North Korean state now uses cyber attacks to steal cash, says report

North KoreaNorth Korea’s intelligence establishment has shifted its attention from spying for political gain to spying for commercial advantage –primarily to secure funds for the cash-strapped country, according to a new report. Since the 1990s, the Democratic People’s Republic of Korea (DPRK) has used computer hacking in order to steal political and military secrets from its rivals. But there is increasing evidence that Pyongyang is now deploying armies of computer hackers in order to steal cash from foreign financial institutions and internet-based firms. This is the conclusion of a new report by the Financial Security Institute of South Korea, an agency that was set up by Seoul to safeguard the stability of the country’s financial sector.

The report, published last week, analyzed patterns of cyber attacks against South Korean state-owned and private financial institutions that took place between 2015 and 2017. It identified two separate computer hacking groups, which it named Lazarus and Andariel. According to the report, both groups’ activities, which are complementary, appear to be directed by the government of North Korea. An analysis of the groups’ targets suggests that Pyongyang has been directing its computer spies to find ways to secure hard currency for use by the government. Foreign currency has been increasingly hard to come by in North Korea in recent years, due to a host of international sanctions that were imposed on the country as a form of pressure against its nuclear weapons program.

Several cyber security experts and firms have claimed in recent months that North Korea has been behind recent cyber attacks against international banking institutions. The DPRK has also been blamed for a 2014 attack against the Hollywood studios of the Japanese multinational conglomerate Sony. Regular readers of intelNews will recall our story in March of this year about comments made on the subject of North Korea by Rick Ledgett, a 30-year veteran of the United States National Security Agency. Speaking at a public event hosted by the Aspen Institute in Washington, Ledgett expressed certainty that the government of North Korea was behind an attempt to steal nearly $1 billion from Bangladesh Bank —the state-owned central bank of Bangladesh—in 2016. Eventually the bank recovered most of the money, which were made through transactions using the SWIFT network. But the hackers managed to get away with approximately $81 million.

More recently, cyber security experts have claimed that the government of North Korea has been behind attempts to hack into automated teller machines, as well as behind efforts to steal cash from online gambling sites. In April of this year, the Russian-based cyber security firm Kaspersky Lab identified a third North Korean hacker group, which it named Bluenoroff. The Russian experts said Bluenoroff directed the majority of its attacks against foreign financial firms. There are rumors that Pyongyang was behind the wave of WannaCry ransomware attacks that infected hundreds of thousands of computers in over 150 countries in May. But no concrete evidence of North Korean complicity in the attacks has been presented.

Author: Joseph Fitsanakis | Date: 31 July 2017 | Permalink

Advertisements

North Korea secretly imports Russian oil through Singapore, says defector

Ri Jong-hoThe government of North Korea uses intermediary firms in Singapore to import thousands of tons of Russian oil each year, according to a senior North Korean defector who has spoken publicly for the first time since his defection. Ri Jong-ho was a senior official in the Democratic People’s Republic of Korea under its previous leader, the late Kim Jong-il. He rose through the ranks of the Workers’ Party of Korea and was directly mentored by Kim, who personally appointed him to a post in Bureau 39. The powerful body is in charge of securing much-needed foreign currency for Pyongyang —often through illegal activities— and partly funds the personal accounts of the ruling Kim dynasty.

From the mid-1990s until his 2014 defection, Ri spent nearly three decades in senior positions inside the DPRK. These included the chairmanship of the board of the Korea Kumgang Group, a state-managed firm that oversees large-scale economic activity in North Korea, such as constructing energy networks and commissioning oil and natural-gas exploration. Between 1998 and 2004, Ri lived in the Chinese city of Dalian, where he headed the local branch of the Korea Daesong Trading Corporation. The Pyongyang-based company facilitates North Korea’s exports to China in exchange for Chinese goods and products.

But Ri’s mentor, Kim Jong-il, died in 2011. His son and successor, Kim Jong-un, engaged in a brutal campaign to remove his father’s advisers and replace them with his own people. During that time, said Ri, thousands of senior and mid-level officials were purged, some physically. Frightened and disillusioned, Ri defected with his family to South Korea in October 2014; fifteen months later, in March 2016, he arrived in the United States. On Tuesday, the Voice of America published Ri’s first public interview since his defection.

Among other things, the former Bureau 39 official said that the North Korean regime sustains itself with the help of oil it imports from nearby countries. One of the regime’s main sources of energy is Russia, which supplies Pyongyang with between 200,000 and 300,000 tons of oil every year. But the trade does not occur directly, said Ri. Moscow sells the oil to energy-trading companies in Singapore. These mediators then sell the oil to the DPRK through separately agreed contracts, so that Russia does not appear to be providing Pyongyang with desperately needed oil. The so-called “Singapore line” was established by North Korea in the 1990s, said Ri, and appears to still be active. In addition to Russian oil, the DPRK imports approximately 500,000 tons of oil per year from China, through pipelines, according to Ri.

Author: Joseph Fitsanakis | Date: 29 June 2017 | Permalink

Did North Korean leader’s brother meet with a US spy before he was assassinated?

Kim Jong-nam murderThe exiled half-brother of North Korea’s leader, who was assassinated in Malaysia in February, is thought to have met with a man believed to be an American intelligence officer shortly before he was killed, according to reports. Kim Jong-nam the grandson of North Korea’s founder Kim Il-Sung, died after two women approached him at the Kuala Lumpur International Airport and splashed his face with liquid poison on February 13 of this year. Kim was about to board a flight to Macau, where he had been living in self-exile with his family since 2007. His relations with his brother, North Korean Supreme Leader Kim Jong-un, and the regime in Pyongyang, were adversarial, and some suggest that he had survived at least one assassination attempt in the past.

According to Malaysian investigators, who have been probing Kim’s murder, the estranged half-brother of the North Korean dictator arrived in Kuala Lumpur from Macau on February 6, a week before he was killed there. Two days later, on February 8, he traveled to Langkawi, a resort island in the Andaman Sea, located 20 miles from Malaysia’s mainland coast, near the Thai border. According to the Japanese newspaper Asahi Shimbun, a day after his arrival at Langkawi, Kim met with a man believed by Malaysian authorities to be in the employment of American intelligence. The man, who has not been named, is reportedly middle-aged, Korean-American with United States citizenship, and lives in Bangkok. The Osaka-based paper said that Malaysian police have accessed footage from the Langkawi hotel’s security cameras, which show Kim and the American man enter a hotel suite and staying there for nearly two hours before departing.

The newspaper further claims that Malaysian counterintelligence has been tracking the American man each time he has entered Malaysia from Thailand for quite some time, believing him to be a case officer. It is also thought that Kim had met the same man in Malaysia “several times in the past”, said Asahi Shimbun. The paper further states that Malaysian investigators believe the meeting between Kim and the American man was the reason behind North Korea’s decision to kill him. The American man reportedly left Malaysia on February 13, the same day Kim was assassinated in Kuala Lumpur.

Author: Joseph Fitsanakis | Date: 26 May 2017 | Permalink

North Korea accuses US of murder plot as CIA opens new DPRK mission center

North KoreaThe United States Central Intelligence Agency has announced the establishment of a new center focusing on North Korea, shortly after Pyongyang accused Washington of plotting to assassinate its supreme leader. Last week, the regime’s Vice Minister of Foreign Affairs, Han Song Ryol, said the CIA tried to kill North Korean Supreme Leader Kim Jong-un. He was speaking during a meeting with foreign diplomats in the North Korean capital, where he repeated previously stated claims by government officials that American spies had tried to assassinate their country’s leader. According to Pyongyang, the plot involved an attack by a North Korean CIA agent, who had been trained in the use of a biochemical weapon by his handlers. The North Koreans also accuse South Korea of collaborating with the alleged CIA assassination plot, claiming that Seoul either bribed or blackmailed the would-be assassin.

Meanwhile, the CIA announced last week that it has established a dedicated center focusing on developments in the Korean peninsula. The purpose of the center, said the CIA, is to “address […] the nuclear and ballistic missile threat posed by North Korea”. There are only 11 such centers in the CIA, which the Agency calls “Mission Centers”. They focus on specific issues or locations around the world, in accordance with the geopolitical priorities of the US policymaker community, led by the White House. The establishment of a dedicated Korean Mission Center is designed to reflect the elevation of the North Korean government’s missile program to a critical foreign-policy issue by the administration of US President Donald Trump.

The new Mission Center will be located at the CIA headquarters in Langley, Virginia, and will bring together several intelligence analysts and even operations officers from a variety of directorates and units across the Agency. The goal of the new Center, according to the CIA, is to “integrate [these individuals] in one entity” in order to produce regular situation reports and analytical forecasts from the troubled region. Speaking to reporters late last week, CIA spokeswoman Heather Fritz Horniak said that the new Mission Center would allow Langley to “harness the full resources, capabilities and authorities of the Agency” in dealing with Pyongyang. But she refused to comment on North Korea’s allegations that the CIA tried to assassinate the communist state’s leader.

Author: Ian Allen | Date: 17 May 2017 | Permalink

CIA director makes unannounced visit to South Korea to discuss tensions

Korean DMZThe director of the United States Central Intelligence Agency made an unannounced visit to South Korea over the weekend, to discuss the rising tensions in the Korean Peninsula with his South Korean counterpart and other senior officials. A spokesperson from the US embassy in Seoul made an official announcement on Monday, in which he revealed the visit by Mike Pompeo, the CIA director who was appointed by US President Donald Trump in January of this year. When asked for details, however, the spokesperson refused to provide them. Consequently, Pompeo’s date of arrival to Seoul remains unknown, as is his date of departure. It is believed that he is now back in the US.

During his visit to the South Korean capital, Pompeo met with South Korean counterpart, Lee Byung-ho, who heads South Korea’s National Intelligence Service. South Korean media reports said Pompeo also met with senior officials in the office of the South Korean president. Additionally, he is said to have held several meetings with American intelligence and military officials stationed in South Korea, including a meeting with General Vincent Brooks, commander of United States Forces Korea. Reports in local media outlets said Pompeo’s visit aimed to coordinate American and South Korean intelligence responses to what Washington claims is increasing provocation by North Korea. The United States objects to North Korea’s repeated missile tests in recent weeks. On Saturday, Pyongyang attempted to launch a missile without success. The attempt, the third one in a month, elicited strong criticism from Washington and Seoul.

Pompeo’s trip to Seoul marked the fourth visit to South Korea by a senior US government official in recent weeks. The CIA director’s unannounced visit was preceded by separate official visits to Seoul by US Vice President Mike pence, Secretary of State Rex Tillerson, and Secretary of Defense James Mattis. Additionally, last Wednesday the White House organized an “extraordinary national security briefing” about North Korea for members of the United States Senate. The briefing featured presentations by senior American diplomats and military officials.

Author: Ian Allen | Date: 02 May 2017 | Permalink

North Korea is now robbing banks, says US intelligence official

North KoreaComments made by a senior American intelligence official on Tuesday appeared to suggest that the North Korean government was behind an attempt to steal nearly $1 billion from a Bangladeshi bank last year. The heist took place in February of 2016, when a computer malware was used to issue several requests to transfer funds from Bangladesh Bank —the state-owned central bank of Bangladesh— using the SWIFT network. The hackers were able to transfer five separate sums of $101 million each to a linked Bangladesh Bank account at New York’s Federal Reserve Bank. However, when further requests were issued, Federal Reserve Bank employees contacted Bangladesh Bank and blocked further transactions. Eventually, most of the transferred funds, which neared $1 billion, were recovered; but the hackers managed to get away with approximately $81 million worth of funds.

Forensic investigators described the heist as technically advanced. The antivirus company Symantec said it identified a piece of code in the malware that is known to have been used by North Korean government hackers in the past. Not everyone agreed with the claim that Pyongyang was behind the bank heist. But those who did, said that it was unprecedented in scope and aggressiveness. Some even said that the heist showed that North Korea’s cyber capabilities were among the most sophisticated and powerful in the world.

Meanwhile the United States government did not comment on the matter. However, this past Tuesday the deputy director of the National Security Agency appeared to confirm reports that North Korea was behind the Bangladesh Bank heist. Rick Ledgett, a 30-year veteran of the NSA, who is due to retire in 2018, was speaking at a public event hosted by the Aspen Institute in Washington, DC. He reminded the audience that private researchers had connected the malware code used in the Bangladesh Bank heist with that used in previous hacking attempts launched by North Korea. “If that linkage […] is accurate”, said Ledgett, it “means that a nation state is robbing banks”. When asked by the moderator whether he believes that to be the case, Ledgett responded “I do. And that’s a big deal”. Foreign Policy magazine reached out to Ledgett following his talk and asked him for clarification about his comments regarding the Bangladesh Bank heist. But the NSA official simply said that “the public case [about the heist] was well-made”. Foreign Policy also contacted the NSA, but the agency said it preferred not to comment on the matter.

Author: Joseph Fitsanakis | Date: 23 March 2017 | Permalink

Malaysia assassination highlights North Korea’s network of front companies

North KoreaThe sensational assassination of Kim Jong-nam, half-brother of North Korea’s Supreme Leader Kim Jong-un, on February 13, revealed much about the current operational mindset of Pyongyang. But it also brought to light the shady network of front companies set up by the North Korean regime to facilitate the country’s illicit financial activities around the world. This extensive network permits Pyongyang to evade international sanctions against it, and to coordinate the activities of hundreds of clandestine operatives around the world. Through these activities, the reclusive country has been able to develop its weapons of mass destruction program unabated, despite concerted efforts by the United Nations to prevent it from doing so.

Writing for Forbes, Scott Snyder, senior fellow for Korea Studies and director of the program on US-Korea Policy at the Council on Foreign Relations, notes that the UN has for many years employed sanctions to “block international financial and material support for North Korean nuclear and missile development efforts”. But now the UN’s own experts have concluded that Pyongyang has been able to evade these sanctions so skillfully that it has “largely eviscerated the intent and impact of UN sanctions resolutions”. How has it done so? Mostly through a network of countries that routinely turn a blind eye to North Korea’s illicit activities. These include several countries in the Middle East, as well as Singapore, China, Indonesia, and Malaysia. Pyongyang maintains an extensive network of front companies in these countries, says Snyder, with the main purpose of enabling it to evade international sanctions against it.

Malaysia has been a primary hub of North Korean illicit activity. In that, Pyongyang has been crucially assisted by the fact that —until last week— North Korean citizens could travel to Malaysia without entry visas. Malaysia thus provides a useful base for dozens of North Korean front companies, such as Glocom, which ostensibly markets radio communications equipment, or Pan Systems Pyongyang, which just happens to trade in exactly the kind of commercial items that could be described as “dual-use goods” in UN sanctions resolutions. Pan Systems is connected to several Malaysian-based subsidiaries, including International Global Systems and International Golden Services, which, according to investigators, are operated by North Korean intelligence.

Many of these companies also serve as exporting and importing hubs for Pyongyang. In the last five years, several ships have been intercepted while carrying illicit cargo dispatched from North Korea or destined for the reclusive state. In one such instance in 2013, the Jie Shun, a Cambodian-registered ship with a North Korean crew, was found to be carrying over 30,000 rocket propelled grenades hidden under thousands of tons of iron ore. The shipment was intended for an “undisclosed Middle Eastern destination”, says Snyder and was traced to a firm called “Dalian Haoda Petroleum Chemical Company Ltd.”. Many of these mysterious firms are headquartered in China, registered in Hong Kong, but actually work on behalf of North Korea, often using banking facilities in Europe and the United States to conduct financial transactions.

Author: Joseph Fitsanakis | Date: 07 March 2017 | Permalink