Money, espionage and image: Why North Korean hackers are making waves

In this June 16, 2017, photo, Pak Sung Jin, a 30-year-old postgraduate student in chemistry, looks at a computer screen as he works on an essay at the Sci-Tech Complex in Pyongyang, North Korea. AP Photo/Wong Maye-E

The FBI and Department of Homeland Security announced this week that North Korean hackers were behind a malware attack known as FALLCHILL — just the latest hack blamed on the reclusive country.

FALLCHILL, a type of malware that compromises network systems, was targeted at the aerospace, telecommunications and financial industries, said the security agencies.

In the last few years, North Korean hackers have also been blamed for cyberattacks on media companies like Sony and the U.K.’s Channel Four, international banks and the infamous WannaCry ransomware that shut down various hospitals in the U.K. last spring.

North Korea generally denies all involvement.

It’s difficult to attribute attacks to a specific source, like a country, said Christian Leuprecht, a professor at the Royal Military College of Canada and Queen’s University, but when major cybersecurity corporations and national intelligence agencies are all pointing the finger at North Korea, that’s a “pretty credible” indication that something is going on.

Story continues below advertisement

WATCH: FBI explains why they believe North Korea was behind Sony hack (Jan. 2015)

According to Jez Littlewood, assistant professor at Carleton University’s Norman Paterson School of International Affairs, North Korea has three main goals with its cyber program: money, espionage, and maintaining the regime’s image.


The WannaCry ransomware, which told users that their computer data would be deleted unless they sent money, was an example of a way to extort money from international sources, said Littlewood.

North Korea needs the money for things like funding their nuclear program and military and to lessen the impact of sanctions.

Story continues below advertisement

“Given the sanctions squeeze that has been sort of growing over North Korea over the last couple of years, the fact that they would turn to another revenue-generation scheme is not too surprising,” he said.

WATCH: Cybersecurity researchers say North Korea might be linked to the WannaCry ‘ransomware’ cyber attack that infected more than 300,000 computers worldwide (May 2017)

Click to play video: 'Experts say global cyber attack possibly linked to North Korea'
Experts say global cyber attack possibly linked to North Korea

WannaCry didn’t work very well though – it was quickly discovered – but North Korea has had more successful financial hacks.

“The more significant financial aspect was hacking into the bank payment system, the SWIFT. And North Korea was believed to have taken $81 million out of the Bangladesh central bank just last year.”

Espionage and disruption

North Korea also engages in more traditional types of international espionage through hacking, said Littlewood.

Story continues below advertisement

They hacked the South Korean defence ministry in Sept. 2016, according to a South Korean lawmaker, and stole a lot of data, including partial plans on how the U.S. and South Korea would attack the North.

“Breaking into and hacking into the South Korean department of defence and their war plans suggests some quite sophisticated capabilities,” said Littlewood.

In some ways, cyberattacks are an ideal weapon for North Korea, thinks Leuprecht.

“The nuclear program is life insurance for the regime. It’s the cheapest coverage they can buy. And the other cheap way that they can cause a lot of havoc is in the cybersphere because the costs are minimal.”

Not only that, it’s hard for Western countries to fight back.

“China and Russia know if they cause serious havoc in our networks, that we can retaliate by causing massive havoc in their society and their networks.

“Whereas with North Korea because most of the country is not online, because most of the society functions as if it were in the 1950s in terms of infrastructure, the damage that we can do broadly is somewhat limited.”

Story continues below advertisement

Nowadays, said Littlewood, most countries realize that armed conflicts are likely to have a cyber dimension as well, and North Korea wanted to develop its capacity in that area. This is something that many countries are doing, he said, not just North Korea.

Protecting Kim Jong-un

But North Korea also has a more unique concern – protecting the image of its leader at home and abroad. That’s likely why it’s been linked to the 2014 hacks at Sony Pictures, which distributed the movie The Interview, about an assassination plot against Kim Jong-un.

North Korea has also been blamed for a hack at Britain’s Channel Four, which was planning to film a television show about a kidnapped British nuclear scientist in Pyongyang. The hack was only recently reported by the New York Times.

“Part of that effort appears to be sort of trying to protect the image of the country, trying to protect the image of the leader, Kim Jong-un, and pushing back in the ways that they can both through cyber disruption activity as well as threats which accompany those,” said Littlewood.

Story continues below advertisement

— With files from Reuters

Sponsored content