Without hackers, no missiles? Since 2016, North Korean cyberattacks have brought in $ 2 billion to Pyongyang, which has used it to finance its ballistic and nuclear programs, says a confidential UN report obtained by various media, including Reuters and CNN, Monday, August 5th.

The paper, which was sent to the UN Security Council's North Korea Sanctions Committee, has counted the loot collected in 39 attacks since early 2016 by suspected cyber criminals in Pyongyang pay. They targeted financial institutions in 17 countries and stole bitcoins from cryptocurrency trading sites during operations "that have become more sophisticated over time, making them harder to identify" , write the UN experts.

Code name "Hidden Cobra"

For-profit IT attacks in North Korea have been known and documented for years. One of the most active cybercriminal groups, nicknamed Lazarus, is suspected of being at the forefront of the highly publicized 2016 robbery of Bangladesh's $ 80 million central bank. Between 2017 and 2018, at least $ 571 million was stolen by hacking five cryptocurrency trading platforms, said the Russian cyber-security firm IB-Group in a report released last October.

Lazarus is not the only group of hackers to work for the financial health of Pyongyang. North Korean cybercrime activities are coordinated by the General Reconnaissance Bureau, the main intelligence service of the Workers Party of Korea. The US authorities designate all these illegal operations in cyberspace under the code name "Hidden Cobra" and have identified about twenty computer weapons (viruses, Trojan horses, etc.) used by hackers. North Korean computers to fill the state coffers.

The amount collected through these attacks was, however, unknown so far. If the UN estimate of $ 2 billion is proven, it means that cybercrime has become "one of the most important, if not the most important, source of income for the North Korean state. In any case, according to the open sources we have, "says Antoine Bondaz, director of the Korea program at the Foundation for Strategic Research (FRS), interviewed by France 24.

This is mainly confirmation that "cybercrime has become more important than other sources of income from illegal activities, which are in decline," said Sebastian Harnisch, a specialist in North Korea at the University of Heidelberg, contacted by France 24.

Decline of "historical" illegal activities

Since the introduction of economic sanctions in 2006 to try to dry up the North Korean finances and slow down the nuclear program, Pyongyang has indeed been very creative to adapt to its banishment from the international community. The regime has continued to sell, despite sanctions, conventional weapons to countries "such as Congo, Uganda, Syria, Tanzania or Yemen," said Antoine Bondaz. Diplomats have also long played a key role in carrying counterfeit banknotes, contraband cigarettes, drugs and even drugs.

North Korea has also pocketed hundreds of millions of dollars on the backs of its nationals working abroad in "conditions close to slavery," says Sebastian Harnisch. This expert points out that there are still about 45 countries that tolerate the use of this workforce, despite an effort by the international community to put an end to it.

But the gradual strengthening of sanctions means that revenues from these "historic" illegal activities "now represent a marginal share of government revenues," said Antoine Bondaz. Cybercrime, which has the advantage of being less easy to control than sending a shipment of arms by ship or the presence of North Korean workers on construction sites in Poland, has taken over and manpower have continued to climb accordingly. From a few dozen agents in the 2000s, "we have now grown to several thousand people in North Korea and hundreds settled in other countries like China and Russia who make money online ", Summarizes Sebastian Harnisch.

The role of China

The fact that the money raised is used to finance the ballistic and nuclear programs is hardly in doubt. "This is the only budget sanctuary and this is where money goes in priority," says Antoine Bondaz.

Money from cyberattacks is also not the only source of funding. "There is also barter which, according to various estimates, represents about 30% of the budget of these programs," says Sebastian Harnisch. North Koreans exchange raw materials (plutonium, coal) and technologies they have against the components necessary for the construction of missiles or the development of new ones. In the 2000s, Pyongyang, for example, sold its technologies to Syria to produce uranium.

Nevertheless, shutting down the tap of cybercrime would be a blow for Pyongyang. As often, says Sebastian Harnisch, "one of the keys is in the hands of China". Indeed, all Internet traffic coming out of North Korea passes through Chinese access providers who have the power to reduce to zero, or almost, the nuisance capacity of groups like Lazarus.