The threat on the screen was clear and simple enough: I’ve encrypted your files — and if you don’t pay me within a week, you’ll never be able to recover them.
At noon on May 12, 2017, a red alert page popped up on the computer screens of more than 300,000 Windows users worldwide, asking them to transfer approximately $300 worth of Bitcoin to recover their files.
The virus was later named “WannaCry.” Victims thought it was an ordinary cryptocurrency ransomware incident, but the U.S. government later said that Lazarus, a hacking group owned by the North Korean government, was behind the worst-ever cryptocurrency ransomware cyberattack, which eventually swept through more than 150 countries.
In North Korea, less than 1% of the population has access to the country’s Intranet service, which is called Kwangmyong, but the country’s government has still produced some of the best hackers in the world, on par with superpowers like the U.S, China and Russia.
In recent years, the Pyongyang government has taken advantage of the decentralized nature of cryptocurrencies and has used its two-decade-old cyberwarfare capabilities to raise money to fund nuclear weapons research through large-scale financial extortion like WannaCry — and it has been very successful.
Bangladesh bank hack
The international community first truly recognized North Korea’s cyber warfare capability during the Bangladesh Bank hack in Jan. 2015. At the time, several employees of the bank received what appeared to be a standard job application email. But the attached resume and cover letter contained a virus that, when downloaded, connected to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network.
Posing as the Central Bank of Bangladesh, the virus sent multiple instructions to illegally transfer $1 billion in funds from the Federal Reserve Bank of New York through the SWIFT system. Fortunately, one of the instructions attempted to transfer funds to a bank branch located on Jupiter Street in Manila, Philippines, and the word “Jupiter” happened to be the name of a sanctioned Iranian vessel, which drew the FBI’s attention to the request and led to the suspicious transaction being put on hold. Five transactions still went through, and the hackers got away with $81 million in stolen funds.
The attack showed that North Korea had clearly developed a much more sophisticated strategy than previous attacks. In this case, hackers lurked in the banking system for a year, gathering information and buying time before taking action.
The West realized that North Korea’s cyber forces were more powerful than imagined.
The hackers took advantage of the weekend in Bangladesh, the time difference in New York and the Filipino Lunar New Year holiday to get more time to send the money. After receiving the funds, they chose to transfer the money to a bank account in Manila, the capital of the Philippines, then transferred most of the amount to a casino, where they laundered the money at the gaming tables before transferring it back to North Korea.
This Bangladesh bank heist forced the West to realize that North Korea’s cyber forces are more powerful than imagined. And the heist also strengthened North Korea’s resolve to steal cryptocurrencies: although North Korea got away with $81 million, this was just one-tenth of the targeted $1 billion.
At the same time, North Korea went through an elaborate money laundering process that wrote off another 90 percent of the targeted funds. After this operation, North Korea learned how labor-intensive and time-consuming the requirements of traditional financial institutions can be.
But with the rise of cryptocurrencies, North Korea saw the decentralized technology – an open financial system without the need to go through banks or government-regulated financial institutions – as a way to bypass sanctions, skip the money laundering process and put the proceeds directly into its nuclear weapons program.
Image of North Korean soldier working on a nuclear weapon.
Midjourney
North Korea’s cyber history
The Pyongyang government’s ambitions for cyber attacks date back to the 1990s. In the Gulf War, which began in 1990, the U.S.-led coalition used electronic equipment in addition to conventional weapons to assist in taking down Iraq. The Chinese Communist Party at the time saw the potential of electronic warfare and set up a research group dedicated to exploring “electronic intelligence warfare.”
According to a book published by the Korean People’s Army (KPA), after then-Supreme Leader Kim Jong Il saw the report, he said “If the Internet is like a gun, a cyber attack is like an atomic bomb,”…
Read More: Will Hack For Nukes: Inside North Korea’s Cryptocurrency Extortion Ring