the cannabis industry’s very own cryptocurrency, Potcoin. A spokesman for the coin released a statement: “we believe in Dennis Rodman’s mission to bring peace to the world.”
Following the news that Rodman’s North Korean excursion was to be sponsored by Potcoin, the currency shot up nearly 100% in value, dropping by 23% the next day.
As Rodman tries to ease tensions with North Korea, however, Kim Jong-Un’s regime has shown no sign of slowing down in their aggressive push in cyber-activity.
According to Recorded Future, a threat intelligence company, North Korea began utilizing a large-scale bitcoin mining operation which saw its activity spike drastically on May 17th. “It is not clear who is running the North Korean bitcoin mining operations; however, given the relatively small number of computers in North Korea coupled with the limited IP space, it is not likely this computationally intensive activity is occurring outside of state control,” the report noted.
The North Korean government, weighed down by economic sanctions and trade embargos, is clearly desperate for funds. How its mysterious foray into cyberspace will play out remains to be seen.
Featured image edited from Wikimedia commons