North Korea’s senior leadership has been exploiting loopholes in international sanctions to obtain the U.S. technology that Pyongyang uses to conduct “destructive cyber operations,” according to a global cyberthreat intelligence company.
Recorded Future, based in Massachusetts, found that while export bans and restrictions are somewhat effective in keeping North Korea from acquiring technology for its nuclear weapons program, sanctions fail when it comes to regulating computer products from entering into North Korea.
“Because of the globalized nature of technology production and distribution, the traditional export control is not really working for [computer] technology,” said Priscilla Moriuchi, one of the authors of “North Korea Relies on U.S. Technology for Internet Operations.” “It may work quite well for ballistic missile parts or fissile material, but the system is not designed to limit technology transfer, and it’s not optimized for that.”
In the report, Moriuchi and her co-author, Fred Wolens, call for a “globally robust unified effort to impose comprehensive sanctions” on North Korea, warning that without this Pyongyang “will be able to continue its cyberwarfare operations unabated with the aid of Western technology.”
The report was released days before North Korean leader Kim Jung Un and U.S. President Donald Trump are scheduled to meet in Singapore for a summit focused on ending the North’s nuclear weapons program in exchange for economic incentives and security guarantees.
But some consider North Korea’s cyberthreat capabilities as damaging as the threat of its nuclear weapons, Morgan Wright, a former a senior adviser in the U.S. State Department Antiterrorism Assistance Program, wrote in The Hill.
Even as advance teams prepared for the June 12 summit, North Korean cyberattacks continued, Moriuchi told Cyberscoop. On May 28, it reported the Department of Homeland Security and the FBI released a joint alert about Hidden Cobra, which is associated with North Korea’s hacking activities.
FireEye, a Silicon Valley cybersecurity company, detected cyberattacks by Lazarus, the North Korean hacking effort responsible for stealing millions of dollars from the Bangladesh Central Bank in 2016. Lazarus is also believed responsible for the 2014 Sony Picture’s hack and last year’s WannaCry ransomware attack.
Defining ‘luxury goods’
How did U.S. technology reach North Korea? Part of the answer lies in “international inconsistencies in the definition of the term ‘luxury goods,’” according to the Recorded Future report. The U.S. “effort to restrict technology exports at the national and international level” has not reaped results because of “varied definitions by nations and [their] inconsistent implementations,” said Moriuchi, a former East Asia analyst for the National Security Agency.
While the United Nations did not include electronics in Resolution 2321, which covered exports to North Korea, when it was issued in 2016, each member nation was allowed to interpret luxury goods. The U.S. has defined luxury goods to include laptop computers, digital music players, large flat-screen televisions and electronic entertainment software. China, in particular, does not “honor the luxury goods listed by other countries when it exports to” North Korea, according to the report.
US exports OK
Another factor is that for seven years in the period spanning 2002 to 2017, “the United States allowed the exportation of ‘computer and electronic products’ to North Korea,” according to the report. The total for those seven years was more than $430,000 of legal exports, and according to Recorded Future, “at its peak in 2014, the U.S. exported $215,862 worth of computers and electronic products to North Korea.”
The Recorded Future report, citing the U.S. Department of Commerce (DOC), said that category includes “computers, computer peripherals (including items like printers, monitors and storage devices), communications equipment (such as wired and wireless telephones), and similar components for these products.”
Much of that equipment remains in use, according to Recorded Future, and North Korea’s ruling elites, including party, military, and intelligence leaders and their families, have long been known to use products manufactured by U.S. companies such as Apple, Microsoft and IBM to access the internet.
A third element in how the U.S. tech went astray is what the report called North Korea’s “sophisticated sanctions evasion operation, which uses intermediaries and spoofs identities online.”
As an example, the study points to North Korea’s shell company Glocom with which Pyongyang “used a network of Asian-based front companies to buy computer components from electronic resellers, and the payment was even cleared through a U.S. bank account.” The United Nations found that Glocom w
See all stories on this topic