Expert witnesses told the House Foreign Affairs Committee on Thursday that North Korea, despite being an impoverished rogue state where citizens struggle to access electricity, is “in the top tier of global cyber threats” due to communist dictator Kim Jong-un’s obsessive focus on cybercrimes as a form of financing.
The hearing, titled “Illicit IT: Bankrolling Kim Jong-un,” focused on the use of hacking to steal money from banks, the penetration of online financial systems to steal cryptocurrency, and the use of the profits raked in to develop advanced nuclear weapons contrary to international law. Multiple witnesses testified to North Korea using its scientists by sending them to work abroad and forcing them to engage in cybercrime. Suzanne K. Scholte, the president of the Defense Forum Foundation, told Congress Pyongyang continues to succeed in its schemes in part because sanctions on the regime remain largely unenforced.
“One of the best ways to fight North Korea’s cyberattacks continues to be to dry up Pyongyang’s ability to profit from it, and to deny it safe haven in China or Russia,” Scholte noted. “Unfortunately, the Biden Administration is not enforcing our sanctions laws aggressively.”
Citing United Nations estimates, Bruce Klingner, top researcher at the Heritage Foundation Asian Studies Center, told lawmakers that North Korea is believed to have earned somewhere around $4.4 billion from cybercrime between 2019 and 2022.“In 2019, the U.N. Panel of Experts estimated that North Korea had cumulatively gained $2 billion from cybercrime to fund its weapons of mass destruction programs,” Klingner explained. “During 2020, 2021, and 2022, North Korea is estimated to have stolen at least $316 million,15 $400 million,16 and $1.7 billion worth of cryptocurrency, respectively.”
Klingner noted thatt North Korea’s legal GDP in 2019 was $29 billion, significantly less than its estimated profits from cybertheft.
“North Korea is in the top tier of global cyber threats and could inflict devastating damage during a crisis by simultaneously targeting an array of critical sectors,” he warned.
Scholte, citing the testimony of a North Korean defector, noted that the IT employees behind these hacks are often essentially slaves, flooding Kim Jong-un’s personal bank account with ill-gotten gains. Scholte quoted a defector identified only as Lee who explained, “Kim Jong Un often utilizes his personal slush fund to purchase luxurious commodities, maintain the system, and develop a nuclear missile program. These North Korean IT workers overseas wire their earnings to the bank accounts of North Korean government officials in China who deal with the regime’s financials.”
“And these officials,” Lee explained, “smuggle the earnings of IT workers into North Korea through the North Korea-China border.”
Klingner estimated that 90 percent of the wages of North Korea IT workers abroad go directly to the Kim regime.
Jenny Jun, a cybersecurity expert with Georgetown University, said at the hearing that North Korea often distinguishes itself from other cybercriminals through disinterest in masking where its attacks come from.
“North Korea is different from other state-sponsored Advanced Persistent Threats (APT) marked by their tolerance of more operational risk and a willingness to trade off secrecy for expediency,” Jun explained. “North Korea’s illicit financing through cyber means is a management problem, not a deterrence problem. U.S. and its like-minded partners will not be able to persuade North Korea to cease activity in this space altogether through threats of punishment.”
Jun described a variety of criminal online behavior by North Korea that eexperts have documented, “fraudulent SWIFT transactions targeting banks, fraudulent ATM cash withdrawals, ransomware, protection rackets, credit card skimming, cryptocurrency mining and cryptojacking, fraudulent Initial Coing Offerings (ICO), offering services as foreign IT workers, and most notably large scale cryptocurrency thefts.”
Jean Lee, a veteran journalist who worked for years in Pyongyang, offered an explanation for why North Korea became such a prodigious digital threat: Kim Jong-un, a “millennial,” needed to command respect and authority from the veteran communists surrounding him when he took power at the age of 27.
“Science and technology became the platform for building loyalty,” she explained, recalling, “My North Korean staff, like my South Korean staff, loved all tech gadgets. Cellphones, Bluetooth headsets and laptops became status symbols as the regime doled out electronics as political prizes.”
Lee detailed several of the regime’s most high-profile cyberthefts:
In February 2021, the Department of Justice announced new charges against three North Koreans accused in attacks that yielded $1.3 billion from cyber and cryptocurrency thefts. In March 2022, the Lazarus Group was accused of stealing nearly $620 million in cryptocurrency from an online video game called Axie Infinity that runs on the Ethereum blockchain in what the US government called the largest virtual currency heist to date. In June 2022, the blockchain company Harmony Bridge reported a theft of $100 million; the FBI named the Lazarus Group as suspects.
The hearing was held on the 70th anniversary of the armistice agreement that stopped the fighting in the Korean War by creating the Demilitarized Zone (DMZ) in between the two Koreas. The agreement did not end the war, meaning North and South Korea remain technically at war, as do China and America, their respective allies.
Despite this, Kim Jong-un held a massive “victory” parade on Thursday to mark the occasion, a lavish affair clearly requiring tremendous resources. Among the displays at the parade were aircraft identified as both surveillance and attack drones, as well as multiple models of intercontinental ballistic missiles (ICBMs). The newest model, the Hwasong-18, debuted this month in a test that both Pyongyang and observers in Seoul believe was successful. Both Russia and China, permanent members of the U.N. Security Council, attended the parade alongside Kim, approvingly clapping for the illegal weapons displayed.