For more than a half-decade, Eric Rosenbach read an intelligence report in the early morning while most of Washington, D.C., was still sleeping. Holding top positions in the Department of Defense, including “Pentagon cyber czar,” Rosenbach had the world’s threats at his fingertips. One stood out.
“The country that worried me the most was North Korea because they are so unpredictable,” Rosenbach said at a recent ReCode conference that took place before the historic June 12 meeting between President Donald Trump and North Korean leader Kim Jong Un.
Rosenbach is among a coalition of experts and former government officials who warn that, in the aftermath of the Singapore summit, North Korea’s cyber prowess could continue with a vengeance. “Tensions will start to escalate like they always have [and] the North Koreans will turn to cyber as they have in the past.”
North Korea could “hit us where we are most vulnerable, which is in the democracy and the systems that underpin our democracy,” Rosenbach warned, singling out voting systems for the 2018 midterm elections. State election officials “are not equipped to be defending against the pointy tip of the spear of a nation state intel service.”
The future of American relations with North Korea is anything but certain. Few would have predicted that after barbed exchanges of “dotard” and “little rocket man” from Kim and Trump, American and North Korean flags would rest side by side during a dramatic summit just months later. But if North Korea’s cyber history is any indication, digital tension between the two nations could mushroom.
Experts are quick to point out that North Korea’s cyber strategy is multidimensional. Fred Plan, a senior analyst at the intelligence firm FireEye, said there were three elements of North Korea’s cyber operations: espionage, destructive operations and revenue generation.
“In terms of cyber espionage, that is set to continue,” Plan said. Assessing whether North Korea will continue its destructive operations will depend on the relationship between Pyongyang and Washington, Plan added. And it is too difficult to tell how North Korea’s revenue-generating operations will proceed.
A history of chaos
In 2009, the hermit kingdom’s hackers operated on a small scale, Plan told Fifth Domain. North Korea’s state-backed digital operations were focused on their longtime rivals to the south. But as the hackers’ confidence grew, Pyongyang’s leaders realized it was an effective tool.
“Because North Korea does not rely much on cyberspace in both the public and private sector, cyberattacks become a unique asymmetric advantage,” said Jenny Jun, a researcher on North Korea’s cyber capabilities based at Columbia University.
North Korea’s attributed attack in 2014 on Sony was seen as the country’s digital coming-out party, a realization that its cyber skills posed a virtual threat. It marked the peak of their operations, Jun said.
But then, North Korea shifted cyber operations to criminal activities.
Plan attributed the change to the introduction of harsh sanctions on North Korea. In 2016, the United Nations Security Council placed sweeping sanctions on North Korea for its continued pursuit of nuclear weapons. North Korea’s economy is heavily dependent on trade with China, which was sharply curtailed.
“China was on board with the rest of the U.N. Security Council for the sanctions, and this put the North Korean regime in a bad spot,” Plan explained.
North Korea invested in ransomware and hacking activities that could generate money for the cash-strapped nation, starting an alleged string of high-profile heists.
The Lazerous group, which has been linked to North Korea, was allegedly behind a $81 million hack on a Bangladeshi bank in 2016. The group was also supposedly behind brazen attacks on the SWIFT bank-messaging system that may have resulted in millions of stolen dollars. The Obama administration also said that the 2017 WannaCry hack, which may amount to $4 billion in total damages, was a North Korean plot.
Even if sanctions are removed on North Korea, Plan said that the country’s habit of hacking for profit may continue. “The genie may be out of the bottle.”
And even if Trump pressed North Korea’s leaders on their cyber operations, his power may be limited.
“It’s not just a bilateral issue,” Jun warned. “If they are hacking Bangladeshi and Vietnamese banks, any solution will have to entail an international effort. Still, I’m not very optimistic that North Korea will be bound by such efforts.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.