North Korea on the hunt for bitcoins
Smart PlanetAs the worldwide mania continues, experts have warned the brutal North Korean regime is taking a keen interest in getting its hands on as much bitcoin as possible — through "ransomware" attacks such as WannaCry, mining its own, and even theft.
"It is a fact that North Korea has been attacking virtual currency exchanges," Korea Internet and Security Agency director Lee Dong-geun told CNN.
"We don't know how much North Korea has stolen so far, but we do know that the police have confirmed the regime's hacking attempts."
Despite 2017 being hailed as the "mainstream" moment for the cryptocurrency — no longer used only by drug dealers and criminals to transact anonymously on the dark web — its decentralised nature has made it attractive to the rogue nation.
In May this year, hundreds of thousands of computers in more than 150 countries were infected with the WannaCry ransomware virus, which encrypted sensitive data and demanded payment of US$300 ($432) in bitcoin for the files to be unlocked.
The US National Security Agency pinned the attack on North Korea's intelligence service, the Reconnaissance General Bureau, as an attempt to raise funds for the regime. Shortly after, analysts recorded the first bitcoin "mining" activity coming from the country.
Mining is the highly energy-intensive process by which computers on the network verify and maintain the blockchain — the public digital ledger which records every bitcoin transaction — and in return are rewarded with new bitcoins every 10 minutes.
"Before that day, there had been virtually no activity to bitcoin-related sites or nodes, or utilising bitcoin-specific ports or protocols," security experts Insikt Group wrote in July.
"Beginning on May 17, that activity increased exponentially, from nothing to hundreds per day. The timing of this mining is important because it began very soon after the May WannaCry ransomware attacks.
"By this point, actors within the government would have realised that moving the bitcoin from the three WannaCry ransom accounts would be easy to track and ill-advised if they wished to retain deniability for the attack."
The same month saw the start of North Korean hacking activity targeting cryptocurrency exchanges, which allow users to easily buy, sell and store bitcoin and other currencies. Between May and July, four South Korean exchanges were targeted, with a successful attack in April resulting in four "wallets" on the Yapizon exchange compromised.
"The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware," security firm FireEye wrote in September.
"While bitcoin and cryptocurrency exchanges may seem like odd targets for nation state actors interested in funding state coffers, some of the other illicit endeavors North Korea pursues further demonstrate interest in conducting financial crime on the regime's behalf.
"North Korea's Office 39 is involved in activities such as gold smuggling, counterfeiting foreign currency, and even operating restaurants. It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. Cyber criminals may no longer be the only nefarious actors in this space."