the Gripping Story of North Korean Cybercrime

“Keep in mind the eleventh of September 2001.” That chilling risk was posted on the web after North Korea’s cyberattack in opposition to Sony Footage Leisure in 2014, which aimed to stop the discharge of a film that ends with the dying of a fictitious model of North Korean chief Kim Jong Un. In his new ebook, The Lazarus Heist, investigative journalist Geoff White digs into the fascinating evolution of Pyongyang’s cyberactivities, from terrorism to sanctions evasion to different felony actions. Whereas the ebook reads like a typical Hollywood crime drama, ultimately the nice guys don’t win.

White’s participating prose takes us around the globe—Eire, Macao, South Korea, Bangladesh, China, the Philippines, Slovenia, Malta, the UK, Canada, and the USA—to doc Pyongyang’s cyber-intrusions and different illicit actions. Particularly, White comprehensively evaluations the file of the North Korean hacking group code-named Lazarus Group by U.S. authorities investigators.

A lot of White’s ebook attracts from info already within the public area, however his compelling narrative highlights the path of accomplices and victims that North Korea leaves behind. U.S. legislation enforcement continues efforts to prosecute North Korean hackers—an admirable objective however extraordinarily unlikely to occur—together with the three North Koreans listed on the FBI’s Cyber’s Most Wished listing. The upshot is that “North Korea’s alleged pc hackers get away scot-free, whereas their accomplices (or a few of them, at the least) get caught within the internet,” as White notes.

“Keep in mind the eleventh of September 2001.” That chilling risk was posted on the web after North Korea’s cyberattack in opposition to Sony Footage Leisure in 2014, which aimed to stop the discharge of a film that ends with the dying of a fictitious model of North Korean chief Kim Jong Un. In his new ebook, The Lazarus Heist, investigative journalist Geoff White digs into the fascinating evolution of Pyongyang’s cyberactivities, from terrorism to sanctions evasion to different felony actions. Whereas the ebook reads like a typical Hollywood crime drama, ultimately the nice guys don’t win.

The Lazarus Heist: From Hollywood to Excessive Finance: Inside North Korea’s International Cyber Struggle, Geoff White, Penguin Enterprise, 304 pp., $29.95, June 2022

White’s participating prose takes us around the globe—Eire, Macao, South Korea, Bangladesh, China, the Philippines, Slovenia, Malta, the UK, Canada, and the USA—to doc Pyongyang’s cyber-intrusions and different illicit actions. Particularly, White comprehensively evaluations the file of the North Korean hacking group code-named Lazarus Group by U.S. authorities investigators.

A lot of White’s ebook attracts from info already within the public area, however his compelling narrative highlights the path of accomplices and victims that North Korea leaves behind. U.S. legislation enforcement continues efforts to prosecute North Korean hackers—an admirable objective however extraordinarily unlikely to occur—together with the three North Koreans listed on the FBI’s Cyber’s Most Wished listing. The upshot is that “North Korea’s alleged pc hackers get away scot-free, whereas their accomplices (or a few of them, at the least) get caught within the internet,” as White notes.

White devotes a complete chapter early within the ebook to Pyongyang’s counterfeiting of U.S. $100 payments, also referred to as superdollars or Supernotes. The connection between North Korea’s cyberactivities and faux $100 payments is probably not apparent. However White ties them collectively by explaining that forex counterfeiting was lengthy a spotlight of Pyongyang’s illicit actions—and when the monetary revolution moved transactions from bodily forex to on-line banking, it set off a slew of North Korean cyberactivities. Another clarification is that the Kim regime will at all times attempt to exploit the weakest level of the U.S. sanctions regime. The U.S. Secret Service informed a Senate subcommittee in 2006 that the Supernotes had been first detected in 1989 and that it had seized roughly $50 million of the notes globally. The George W. Bush administration’s efforts to cease the Kim regime’s illicit actions—counterfeit cigarettes, medication, and U.S. forex—elevated the prices for North Korea and will clarify its shift to cyberactivities.

“Laptop hacks have develop into a key weapon in North Korea’s arsenal, they usually now pose a big risk to world safety and stability,” White writes. Priscilla Moriuchi, a former analyst on the U.S. Nationwide Safety Company, tells White that Pyongyang’s “technique is about using its uneven strengths, with the ability to discover instruments of nationwide energy that they’ll use to stage the enjoying area in opposition to their a lot stronger adversaries within the West.”

Early within the ebook, White additionally emphasizes that the principle objective of North Korea’s hackers—just like the counterfeiters earlier than them—is to make money for the regime, which has few official alternatives to earn onerous forex given the worldwide sanctions on account of Pyongyang’s nuclear weapons and ballistic missile packages. The illicit funds are used to fund all the pieces from Kim Jong Un’s life-style to Pyongyang’s nuclear weapons and missile packages. However within the ebook’s conclusion, White features a warning from Thae Yong-ho, a former North Korean deputy ambassador in Britain, who defected to South Korea and is at present a legislator there. “Throughout peaceable occasions,” Thae says, “they’ll use their hacking potential to create earnings.” Nevertheless, Thae additionally asserts that in wartime, they’ll “simply” conduct a cyberattack to hurt South Korea.

Often, White observes, Pyongyang does use cyberattacks to terrorize targets for pettier causes. Within the case of the Sony assault, one of many regime’s earliest main hacking operations, Kim sought to avenge a private slight. Sony’s The Interview is a middling comedy starring Seth Rogen and James Franco as a producer and journalist, respectively, who land an interview with the fake Kim Jong Un, performed by Randall Park. The CIA then recruits Rogen’s and Franco’s characters to assassinate the North Korean chief by poisoning him. As in most comedies, hijinks ensue, and finally they full their mission. Unsurprisingly, the real-life Kim was not happy together with his Hollywood remedy—although it’s unclear whether or not he was extra incensed by his fictitious dying or the buffoonish remedy.

In September 2014, three months earlier than the film’s scheduled December launch, a Sony worker opened an electronic mail with a virus embedded in video recordsdata. White explains that this allowed the attackers to entry Sony’s pc system, the place they “rigorously [moved] from pc to pc to keep away from detection, stealing information and planting extra viruses as they equipped for his or her massive finale.” On Thanksgiving, North Korean cyberattackers triggered the viruses to devastate the corporate’s pc techniques. Sony executives obtained emails demanding a ransom cost. When the corporate didn’t comply by the desired deadline, the hackers launched movies that had been nonetheless in manufacturing and despatched reporters incriminating proprietary info, together with executives’ salaries and contracts for actors and actresses. Then they leaked 5,000 emails from the account of Sony co-chair Amy Pascal. White observes that some contained embarrassing particulars.

Following the film’s premiere, the hackers issued a terrorist risk invoking 9/11, urging Individuals to maintain themselves away from theaters exhibiting the film. “If your home is close by, you’d higher go away,” the risk acknowledged. White explains that Sony had a dilemma: It might proceed with the movie’s launch or pull the film. “Ultimately,” White writes, “the studio’s hand was compelled, when the main cinema chains refused to display screen the movie.”

Then-U.S. President Barack Obama stated Sony and the theaters had made a “mistake.” He additionally expressed outrage at Pyongyang’s scheme, saying, “We can’t have a society during which some dictator someplace can begin imposing censorship right here in the USA.” However he didn’t retaliate in any significant method.

To make sure, Obama issued an government order in January 2015 authorizing extra sanctions in opposition to the North Korean authorities, which the U.S. Treasury Division used to sanction three entities and 10 people serving as entities, brokers, or officers on behalf of Pyongyang. Nevertheless, the influence of those sanctions on hacking operations was negligible at greatest, because the three entities, together with the group that oversees the Lazarus Group, had been already underneath sanctions and the ten people on the listing had been truly concerned within the regime’s proliferation actions, not cyberattacks. It was not till September 2019 that the Treasury Division sanctioned the Lazarus Group.

Moriuchi tells White that the Sony assault didn’t domesticate any important U.S. appreciation for the North Korean cyberthreat. As a substitute, the U.S. intelligence neighborhood downplayed or ignored the hazard. The Sony hack, Moriuchi says, confirmed that “North Korean cyber-operators are rather more technically adept and conscious and plugged into modern Web society and media tradition than they ever actually get credit score for.”

In 2016, North Korea additional escalated its cyberaggression when it set its sights on stealing virtually $1 billion from Bangladesh Financial institution, the nation’s central financial institution. The attackers despatched the New York Federal Reserve fraudulent messages purporting to originate from Bangladesh Financial institution requesting the switch of practically $1 billion to financial institution accounts opened by the hackers’ accomplices at a Philippines-based business financial institution, the Rizal Industrial Banking Corp. The New York Fed stopped many of the requested transfers—however solely after $81 million had already been despatched to the Philippines-based financial institution.

Bangladesh Financial institution tried to get better the cash, however the attackers had been at all times one step forward of it. White explains that the hackers moved the balances from 4 accounts to a single account after which transferred the funds to a money-changing enterprise, which transformed them into Philippine pesos. The attackers then laundered $51 million in casinos utilizing accomplices and, for causes that stay unclear, transferred the remaining $30 million to a mysterious Chinese language man who promptly left the nation.

White writes that the FBI and the U.S. Legal professional’s Workplace for the Central District of California had been nonetheless investigating the Sony hack after they found similarities to the Bangladesh Financial institution heist. For instance, the FBI discovered three IP addresses shared by the viruses used for the hacks.

In sum, the ebook’s chronicle of occasions reveals how North Korea’s cyberattacks have developed into a variety of actions, from terrorizing Individuals to circumventing the sanctions regime. Worryingly, Washington’s concern doesn’t rise to the extent of the hazard these actions symbolize. As the USA might need discovered from its failed efforts to handle North Korea’s nuclear and ballistic missile packages, the one likelihood to halt Kim’s misconduct shall be when a U.S. president severely prioritizes stopping him and devoting the mandatory sources.