Kim family’s goal of using these new tools to coerce, conduct espionage, and earn currency for the regime. Just a few months before the Sony hack, in April, General Curtis M. Scaparrotti, who was then commander of the U.S. forces in South Korea, told the House Committee on Armed Services that “North Korea employs computer hackers capable of conducting open-source intelligence collection, cyber-espionage, and disruptive cyber-attacks.” His assessment was that “cyber warfare is an important asymmetric dimension of conflict that North Korea will probably continue to emphasize—in part because of its deniability and low relative costs.” His warnings about the cyberthreat were in line with what the U.S. intelligence community had been cautioning since 2013, when James Clapper said that “cyber” bumped “terrorism” off the top of the list of the major threats facing the United States.
While North Korea had been developing nuclear weapons and ballistic missiles over the decades, its interest in cyber is relatively recent, dating back to the early 2000s. Citing Kim Heung-kwang, who taught computer science at North Korea’s Hamheung Computer Technology University, The New York Times reported that Kim Jong Il became interested in the Internet around 2003, when he told his military commanders that “if warfare was about bullets and oil until now, warfare in the 21st century is about information.” Pyongyang’s capabilities were rudimentary, but Kim Jong Un took them to another level, much like his approach to accelerating development of ballistic missiles and nuclear weapons.
In fact, for Kim Jong Un, the advancement of cyber capabilities seems to mesh well with his desire for quick results at relatively low cost and for burnishing his brand as a modern leader presiding over North Korea’s technological improvements. As a digital native who has spent his entire life with video games, cell phones, video cameras, and other tools of our age, Kim is comfortable with incorporating cyber into the North’s tool kit of provocative actions. “Cyberwarfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our military’s capability to strike relentlessly,” he reportedly explained. Kim has deployed approximately six thousand hackers and cyber support personnel to at least eight countries—China, Malaysia, New Zealand, India, Nepal, Indonesia, Mozambique, and Kenya—to avoid detection and to take advantage of their Internet infrastructures. Kim has also focused on cyberintelligence and cyberwarfare training programs, funneling the most talented students into Kim Il Sung University College of Computer Science, Kim Chaek University of Technology, Mirim University, and other institutions.
Kim’s hackers see the South as an attractive target. South Korean officials have claimed that North Korea has conducted more than six thousand cyberattacks against it—relatively unsophisticated compared with the Sony hack and those that followed—since 2010, racking up around $650 billion in damages to South Korean private and government entities. In 2011, North Korea disrupted one bank’s branches for ten days. North Korean malware directed against three South Korean media companies and three major banks in 2013 rendered computers unusable through a denial of service attack, leaving customers unable to access their accounts. It deleted credit card records and inflicted financial costs of around $800 million. North Korea’s attacks against South Korea’s financial and media sectors are an attempt to cripple the industries and openness that are at the heart of South Korea’s prosperity. Pyongyang is likely aiming to make the point that the poorer Korea can inflict harm on its richer cousin south of the thirty-eighth parallel, while its own isolation and relative poverty make it invulnerable to proportionate punishment from Seoul or Washington. Pyongyang appears to be using its growing capabilities to generate money for the regime, in part to offset the slew of sanctions that hamper its more traditional methods of earning hard currency.
In 2016, Kim’s attacks against Bangladesh Bank resulted in a theft of $81 million, demonstrating new, more sophisticated capabilities. The hackers breached the Society for Worldwide Interbank Financial Telecommunication’s global messaging system—considered one of the most secure mechanisms for financial transfers—and fraudulently moved money from the bank’s holdings in the Federal Reserve Bank of New York to their own accounts in the Philippines. The U.S. National Security Agency said in March 2017 that the 2016 attacks were “forensically” tied to the Sony attack.
In addition to the Bangladesh heist, North Korean hackers targeted Vietnam’s TPBank in 2015, Far Eastern International Bank of Taiwan in 2017, and Bancomext of Mexico and Banco de Chile in 2018, among others, for a total of more than sixteen organizations in eleven countries at a minimum since at