LAS VEGAS — Security experts have come to expect certain behaviors from nation-state cyber actors — such as Russia, China and Iran — but North Korea stands apart, according to a speaker at Black Hat USA, a hacking conference held in Las Vegas Aug. 3-8.
Mikko Hypponen, chief research officer at F-Secure, a Finnish cybersecurity company that works with some of the world’s largest banks, said those four nations, aside from the United States, were the most capable cyber nation-states on Earth. But North Korea was not like the others.
In the cyber realm, the difference between smaller countries and larger nation-states is that the smaller states don’t have as much to lose, he said, and North Korea is smaller. “They don’t have nearly as much to lose as, say, China,” said Hypponen.
When breaking down cyberattack behaviors from nation-state actors, he said, they typically fall into two categories: spying and sabotage. In this realm, the North Koreans set themselves apart.
“North Korea has done spying and sabotage, but they’ve also done theft,” Hypponen said. “There is no other government on this planet that would resort to stealing from other governments to fix their budget deficit. But that’s exactly what North Korea has done.”
To do so, North Korean actors have relied on cyberattacks on financial institutions.
“They target the traditional financial sector [and] they target especially cryptocurrency exchanges because they want money which is ... untrackable, which cryptocurrencies are,” Hypponen said.
In fact, just three days ago, Reuters reported that a confidential United Nations report shows that the North Korean government has funded its nuclear program by stealing $2 billion from banks and cryptocurrency exchanges.
Stealing money from the private sector is not the only way North Korea is an outlier when it comes to nation-state cyber behaviors. Hypponen also pointed to the North Korean government’s response to Sony Pictures’ 2014 movie “The Interview,” in which Kim Jong-Un is assassinated. In response to the film, North Korean-backed hackers launched a cyberattack on Sony.
“We haven’t seen any other government that would launch attacks against foreign private companies in order to protest against movies,” Hypponen said.
Smaller nation-states don’t worry larger actors in cyberspace, Hypponen said, but North Korea is again different because of real-world implications.
“It’s important because they’re nuclear,”Hypponen said. “Any other country like this isn’t really a problem at the world scale unless they have access to weapons of mass destruction.”
“Nuclear weapons change the world,” he added.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.