It is difficult to write about a suspicion, even if that suspicion is based upon years of experience, for undocumented suspicions are not much better than rumors. Nonetheless, this essay could have been written many years ago, when this writer first learned that North Korea had been admitted, in November 2001, to the Society for Worldwide Interbank Financial Telecommunications (SWIFT).
Some of the thinking at the time was that having North Korea in SWIFT would force a certain level of transparency – or at least traceability – regarding Pyongyang’s financial transactions. Less trusting souls wondered what evil was about to be facilitated by having North Korea as a member of an organization that is so critical to the commercial world.
FOLLOWING THE MONEY
At least one less-trusting soul became even more concerned when it was announced in July 2014 that the North had requested to join the Asia Pacific Group on Money Laundering (), which represents the Asia-Pacific area in the Financial Action Task Force (FATF), whose purpose is to combat financial support for terrorism and nuclear weapons programs. Even though North Korea was granted only observer status, it was a case of the fox being allowed into the henhouse to study how it works.
It has been known since at least 2005 that Pyongyang has been responsible for supernotes
But that is not the beginning of North Korea’s interest in easy money. It has been known since at least 2005 that Pyongyang has been responsible for supernotes, those exquisitely designed counterfeit U.S.$100 bills that are printed on specialty paper using illegally imported Swiss intaglio presses. Those bills rival the genuine money in both clarity and precision – and have been coming out of North Korea since roughly 1980.
After being discovered as the purveyor of bogus $100 bills, Pyongyang evidently decided to skip all the trouble of engraving and printing them. Instead, the North advanced its game into the 21st century by turning its hacking efforts to the financial world. It was likely seen as being easier, quicker and – until just recently – a whole lot less obvious to just hijack other people’s money. The fox was stalking his next meal.
A PRACTICE RUN?
But the North was perhaps not quite ready yet and probably felt the need for a proving ground, deceptively far removed from its real target. And, as always, the U.S. provided a convenient opportunity when Sony Pictures Entertainment announced that it was releasing The Interview, a banal parody of Kim Jong Un and North Korea. A group calling itself “Guardians of Peace” struck in November 2014 with embarrassing results for Sony, which promptly caved to pressure to not release the movie, though it later rediscovered its spine. Shortly thereafter, U.S. officials concluded that North Korea was behind the attack.
By choosing to commit a relatively “harmless” act against a movie company, an entity not crucial to international commerce, perhaps Pyongyang felt that, if even if the hackers were caught, a plausible excuse – at least in their eyes – was readily available: Sony had insulted North Korea and its great leader, so retribution had to be exacted. That would have been the end of that.
FOOL ME ONCE …
Now there is credible evidence that North Korea has been behind a number of global financial system hacks over the last several months in various parts of the world. This time, however, the hackers are calling themselves not “Guardians of Peace” but “Lazarus.” Banks have been hit in countries such as Bangladesh, Ecuador, the Philippines and Vietnam, with as much as $100 million heisted from one bank alone.
Further, there have been cyber-attacks against various entities of the South Korean government, along with a few attempts targeting U.S. facilities. Symantec, undoubtedly one of the world’s best cybersecurity companies, has traced those hacks back to North Korea, saying that pieces of code and other digital fingerprints identified in the recent events are the same as those found in attacks directed against the South Korean government in 2013 and Sony Pictures Entertainment in 2014.
Moreover, in looking over the recent history of SWIFT itself, which operates under European Union rules and is headquartered in Brussels, that organization has not always been so swift in responding to requests for assistance in fighting international terrorism and nuclear proliferation. In fact, it has to be shamed into taking action against Al Qaeda’s financial transactions in 2006.
IGNORING MALICE AFORETHOUGHT
Did APG fail to consider why North Korea would even ask to join that group in the first place?
Did the decision makers who allowed North Korea into APG think only one-dimensionally? That is, was the decision based solely upon the idea that having the North close at hand would mean better oversight of that country’s financial activity? Did APG fail to consider why North Korea would even ask to join that group in the first place? Did APG not realize that there would inevitably be unintended consequences of allowing Pyongyang to learn the procedures behind fighting cybercrime? If so, the thinking was remarkably short-sighted and astonishingly dim-witted.
As it turned out, the hackers from the North gained invaluable knowledge on the inner-workings of how FATF combats illegal or proscribed international financial transactions, in addition to learning the internal mechanisms of the SWIFT system. Without improving security measures and adding further safeguards for SWIFT, banking institutions and financial clearing houses around the globe are at risk of fraudulent or usurped transactions. Even so, any new measures would be for naught if North Korea continues to have access to what those those measures are and how they are applied.
In response to the threat posed by Pyongyang’s cyber criminals, the Financial Crimes Enforcement Network of the U.S. Treasury Department gave notice earlier this month of impending sanctions that would prohibit U.S. financial institutions from dealing with North Korean organizations or processing transactions on their behalf. Really?! That should have been done decades ago. As for APG and SWIFT, someone in a position of authority who is also capable of thought needs to swiftly eject North Korea from both groups. The fox must be forced out of the henhouse.
Join the influential community of members who rely on NK News original news and in-depth reporting.
Subscribe to read the remaining 1023 words of this article.
Featured Image: ben, wasting money by tvol on 2007-12-27 23:23:57