North Korea is now robbing banks, says US intelligence official

North KoreaComments made by a senior American intelligence official on Tuesday appeared to suggest that the North Korean government was behind an attempt to steal nearly $1 billion from a Bangladeshi bank last year. The heist took place in February of 2016, when a computer malware was used to issue several requests to transfer funds from Bangladesh Bank —the state-owned central bank of Bangladesh— using the SWIFT network. The hackers were able to transfer five separate sums of $101 million each to a linked Bangladesh Bank account at New York’s Federal Reserve Bank. However, when further requests were issued, Federal Reserve Bank employees contacted Bangladesh Bank and blocked further transactions. Eventually, most of the transferred funds, which neared $1 billion, were recovered; but the hackers managed to get away with approximately $81 million worth of funds.

Forensic investigators described the heist as technically advanced. The antivirus company Symantec said it identified a piece of code in the malware that is known to have been used by North Korean government hackers in the past. Not everyone agreed with the claim that Pyongyang was behind the bank heist. But those who did, said that it was unprecedented in scope and aggressiveness. Some even said that the heist showed that North Korea’s cyber capabilities were among the most sophisticated and powerful in the world.

Meanwhile the United States government did not comment on the matter. However, this past Tuesday the deputy director of the National Security Agency appeared to confirm reports that North Korea was behind the Bangladesh Bank heist. Rick Ledgett, a 30-year veteran of the NSA, who is due to retire in 2018, was speaking at a public event hosted by the Aspen Institute in Washington, DC. He reminded the audience that private researchers had connected the malware code used in the Bangladesh Bank heist with that used in previous hacking attempts launched by North Korea. “If that linkage […] is accurate”, said Ledgett, it “means that a nation state is robbing banks”. When asked by the moderator whether he believes that to be the case, Ledgett responded “I do. And that’s a big deal”. Foreign Policy magazine reached out to Ledgett following his talk and asked him for clarification about his comments regarding the Bangladesh Bank heist. But the NSA official simply said that “the public case [about the heist] was well-made”. Foreign Policy also contacted the NSA, but the agency said it preferred not to comment on the matter.

Author: Joseph Fitsanakis | Date: 23 March 2017 | Permalink

Advertisements

Malaysia assassination highlights North Korea’s network of front companies

North KoreaThe sensational assassination of Kim Jong-nam, half-brother of North Korea’s Supreme Leader Kim Jong-un, on February 13, revealed much about the current operational mindset of Pyongyang. But it also brought to light the shady network of front companies set up by the North Korean regime to facilitate the country’s illicit financial activities around the world. This extensive network permits Pyongyang to evade international sanctions against it, and to coordinate the activities of hundreds of clandestine operatives around the world. Through these activities, the reclusive country has been able to develop its weapons of mass destruction program unabated, despite concerted efforts by the United Nations to prevent it from doing so.

Writing for Forbes, Scott Snyder, senior fellow for Korea Studies and director of the program on US-Korea Policy at the Council on Foreign Relations, notes that the UN has for many years employed sanctions to “block international financial and material support for North Korean nuclear and missile development efforts”. But now the UN’s own experts have concluded that Pyongyang has been able to evade these sanctions so skillfully that it has “largely eviscerated the intent and impact of UN sanctions resolutions”. How has it done so? Mostly through a network of countries that routinely turn a blind eye to North Korea’s illicit activities. These include several countries in the Middle East, as well as Singapore, China, Indonesia, and Malaysia. Pyongyang maintains an extensive network of front companies in these countries, says Snyder, with the main purpose of enabling it to evade international sanctions against it.

Malaysia has been a primary hub of North Korean illicit activity. In that, Pyongyang has been crucially assisted by the fact that —until last week— North Korean citizens could travel to Malaysia without entry visas. Malaysia thus provides a useful base for dozens of North Korean front companies, such as Glocom, which ostensibly markets radio communications equipment, or Pan Systems Pyongyang, which just happens to trade in exactly the kind of commercial items that could be described as “dual-use goods” in UN sanctions resolutions. Pan Systems is connected to several Malaysian-based subsidiaries, including International Global Systems and International Golden Services, which, according to investigators, are operated by North Korean intelligence.

Many of these companies also serve as exporting and importing hubs for Pyongyang. In the last five years, several ships have been intercepted while carrying illicit cargo dispatched from North Korea or destined for the reclusive state. In one such instance in 2013, the Jie Shun, a Cambodian-registered ship with a North Korean crew, was found to be carrying over 30,000 rocket propelled grenades hidden under thousands of tons of iron ore. The shipment was intended for an “undisclosed Middle Eastern destination”, says Snyder and was traced to a firm called “Dalian Haoda Petroleum Chemical Company Ltd.”. Many of these mysterious firms are headquartered in China, registered in Hong Kong, but actually work on behalf of North Korea, often using banking facilities in Europe and the United States to conduct financial transactions.

Author: Joseph Fitsanakis | Date: 07 March 2017 | Permalink

Indonesia to investigate North Korean restaurant reportedly used as spy base

Pyongyang Restaurant in Jakarta, IndonesiaIndonesian authorities said on Sunday that they will investigate a North Korean restaurant in the country, after a Singaporean news agency claimed it was being used as a center for espionage. The announcement comes amidst heightened tensions between North Korean and its neighbors, following the murder last week in Malaysia of Kim Jong-nam, half-brother of North Korea’s Supreme Leader Kim Jong-il. Kim, the grandson of North Korea’s founder Kim Il-Sung, died after two women approached him at the Kuala Lumpur International Airport and splashed his face with liquid poison. Sources in South Korea and the United States have pointed at Pyongyang as the culprit of the assassination.

On Friday of last week, the Singapore-based news agency Asia One published a lengthy report into alleged North Korean espionage operations in Southeast Asia. The report claimed that North Korean intelligence agencies have operated extensive networks of operatives in Indonesia, Malaysia and Singapore, and that these networks have operated unimpeded for over two decades. The news agency cited an unnamed “intelligence source” as saying that the spy networks are operated by North Korea’s Reconnaissance General Bureau (RGB). The RGB is in charge of special activities abroad, which include covert operations and intelligence collection involving espionage. It operates under the Ministry of State Security and answers directly to North Korea’s supreme leader.

According to Asia One, the RGB maintains some of its largest spy networks abroad in Indonesia, Singapore and Malaysia, where Kim Jong-nam met a gruesome death last week. RGB personnel operating in these countries are North Korean citizens who are employed in the construction sector, as well as the tourism industry. Some operate North Korean restaurants, which are popular tourist attractions across Southeast Asia. The unnamed intelligence source told Asia One that North Korean restaurants serve “as a main front to conduct intelligence gathering and surveillance [against] Japanese and South Korean politicians, diplomats, top corporate figures and businessmen”. The RGB’s network in Indonesia is based in textile factories located in several Indonesian cities, said Asia One. There is also “an apartment located above a North Korean restaurant in [the Indonesian capital] Jakarta that is part of the RGB Indonesia office”, according to the report.

Following the news agency’s allegations, Argo Yuwono, senior commander for the Indonesian National Police, said that an investigation would take place into Asia One’s allegations. He said that his detectives would coordinate their activities with the Indonesian Foreign Ministry before moving ahead with the probe.

Author: Joseph Fitsanakis | Date: 21 February 2017 | Permalink

Two women arrested for assassinating North Korean leader’s half-brother

Kim Jong-namTwo women have been arrested in the past 48 hours in connection with the assassination of Kim Jong-nam, half-brother of North Korea’s supreme leader, who died in Malaysia on Monday. Kim, the grandson of North Korea’s founder Kim Il-Sung, died after two women approached him at the Kuala Lumpur International Airport and splashed his face with liquid poison. Some reports suggest that he was injected with a poisoned needle. According to Malaysian media, Kim was about to board a flight to Macau, where he had been living in self-exile since 2007. His relations with his brother, North Korean Supreme Leader Kim Jong-un, and the regime in Pyongyang, were adversarial, and some suggest that he had survived at least one assassination attempt in the past.

On Wednesday, Malaysian authorities announced the arrest of a woman carrying a Vietnamese travel document, which identified her as Doan Thi Huong (also reported as Doan Thin Hoang). No elaboration was offered on whether the travel document is genuine or forged. The 28-year-old woman is believed to have been arrested at the same airport where Kim’s assassination took place. Apparently she returned there by herself on Wednesday to catch an outbound flight to Vietnam, but was recognized by security personnel through the airport’s closed-circuit television monitoring system. Another woman, carrying an Indonesian passport, was arrested on Thursday in connection with the assassination, but no information was released about her. Some reports in the Malaysian media suggested that the second woman had been observed wandering around the Kuala Lumpur International Airport immediately following Kim’s assassination. It is believed that her co-conspirators inadvertently left her behind as they escaped the scene of the crime. Malaysian police said they also arrested a taxi driver who transported the women to the airport on the morning of the assassination. Four males, who are also believed to have helped organize the attack, remain at large.

Meanwhile South Korean and American government sources told news agencies that the assassins are thought to be agents of the North Korean government. Malaysian media said that senior North Korean diplomats were dispatched to Kuala Lumpur on Wednesday and held lengthy meetings with Malaysian government officials. Reports suggest that Pyongyang exercised pressure on Malaysian officials to cancel a planned post mortem examination of Kim’s body. But the request was allegedly denied. Malaysian officials did not respond to queries about whether Kim’s body will be handed to North Korea or flown to China for burial.

Author: Joseph Fitsanakis | Date: 16 February 2017 | Permalink

North Korean leader’s half-brother killed by female assassins in Malaysia

DPRK assassinThe half-brother of North Korean Supreme Leader Kim Jong-un has been killed in an audacious attack in Malaysia, reportedly by two female assassins who used a poisonous substance to murder him. Kim Jong-nam, was the eldest son of Kim Jong-il, and grandson of Kim Il-Sung, who founded the Democratic People’s Republic of Korea in 1948. However, he left the country in 2007, reportedly after it became clear that his younger half-brother, Kim Jong-un, was the regime’s preferred successor to his father, Kim Jong-il.

Since that time, it is believed that the self-exiled Kim split his time between Singapore and China, and that he had a residence in the former Portuguese colony of Macau. It is also believed that he employed a variety of passports, including South Korean, Portuguese and Swiss, some of which were reputed to be forgeries. Even though Kim kept a relatively low profile in the past decade, relations between him and the North Korean regime were adversarial. He made occasional comments to the press that were critical of the government in Pyongyang, and at times criticized his half-brother’s character and actions. Intelligence sources in South Korea claimed that the DPRK tried to kill him at least once in the past.

It appears that Pyongyang may have finally managed to kill Kim on Monday morning, at the Kuala Lumpur International Airport, Malaysia’s main international flight hub and one of Southeast Asia’s largest. The attack is believed to have taken place at 9:00 a.m. at the airport’s economy class terminal, where Kim was waiting to board a 10:00 a.m. flight to Macau. According to Malaysian news media, Kim was approached by two women, one of whom attacked him from behind. The female suspect reportedly covered Kim’s face with a “cloth laced with a poisonous liquid” that burned his eyes. A frantic Kim managed to run away and alert an airport employee, who called an ambulance. According to police, the victim told paramedics that someone had grabbed him from behind and “splashed a burning liquid on his face”. Some reports claimed that Kim was attacked with a poisonous needle or acid spray. According to Malaysian police spokesman Fadzil Ahmat, the grandson of North Korea’s founder expired on the way to a nearby hospital.

It was later confirmed that, at the time of his death, Kim was using a North Korean passport issued under the name “Kim Chol” and giving his date of birth as June 10, 1970. However, the travel document is believed to have been forged. Malaysian authorities said on Tuesday they had been unable to identify the suspects, but that an investigation was ongoing. Early on Wednesday, Malaysian authorities released CCTV footage of one of the suspects (pictured). Meanwhile, Kim’s body has been subjected to an autopsy, but the results remain unavailable. South Korean authorities told the Reuters news agency that Kim had been killed by assassins working for the North Korean government.

Author: Joseph Fitsanakis | Date: 15 February 2017 | Permalink

Observers speak of uncertainty as North Korean leader fires spy chief

kim jong unObservers of North Korean politics raised alarm bells over the weekend, as it emerged that Supreme Leader Kim Jong-un fired his spy chief, interfering for the first time with a state institution that had not until now experienced major purges. The news circulated on Friday, following a report by South Korea’s Ministry of Unification —Seoul’s government department responsible for promoting the reunification of Korea. The ministry said that, according to its sources in the North, General Kim Won-hong had been dismissed from his post as Minister for State Security.

Kim is believed to have joined the Korean People’s Army (KPA) in 1962, at age 17. He rose through the ranks of the military to become a commander and a commissar (political officer) with the KPA’s General Political Bureau. In 1998, Kim was elected to North Korea’s Supreme People’s Assembly, which functions as the country’s parliament. In 2003, the North Korean leadership appointed Kim to director of the Military Security Command —the North Korean Army’s intelligence directorate. By 2009, Kim had been made a General and had entered the personal circle of Kim Jong-un. In 2011, when Kim Jong-un became supreme leader of North Korea, General Kim was widely viewed as one of his most trusted advisors. Few were surprised, therefore, when Kim was made State Security Minister, in April 2012. From that position, General Kim oversaw the activities of the regime’s secret state police, North Korea’s most powerful security institution, which is answerable only to the country’s supreme leader.

But it now appears that General Kim was dismissed from his powerful post two weeks into 2017, allegedly on charges of corruption and abuse of state power. Some reports suggest that his dismissal may be related to the defection of Thae Yong-ho, a senior North Korean diplomat who defected with his family while serving in the country’s embassy in London last year. It is also believed that Kim was demoted from a four-star to a one-star general.

Since he assumed power in the country in late 2011, Kim Jong-un has purged several layers of elite government apparatchiks. But he has not interfered in the country’s intelligence and security agencies. Thus, if General Kim was indeed dismissed, it would mark the first major demotion of a senior official in the Ministry of State Security in over six years. Some observers suggest that Kim’s demotion may mark the beginning of a major round of purges in the country’s security and intelligence services. But others think that that Kim was demoted by the country’s supreme leader in a pre-emptive action aimed at preventing a possible military coup against him.

Author: Joseph Fitsanakis | Date: 06 February 2017 | Permalink

North Koreans are studying nuclear physics in Japan, say human rights activists

ChongryonStudents who have pledged allegiance to North Korea are being taught advanced courses in nuclear physics and control engineering in Japan, which violates United Nations sanctions, according to human rights campaigners. The students take classes at Korea University, a higher-education institution located in in Kodaira, a western suburb of the Japanese capital Tokyo. The University is funded directly by the government of North Korea through Chongryon, a pro-Pyongyang organization otherwise known as the General Association of Korean Residents in Japan. The group represents tens of thousands of ethnic Koreans living in Japan, who are ideologically affiliated with Pyongyang.

But an organization called Human Rights in Asia has accused the Korea University of offering advanced technical courses on subjects related to nuclear engineering. According to the organization, the courses directly violate UN sanctions aimed at preventing North Korea from further-developing its nuclear weapons program. Human Rights in Asia is a partner with Human Rights Watch, Amnesty International, Freedom House, and others, in a worldwide campaign calling itself the International Coalition to Stop Crimes Against Humanity in North Korea. The Japanese director of Human Rights in Asia, Ken Kato, claims that the Korea University curriculum directly violates the UN sanctions imposed on Pyongyang. His organization recently submitted a petition about the topic to the UN Security Council Committee pursuant to resolution 1718. The Committee was set up in 2006 to monitor sanctions placed on North Korea, after the country announced that it possessed nuclear weapons. The petition claims that the Korea University’s curriculum violates several paragraphs of the UN sanctions resolution, which forbid the provision of specialized teaching and training on subjects relating to nuclear science. The petition also accuses the Korea University of operating as “a center for North Korea’s espionage activities in Japan”.

In February of this year, authorities in South Korea arrested an associate professor of Korea University in Japan on espionage charges. Pak Chae Hun, 49, a citizen of Japan, allegedly operated as an intelligence handler for North Korean sleeper agents operating in South Korea, Japan and China. South Korean counterintelligence officials said they intercepted encrypted email messages sent to Pak from Japan. The messages allegedly contained instructions from Office 225 of the North Korean Workers’ Party Korea, which is tasked with overseeing the activities of sleeper agents operating in South Korea. Pak is also accused of having provided North Korean agents with telephone devices and ATM cards, which they used to withdraw cash from banks in South Asia.

Author: Joseph Fitsanakis | Date: 23 December 2016 | Permalink