(White House photo)

North Korea May be Using U.S. Technology for ‘Destructive Cyber Operations,’ Report Finds

North Korean elites appear to have access to Microsoft and Apple devices despite sanctions and may have used some of those devices for “destructive cyber operations” against other nations, according to a June 6 report.

Intelligence threat firm Recorded Future performed an analysis that found several American-made operating systems, servers and other devices such as the Apple iPhone X and F5 BIG-IP load balancer are being used in territorial North Korea. The firm was unable to confirm who the actual users were or determine how many of each of the devices were present in the country, but has a list of device types that were in use.

With the models and versions Recorded Future was able to detect along with the strict internet restrictions in North Korea, as reported by the AP, the report concludes that the devices were being used by North Korea’s elite.

“Since we had this data set and we knew that American devices were such a large part of North Korea’s domestic infrastructure (our goal was) to call that out,” said Recorded Future’s Director of Strategic Threat Development Priscilla Moriuchi. “(And) also emphasize that export controls for technology specifically are not really working.”

How North Korea Got the Technology

The U.S. does not allow export of luxury goods – which includes “computer laptops,” a range televisions and monitors, personal digital music players and assistants as well as “electronic entertainment software and equipment” – to North Korea unless a permit is obtained, though there is a “general policy of denial” on applications for such a permit, according to the Commerce Department’s Bureau of Industry and Security.

Sanctions under President Obama in 2016 targeted technology that could “undermine cybersecurity,” and in 2017 President Trump “broadened restrictions in an executive order that targeted “technology” exports more generally,” according to the Washington Post.

“You can’t argue that the U.S. does not make some of the best technology devices in the world,” said Moriuchi. “Some of the best computers in operating system software and hardware are made in the United States and North Korea would want to get their hands on that.”

The report points to several ways North Korea could have gained access to this technology.

One issue was companies violating sanctions. Chinese telecommunications manufacturer ZTE, for example, had been punished by the Commerce Department for trading with North Korea and Iran with a denial order in April 2018 after violating a March 2017 deal. That denial order was just recently lifted.

Another issue brought to light is what a 2015 UN report called “a situation of uneven practice” created by member states having differing definitions for luxury goods.

The U.S. has not always held tightly gripped sanctions on North Korea, though.

The report points to seven years between 2002 and 2017 where the U.S. had allowed “computer and electronic products” to be exported to North Korea. The peak of electronic and computer exports was in 2014 with $215,862 worth of these products legally exported to North Korea, according to Commerce.

When and how exactly these exports were allowed is unclear, though it’s worth noting the United States has in the past “lifted sanctions on North Korea in exchange for a promise to freeze its nuclear program and dismantle parts of its facilities,” according to the Council on Foreign Relations.

The sanctions usually returned after North Korea would go back on its word.

Commerce’s definition of “computer and electronic products” is pretty wide-ranging. It includes computers, printers, semiconductors and several other devices. So pinning down what exactly was exported is difficult, but the report notes that “many of the electronic devices North Korean elite utilize are older models or are running older software” and could have been acquired from these legal exports.

“Around $480,000 worth of computers and electronics have been shipped to North Korea since 2002,” Moriuchi said. “It’s not enough to build an entire network of the size that North Korea needs but it’s still a substantial sum and it frankly could have weakly supplied some of the electronics for the ruling elite.”

North Korea has also been known to mimic Apple technology, according to Gizmodo. And Moriuchi said Recorded Future’s research leads them to believe that North Korea uses reverse engineering fairly often.

As an example, the country is believed to have reverse engineered CNC machines it imported from the Soviet Union to create an estimated 15,000 more machines, according to Reuters. CNC machines have many uses, creating the intricate parts used in phones and clothing alike. They’re also “crucial” to weapons development.

Western Devices Present Cyber ‘Threat’

The historic summit between Trump and North Korean Leader Kim Jong-un on Tuesday ended with the signing of a joint statement: the U.S. would provide guarantees of security to North Korea “in exchange for denuclearization,” according to the New York Times.

The exact nature of the topics Trump and Kim discussed is unknown, and the statement did not go into much detail, instead promising follow-up negotiations between Secretary of State Mike Pompeo and “a high-level North Korean official.”

Cyber-security should be an important factor at some point, Moriuchi said.

“If the goal is to bring North Korea back into the community of nations, then things like cyber operations and destructive cyber-attacks will have to be addressed,” Moriuchi said.

North Korea was said to have ordered a cyberattack on Sony Pictures in 2014, according to the New York Times. North Korea is also said to be associated with an $81 million cyber heist on Bangladesh’s central bank in 2016 and several other financial institution hacks since, according to The Hill. And the Trump administration accused North Korea officials of ordering the “WannaCry” cyber-attacks that “crippled hospitals, banks and other companies across the globe” in early 2017; North Korea called allegations about cyber-attacks a “smear campaign” and denied responsibility, according to Reuters.

North Korean cyber-attacks could pose a direct threat to average citizens just as they do to governments and companies, Moriuchi said.

Most of the attacks coming from inside North Korean territory have been against South Korea, she said, but American citizens who use cryptocurrencies, who work at companies targeted for larger cyber-attacks, or who have Korean-language capabilities on their devices are at risk and have been hit by North Korean hacks in the past.

The Western technology the report found to be in North Korean territory were said to have “enabled North Korea’s destabilizing, disruptive, and destructive cyber operations as well as its internet-enabled circumvention of international sanctions.”

“I think what a lot of people need to realize is, sort of on the surface, North Korean citizens themselves are not a clear and present danger,” said Theresa Payton, CEO and president of cybersecurity firm Fortalice Solutions and former White House chief information officer under President George W. Bush.

There is, however, an “elite unit,” Payton said, which aims to understand the latest technology, reverse engineer it and then exploit any vulnerabilities that have not already been found and patched out – which is why North Korean access to this new, American technology is so particularly dangerous, she said.

With this information in mind, Payton warned that the U.S. should be keeping an eye out as negotiations continue with North Korea.

“The other thing we should be looking at is, as the negotiations go on, if at any point in time, North Korea’s leadership, especially North Korea’s Kim Jong-un, decide they don’t like where things are going, all they need to do is flex their muscle and take that cyber operation and point it at either the government, businesses or at U.S. consumers,” she said. “So any reaction negatively, in the kinetic sense, at the negotiation table could actually have digital cyber ramifications.”

Adam Rayes is a 19-year-old journalism student at Western Michigan University who is completing his Junior credits at George Mason University this summer while interning here at HSToday. He's worked a crime beat for Western's newspaper and freelances for several organizations in Kalamazoo, Michigan. He enjoys hiking trails, Star Wars and being really, really bad at guitar. You can find Adam on Twitter @arayes17 and can reach him by email or phone at arayes@gtscoalition.com or 248-595-1032.

Leave a Reply