How the DPRK became a hacking powerhouse and why it loves crypto
This month, North Korea has garnered plenty of attention from cryptocurrency fans and foes alike.
Ethereum research scientist and product manager Virgil Griffith was sentenced to over five years in prison for violating sanctions during his visit to the Democratic People’s Republic of Korea (DPRK) in 2019, and the Federal Bureau of Investigation (FBI) announced that the recent $625 million Ronin Network hack was related to the North Korean elite hacker cell Lazarus Group.
Seeing as how North Korea is, seemingly, flexing its muscles in the cryptocurrency ecosystem, perhaps it’s time to reflect on its role, why it’s making such a big splash, and whether or not the country is pivoting to the world of cryptocurrency to bend and break sanctions that have been in place for decades.
The creation of North and South Korea
The division of North and South Korea is a complex situation – in its absurdity, scope, and misfortune.
In 1945, after the collapse of the Japanese puppet state of Manchukuo, Stalin invaded the region, known as Manchuria. The Russian dictator also invaded Menjiang and Northern Korea – America received Southern Korea.
The official division between North and South was decided by two American army colonels, who reportedly found “a National Geographic map” and thought the 38th parallel (the latitude of 38° N) made sense as a border – rather than consulting mountain ranges, rivers, natural borders, or cultural differences.
The North, initially supported by the USSR but eventually supported by the Chinese Communist Party in the form of The People’s Volunteer Army (PVA), was led by the communist ‘premier’ Kim Il-sung (the grandfather of Kim Jong-un). The South, supported by America and the United Nations, was led by the ‘president’ Syngman Rhee.
War begins
For over three years, the Korean War brings devastation to the fractured nation. Mass murders of individuals – seen as “enemies” of the government – are common on both sides, landmines and napalm drops dot the landscape, and rumors of the use of chemical and biological weapons continue to this day.
Eventually, after the UN and US push the North Koreans to the Chinese border, China agrees to send in hundreds of thousands of troops. In fact, it’s estimated that nearly twice as many Chinese soldiers are killed than North Korean soldiers over the course of the war – even Mao Zedong’s son is killed in an Allied air raid.
Inevitably, the combined technological capabilities of the US and UN, and the overwhelming number of soldiers from the PVA and North Korean Army grind the war to a halt just north of the 38th parallel in 1951.
In 1953 an armistice is agreed between North and South Korea, dividing the countries on a more permanent basis.
The rise of the North
While it’s difficult to imagine a thriving and successful DPRK today, for the two decades after the armistice, North Korea is a communist stronghold. It outpaces its southern neighbor in nearly every aspect: standard of living, wages, calorie intake. On the face of it, even its politics seem superior.
Not to mention, the country is propped up financially by the USSR.
Meanwhile the South falls into a state of disarray. Syngman Rhee frequently orders his government to fire on civilians, freedoms are curtailed, and the US army shows no sign of leaving.
It is now that Kim Il-sung begins to cement his cult of personality through his political ideology, called Juche. Juche institutes what’s called the Songbun caste system, which, to this day, is still in place and decides the fate of every North Korean citizen. The concept goes something like this:
• Core: If you fought with Kim Il-sung in the war, you and your relatives are held in the highest esteem and are likely part of the political elite.
• Wavering: If you were a civilian during the war, you and your relatives are unlikely to enter the political class.
• Hostile: If you collaborated with the Japanese, you and your family are subjected to the worst treatment, worst rations, and worst living conditions.
Despite the repressiveness of the Kim regime, the North flourishes until the late 1960s.
Kim falters
With no real likelihood of a unified Korean peninsula in the near future, Kim Il-sung becomes desperate. Seeing how the Vietcong are successfully fighting the Americans in Vietnam, he decides to adopt the tactic of guerrilla warfare and sabotage.
And so begins the DPRK’s sickening transition from typical nation state to full-on criminal entity.
Among the most infamous atrocities committed at this time are The Blue House Raid (when Kim sends a special operations team to attempt to assassinate the South Korean president), the Axe Murder incident, the abduction of Shin Sang-ok and Choi Eun-hee, and the bombing of Korean Air Flight 858.
Meanwhile, as Kim continues his campaign of terror against the South, every other aspect of his country begins a slow and steady crumble, culminating in one of the worst famines in modern history.
“The Hermit Kingdom” is born
Kim Il-sung, now old and in poor health, begins a new ideologically structured communist system before handing the reigns to his son, Kim Jong-il. From this point on, the military will take precedent above all other industries.
The country revs up its nuclear program despite the protestations of the US, numerous Western countries, and even its Communist neighbors, China and Russia. The country assures the world that the program is peaceful.
This proves to be a lie.
Hard sanctions are placed on the Kims, political and military elites, and the DPRK as a whole by the US and Western nations in response to the decision to proceed with nuclear proliferation. This just so happens to coincide with three extremely traumatic moments for North Korea:
- After the collapse of the Berlin Wall – and shortly afterwards the entire Soviet Union – Russia stops supplying the DPRK with fuel, natural gas, and other supplies.
- Years of isolation lead to factories and farms functioning at only a fraction of their capabilities, and simultaneously the North experiences some of the worst weather in its brief history.
- In 1994 Kim Il-sung dies.
Hope and despair
There is a brief moment of hope when, in late 1994, Bill Clinton and Kim Jong-il come to an agreement: North Korea will allow UN inspectors to monitor its nuclear program and ensure its peaceful use if the West agrees to provide aid to the famine-stricken North.
By 1996 most nations are supplying relief to the DPRK in some way, shape, or form, and by 1998-1999, the famine finally begins to peter out. It’s estimated that more than 1 million North Koreans perish between 1994-1998, or more than 4% of the pre-famine population.
It’s also believed that, in the end, the famine strengthens the Kim regime, with many detractors and critics killed or sent to labor camps in the far north of the country, leaving only die-hard supporters in the capital Pyongyang.
In 1997 So Kwan-hui, the minister of agriculture is blamed for the famine and executed.
The famine also leads the DPRK to try some new, illegal, and altogether more unpleasant solutions to its economic problems: it becomes one of the all-time biggest US dollar counterfeiters (creator of the so-called “superdollar”), dabbles in high-quality methamphetamine production, hacks governments and banks (the Korean intranet, Kwangmyong, is established in 1996), and, in 2006, it tests its first nuclear weapon.
Sanctions again
Despite “successful” nuclear weapons tests, the Kims soon find themselves sanctioned and isolated once again. But rather than spiraling into another famine, they double down: more tests and the creation of longer and longer-range missiles. By 2009 the now-infamous elite North Korean hacker cell “Lazarus Group” (aka Unit 121 or Unit 180) is formed.
In 2011 Kim Jong-il dies from an apparent heart attack and his son, Kim Jong-un, takes control. Another round of purges occurs, with dozens of insiders executed and even Kim Jong-un’s half-brother being assassinated in the Kuala Lumpur International Airport in 2017.
But the new Kim is savvier than his father, having been exposed to the outside world as a young man and spending his formative high school years in Switzerland. Soon he’s pushing for ski resorts, updated science and technology centers, and launching a slew of cyber crimes and viruses on the world via the Lazarus Group.
A monarchy becomes a criminal syndicate
Many Westerners wonder how exactly North Korea has been able to build such an incredibly qualified team of hackers despite being so isolated. There are layers to this answer.
First of all, the DPRK isn’t nearly as isolated as the West would like to suggest. The regime maintains relations with 164 countries throughout the world and still receives strong support from the People’s Republic of China. Russia, Pakistan, India, and numerous other countries also still regularly trade with the so-called Hermit Kingdom.
Secondly, though the majority of the population only has access to the North Korean intranet, many gifted math students and programmers are taken at a very young age to begin training to become state-sanctioned hackers. This is one of only a few ways that individuals can help move their family from a lower caste to being treated like an insider (or “core supporter”).
But the upgrade in familial lifestyle comes at a high price: hackers are expected to work seven days a week for up to 20 hours a day, taking little time away from the computer, let alone the office. There’s also extremely little chance of escape: as prized assets of the Kim regime, hackers are, generally, never allowed to leave the country for fear they’ll escape.
And this is precisely how the Kims have produced one of the most sophisticated and brilliant hacking groups in the world, despite having a malnourished and poverty-stricken population.
The build up to Ronin
Lazarus Group has slowly but surely built up its reputation over the course of the past decade. The first hack to garner global attention wasn’t a cash-grab or a DDoS attack, but rather an attack on Sony for releasing the satirical film The Interview, which featured James Franco as a journalist tasked by the CIA to assassinate Kim Jong-un.
In 2014 the group pulls off a much more brazen and lucrative attack: the Bangladesh Bank Heist. This intrusion, while simple in its execution (an employee opened an email attachment with a virus), shows extreme sophistication in other ways.
- The hackers wait for months after the initial breach before executing the actual attack.
- The hackers are familiar with how banking works internationally, how the SWIFT messaging system works, and what bank holidays affect what countries across borders.
- The hackers understand how central banks and the Federal Reserve work.
The attack on the Central Bank of Bangladesh is only partially successful – of the $951 million that the hackers attempt to steal they acquire $61 million.
The Central Bank of Bangladesh is lucky: the bank branch that the North Koreans have chosen as a cash-out location is located on Jupiter Street in Manila in the Philippines, similar in name to Jupiter, an Iranian shipping vessel listed on the OFAC sanctions list. The Federal Reserve stops the majority of the transactions and chooses to review them.
Lazarus Group performs a series of similar attacks via SWIFT a year later.
But the hackers aren’t done with simple banking violations – in 2017 they release the infamous WannaCry worm into the world, infecting hundreds of thousands of computers and causing hundreds of millions (possibly billions) of dollars worth of damage.
Sanctions violations and crypto game theory
It’s in 2017 and 2018 — before Virgil Griffith’s trip to North Korea — that the DPRK begins to target cryptocurrency exchanges. Lazarus Group attacks Bithumb, Youbit, and NiceHash, snaring millions of dollars worth of cryptocurrencies.
Griffith finally has the opportunity to visit North Korea in 2019 and the results are unfortunate. Pictures begin to circulate of Griffith explaining how the North Korean government can utilize cryptocurrency to evade sanctions:
Read more: North Korea calls US ‘hacking empire’ in entertaining crypto theft denial
But besides this, law enforcement agencies acquire text messages of the Ethereum Foundation product manager specifically referring to teaching the North Koreans how to use Ethereum to evade sanctions.
It’s unclear whether the North Koreans utilize any of the information that Griffith provides them, but 2021, two years after his initial arrest, proves to be an incredibly profitable year, netting the country $400 million worth of cryptocurrency, according to Chainalysis.
Here we are
Shortly after Griffith is sentenced to five years in prison, the Lazarus Group perpetrates its most economically viable crime yet: the draining of the Ronin Network’s Ethereum wallet. In one fell swoop, the group earns over half a billion dollars for the Kim regime or nearly 3% of annual GDP for the entire country.
Meanwhile, in a supposedly uncoordinated maneuver, the Department of Justice (DoJ) has announced that two Europeans – including Alejandro Cao de Benos, who is almost single-handedly responsible for the DPRK’s dwindling tourist industry – have been charged with assisting North Korea in evading US sanctions.
This is all to say that it makes sense why the Kim regime and the DPRK are utilizing cryptocurrencies and hacking to acquire money — they seem to have few alternatives. It also makes sense that as North Korea finds more and more usefulness in these avenues of sanctions evasion, the US will do everything in its power to clamp down on what it perceives as the empowerment of an authoritarian dictatorship.
Follow us on Twitter for more informed news.
Out now: the first three episodes of our new investigative podcast series Innovated: Blockchain City.