North Korean leader Kim Jong Un’s recent moves towards peace, reconciliation, and denuclearization on the Korean Peninsula have done more than just grab headlines. While the world frets over whether the Trump Administration is up to the task of negotiating with the notoriously fickle Koreans and exactly what Kim means when he says “denuclearization,” the Democratic People’s Republic’s bold diplomatic moves have notably knocked the threats posed by its cyber capabilities off the front pages.
But the North Korean cyber crimes have continued even as Kim tries to rehabilitate his image on the world stage.
Not too long ago, the world considered cyberattacks to be the biggest threat coming from the North. Right before the sudden change in behavior that coincided with the Pyeongchang Winter Olympics, cybersecurity experts were sounding the alarm. Many still are, but their warnings don’t get the coverage they deserve.
Talking peace, but growing bolder in cyberspace
In December, the U.S. government formally asserted that North Korea is responsible for the WannaCry virus that crippled Britain’s National Health Service in 2017, and most recently caused a brief panic at Boeing’s commercial aircraft manufacturing facility in North Charleston, S.C.
In February, cyber intelligence firm FireEye identified a new DPRK government-sponsored hacking unit, which it called Reaper. FireEye reported that “the group’s operations are expanding in scope and sophistication, with a toolset that includes access to zero-day vulnerabilities and wiper malware.” Reaper had been attacking South Korea’s military-industrial complex for years, and recently expanded its target list to include academics, human rights activists, trade organizations, and a Middle Eastern telecommunications firm whose dealings with a North Korean company had gone bad.
North Korea’s most well known cyberattack was its 2014 hacking of servers at Sony Pictures Entertainment, in retaliation for the planned release of the comedy The Interview, which featured an assassination of Kim Jong-un. Recently, cybersecurity firm McAfee identified what it called a “global data reconnaissance campaign” which it labeled Operation GhostSecret. Using a malware tool that closely resembled the “Destover” tool used in the Sony hack, GhostSecret targeted “critical infrastructure, entertainment, finance, health care, and telecommunications.” In one notable case in March, it targeted Turkish organizations, both government and private, in the trade and financial sectors.
CyberSecurity needs to be on the Agenda
It seems as though a Trump-Kim summit is going to happen. Trump told reporters Friday that “We now have a date and we have a location,” for the meeting, but stopped short of revealing anything more detailed. The latest rumors say the two leaders will meet in Singapore this June. The main topic is, naturally, denuclearization. Kim’s cyber offensive needs to be part of any discussion.
The dozen-or-so nuclear weapons in the DPRK arsenal, which they may or may not be capable of mounting on the Hwasong-15 intercontinental ballistic missile, are obviously a serious threat to world peace. But in many respects, the world is more prepared to defend against them than against the cyber attacks that have become a regular part of Kim’s operations.
For that reason, the U.S. must demand that curtailing of North Korea’s offensive cyber operations be on the table in any discussion over the future of relations between the two countries. Observers have rightfully been concerned with how the North Korean negotiators will try to move the goalposts. Already, the government has said “The U.S. is deliberately provoking the DPRK at the time when the situation on the Korean Peninsula is moving toward peace and reconciliation,” despite Kim’ supposed pledge not to complain about previously scheduled military exercises.
It’s time to add additional demands of our own, starting with these dangerous cyber attacks.