WASHINGTON (NYTIMES) - North Korea has vastly expanded its use of the Internet in ways that enable its leader, Kim Jong Un, to evade a "maximum pressure" US sanctions campaign and turn to new forms of cybercrime to prop up his government, according to a new study.
The study concludes that since 2017 - the year President Donald Trump threatened "fire and fury like the world has never seen" against the country - the North's use of the Internet has surged about 300 per cent.
Nearly half that traffic now flows through a new connection in Russia, avoiding the North's longtime dependency on a single digital pipeline through China.
The surge has a clear purpose, according to the report released Sunday (Feb 9) by Recorded Future, a Cambridge, Massachusetts, group known for its deep examinations of how nations use digital weaponry: circumventing financial pressure and sanctions by the West.
Over the past three years, the study concluded, North Korea has improved its ability to both steal and "mine" cryptocurrencies, hide its footprints in gaining technology for its nuclear programme and cyberoperations, and use the Internet for day-to-day control of its government.
"What this tells you is that our entire concept of how to control the North's financial engagement with the world is based on an image of the North that is fixed in the past," said Priscilla Moriuchi, a former National Security Agency analyst who directed the study and has long focused on North Korea and Iran.
"They have succeeded at an easy-to-replicate model of how to move large amounts of money around the world, and do it in a way our sanctions do not touch." "Our sanctions system needs a radical update," she concluded.
The report helps solve the mystery of why the country's economy appears to have survived, and in some sectors actually grown, as the United States and its allies have talked about their success in choking off oil supplies and cracking down on North Korea's skilful production of counterfeit US currency.
It also further complicates the Trump administration's paralysis in dealing with the North. Sanctions have remained in place, though Trump does not like to talk about them, even as his personal diplomacy with Kim sputters.
An expected resumption of intercontinental ballistic missile tests, which North Korea appeared to threaten at the end of 2019, has not materialised. But even if the situation remains in a quiet stalemate, the report suggests that Kim is poised to take advantage: Just as he is continuing to invest in his nuclear programme, he is also pouring resources into a cyberprogramme that is both a potent weapon and a revenue generator.
Moreover, the report, titled "How North Korea Revolutionised the Internet as a Tool for Rogue Regimes," concludes that other nations are watching the North Korean model, and beginning to replicate it.
"Iran has begun to pursue cryptocurrencies as a method for facilitating international payments and circumventing US financial controls," it notes.
Moriuchi, who left the National Security Agency in 2017, began tracking the Internet use of the North Korean elite 2 1/2 years ago, a period that encompassed Trump's confrontational approach to the North, the country's missile launches and then the stalled diplomacy that has followed the president's three meetings with Kim.
In 2017, Moriuchi could easily see the content of the North Korean elite's searches, most of which appeared to be for leisure: While ordinary North Koreans have access only to a restricted, in-country version of the Internet, the country's leaders and their families downloaded movies, shopped and browsed the web on nights and weekends.
But that has changed. Internet use has surged during office hours, suggesting the leadership is now using its internal networks the same way the West does: conducting daily government and private business. Now the country has developed its own version of a "virtual private network," a technique to tunnel through the Internet securely that has long been used by Western businesses to secure their transactions.
Meanwhile, the country's efforts to encrypt data and hide its activities on the web have become far more sophisticated. And through a network of students, many in China and India, the North has learned how to exploit data that could improve its nuclear and missile programs.
The largely home-built effort to hide traffic, the report concluded, was being used to steal "data from the networks of unsuspecting targets, or as a means of circumventing government-imposed content controls." Such methods have long been used by Chinese and Russian hackers, often working for intelligence agencies.
The North has managed to surprise the world before with its digital savvy: In November 2014, its devastating cyberattack on Sony Pictures Entertainment in an effort to kill "The Interview," a comedy about two bumbling journalists sent by the CIA to kill Kim, exposed US digital vulnerabilities. That was followed by a bold effort to steal nearly US$1 billion from the Bangladesh central bank through the international financial settlement system called SWIFT. Other central bank attacks followed.
North Korea's most famous cyberattack, using code called WannaCry, disabled the British health care system for days and created havoc elsewhere. It was based on vulnerabilities that had been stolen from the National Security Agency, and published by a group that called itself the Shadow Brokers. US officials have never publicly acknowledged their inadvertent role in fuelling the attacks.
But the report suggests the North has now moved on. It has figured out more effective ways to steal cryptocurrencies. And it has begun to produce, or "mine," its own, chiefly through Monero, a lesser-known alternative cryptocurrency to Bitcoin that advertises that it "obfuscates sending and receiving addresses as well as transacted amounts." In short, it is perfect for any nation - and its financial partners - seeking to avoid United Nations and US sanctions.