why war against NK hacking is still losing battle
This is the final part of a three-part series shedding light on North Korea’s cryptocurrency thefts and their links to the hermit regime’s nuclear ambitions. — Ed.
The financially isolated North Korean regime is behind one of the biggest cryptocurrency heists of all time. The North Korean state-run Lazarus Group, for example, stealthily made hundreds of millions of dollars with just one cryptocurrency theft this year that appears to be directly linked to their astronomical spending on nuclear missile development.
But are there ways to stop North Korean hackers? Experts remain gloomy.
“Stopping cyber attacks is impossible. Every actor in cyber threats is strongly motivated. They fully understand the benefits they can gain through cyber attacks,” Park Seong-su, senior security researcher at Kaspersky’s global research and analysis team, told The Korea Herald. “While we cannot stop cyber attacks, we should do our best to slow down and minimize the cyber threat.”
North Korean hackers will be persistent because they have a strong, common goal.
“North Korea has a clear goal: to generate funds and foreign currency for the regime and its missile and nuclear programs. North Korea leaves no stone unturned for this, says Moon Jong-hyun, director of the South Korean cyber security firm EST Security. “As long as Kim Jong-un is alive and North Korea needs funds for the regime’s rule, it will continue to routinely hack and steal cryptocurrencies.”
There are countries that carry out state-sponsored, systemic cyberattacks such as China and Russia. North Korea is known to be the only country in the world that supports cyber hacking against financial institutions to earn foreign currency, Moon explained.
“As long as cryptocurrency remains opaque and the regime’s survival rests on asymmetric capabilities, North Korea will likely continue to exploit the unclear regulatory landscape to achieve gains,” said Millie Kim, a researcher at the North Korea Cyber Working Group, an initiative. of the Korea Project at Harvard University’s Belfer Center for Science and International Affairs.
“North Korea has little to lose and much to gain from a loosely regulated market, especially as cryptocurrency can buy ever more goods and services.”
But Moon said it would be nearly impossible to “thoroughly block North Korea from earning foreign currency” through cryptocurrency theft given the decentralized nature of the blockchain that enables the existence of cryptocurrency.
“Blockchain is not meant to be under control. Putting blockchain under control is such an oxymoron,” Moon said. “If we understand the system and structure of blockchain infrastructure, we can easily realize why North Korea has carried out cyber-enabled crimes, especially on blockchain platforms.”
In a nutshell, North Korean hackers have exploited the decentralized structure of blockchain which ensures that cryptocurrency exists outside the control of central government and financial authorities, and no individual or entity has control over cryptocurrency.
“Right now what we’re seeing is a cat-and-mouse game between American investigators and North Korean hackers,” said Jean Lee, a fellow at the Wilson Center in Washington and co-host of the “Lazarus Heist” podcast. from the BBC World Service.
“US Treasury Department sanctions are designed to stop and disrupt the North Koreans from stealing cryptocurrency and converting it to hard currency, but authorities have acknowledged that the Lazarus Group of North Korean hackers have already made off with hundreds of millions of US dollars in cryptocurrency alone this year.” Lee added.
To deter hacking attacks, experts emphasized that cryptocurrency markets should improve cyber security maturity and cyber defense.
Erin Plante, vice president of investigations at New York-headquartered Chainalysis, said “hackers are always looking for the newest and most vulnerable services to attack,” citing increasing attacks on DeFi protocols, including cross-chain bridges as an example.
“Cryptocurrency services — including but not limited to bridges — should invest in security measures and training,” Plante said. “For example, with North Korean-linked hackers in particular, sophisticated social engineering tactics that exploit the trust and carelessness of human nature to gain access to corporate networks have long been a favored attack vector. Teams should be trained on these risks and warning signs.”
In line with this view, Nick Carlsen, a blockchain analyst at TRM Labs and a former FBI analyst, emphasized the importance of preventing North Korea’s cryptocurrency theft rather than responding to it.
Carlsen considered the US Treasury Department’s sanctioning of two cryptocurrency mixers a “preventive step.” A cryptocurrency mixer is a software tool that collects and encrypts cryptocurrencies from thousands of addresses to obfuscate and hide the flow of transactions.
The US Treasury Department sanctioned two decentralized, non-custodial cryptocurrency mixers, Blender.io and Tornado Cash, for providing mixer services to the North Korean state-backed Lazarus Group in May and August, respectively. The Lazarus Group was specifically accused of using Tornado Cash and Blender.io to process over $455 million and $20.5 million respectively in illicit proceeds from the $625 million Ronin Bridge heist in March.
Following two designations, the US also seized over $30 million worth of cryptocurrency stolen by the Lazarus Group from the Ronin bridge, Chainalysis said in September, adding that it marks the first such case.
Carlsen emphasized that American and international regulators should focus on recovering stolen cryptocurrency.
“The big technique is to limit the opportunity to launder and pay out stolen funds. Theft of cryptocurrencies is inevitable because of their nature, but if North Korea can’t extract (the money), it doesn’t help them, said Dr. Nicholas Weaver, a senior researcher at the nonprofit International Computer Science Institute in Berkeley, California.
“That’s why the OFAC sanctions against Tornado Cash and other such systems are important, they don’t stop the theft, but if you stop the ability to make money, North Korea won’t bother with the thief anymore,” he added, referring to the Office of Foreign Assets Control in the US Treasury Department, which administers and enforces US economic and trade sanctions.
Moon of EST Security pointed out that regulators and blockchain companies should take it a step further from blockchain and cryptocurrency investigations in tracking down cryptocurrency transactions and cryptocurrency criminals.
Moon proposed the idea of the public and private sectors working together to track down North Korean agents and their fake identities used for cryptocurrency heists and build databases. The storage of personal information will enable investigators to uncover and track cryptocurrency wallets that North Korean hackers held with fake identities.
Bruce Klingner, senior research fellow at the Heritage Foundation, pointed out that “there have been very few UN or US sanctions imposed or legal action taken against North Korean cyber groups.”
“The United States should fully enforce existing laws and consider whether additional legislative and executive action is necessary, including enhanced regulation of cryptocurrency exchanges,” Klingner said. “Washington should determine a range of punitive steps, both cyber and kinetic, to respond to attacks deemed harmful to national security.”
Eric Penton-Voak, a coordinator at the UN Security Council’s expert panel that oversees the enforcement of sanctions against North Korea, also clarified in April that UN Security Council sanctions resolutions have not established any provisions prohibiting the theft of cryptocurrency.
Annie Fixler, deputy director of the Center for Cyber and Technology Innovation at the Foundation for Defense of Democracies, emphasized that “preventing North Korea’s malicious cyber activity also requires escalating financial penalties against the financial and digital networks that help North Korean hackers launder stolen cryptocurrencies and other means.”
“Preventing, mitigating and countering North Korean crypto-heists requires a combination of better cyber defenses by the companies themselves, as well as better cooperation between the cryptocurrency ecosystem and law enforcement and financial regulators. These two steps will help strengthen security and block the ability for hackers to launch these attacks, Fixler said.
Intergovernmental and cross-sector coordination is essential to map out strategies to stop North Korea’s cryptocurrency heist, according to experts. Coordination is also necessary to outwit hackers who seek to develop their techniques and tactics to outwit regulations and security in cryptocurrency markets.
Joe Dobson, senior principal analyst at Virginia-based Mandiant, emphasized that “tackling North Korea’s cybercrime will require a multi-pronged effort.”
“Communication and cooperation between government, cyber threat intelligence teams and cryptocurrency community/companies will go a long way at a strategic level.”
For example, South Korea and the United States have stepped up efforts to deter and stop North Korea from exploiting cryptocurrency.
“It may be a long time before we see international regulation of cryptocurrency, but in the meantime, governments like South Korea and the United States need to work together by sharing information and following a common strategy on how to disrupt, slow down and stop the Lazarus Group,” Lee said from the Wilson Center.
South Korea and the United States held the first and second working group meetings on North Korean cyber threats in August and November. The two countries discussed policy coordination and strategies to deal with North Korea’s malicious cyber activities, including cryptocurrency heists and money laundering. They also held a joint symposium on countering North Korean threats to cryptocurrency exchanges in Seoul in November, where government officials from 16 countries and around 200 personnel from cryptocurrency exchanges, blockchain companies and think tanks.
“Hackers will always be one step ahead in exploiting new blockchain technologies,” said Allison Owen, a research analyst at the London-based Royal United Services Institute. “To slow this process, it is up to the public and private sectors to work together to identify gaps and adapt risk mitigation strategies.”
Experts emphasized that governments and cybersecurity and cryptocurrency-related companies should implement long-term, multi-pronged strategies to address hidden and systemic risks inherent in cryptocurrency markets and blockchain platforms.
“In the long run, North Korea may seek to leverage emerging technologies such as artificial intelligence to increase cyber operations targeting cryptocurrency exchanges. While remote and uncertain, this will further complicate the detection and mitigation of state-sponsored crypto heists,” Harvard’s Kim said University’s Belfer Center.
“It is imperative for key players in both the public and private sectors, including banks, crypto exchanges and intergovernmental organizations, to discuss and develop a security framework for crypto that can parallel the rigor and stance adopted by traditional financial institutions.”
By Ji Da-gyum ([email protected])