North Korea attacks Bitcoin bods to swell its war chest says FireEye
BTC isn't explicitly covered by sanctions and Kim could launder it into useful currencies
North Korea appears to have commenced online attacks aimed at acquiring Bitcoin so it can evade sanctions.
South Korea's Cyber Warfare Research Center alleged a few weeks ago that at least one Bitcoin exchange had been targeted by a Nork hack, and now FireEye threat researcher Luke McNamara writes that “since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds”.
FireEye operatives say they've observed spearphishing that often “targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”
North Korea is subject to United Nations sanctions that freeze any assets it holds offshore and forbid members from providing financial services, financial support or allowing banks to do business with the oppressive, nukes-and-missiles-capable hermit kingdom.
Sovereign nations regulate financial services organisations, but few have figured out how to oversee production of or transactions conducted in Bitcoin and other cryptocurrencies.
McNamara therefore offers a scenario in which “If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies”. The researcher worries that “some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency.”
And boy does North Korea need hard currency - its trade with the outside world is small and new sanctions imposed this week will reduce it further by banning its textiles trade and capping the number of guest workers it is allowed to send abroad.
If McNamara is correct and North Korea is acquiring Bitcoin to make up for its lack of access to more conventional types of currency, it's likely that authorities will become even more interested in ending anonymous trades. Bitcoin's anonymity has, however, been called into question since at least 2014, so it may be that North Korea's efforts are already traceable. ®
Sponsored: Becoming a Pragmatic Security Leader