The U.S. has for years imposed strict sanctions on North Korea to stop the regime from acquiring nuclear and missile technology. Yet few restrictions were put in place to stop Pyongyang from obtaining American smartphones, laptops and software, enabling the regime to wage cyberwarfare using U.S. technology.
Despite a thaw in tensions ahead of Donald Trump’s high-profile summit with Kim Jong Un next week, researchers from threat intelligence company Recorded Future found that North Korea’s ruling elite have been utilizing Apple’s iPhone and Microsoft’s Windows to ramp up a coordinated cyberattack campaign across the globe.
Lax export controls and a failure to agree international norms on what are defined as luxury goods has led to a situation where accessing the very latest technology — including Apple’s new iPhone X — is not difficult for North Korea’s leadership.
As Trump seeks to clamp down on Chinese firms such as Huawei and ZTE over national security fears, existing government controls have failed to prevent U.S. goods being exported to Pyongyang.
“U.S. technology has enabled North Korea’s destabilizing, disruptive, and destructive cyber operations as well as its internet-enabled circumvention of international sanctions,” a Recorded Future report published Wednesday warns.
Pyongyang’s army of cyber soldiers has grown in the shadows in recent years, while the world’s attention has been focused on the regime’s nuclear missile program. However North Korea’s Lazarus hacking group has been responsible for some of the most high-profile attacks, including the devastating WannaCry ransomware in 2017, the 2013 attack on South Korean television stations, the U.S. Sony Pictures hack in 2014, and the theft of $81 million from the Bangladesh Bank in 2016.
U.S. security company Dragos reported in March that a new hacking group, known as Covellite, was focused on critical U.S. infrastructure, such as power grids, nuclear power plants and oil refineries.
Recorded Future’s research was based on analyzing web traffic from those accessing the global internet from inside North Korea. While many North Koreans may have access to a smartphone, they can only access a government-controlled intranet. Only a tiny fraction of the population are given access to the open net.
Priscilla Moriuchi, a former East Asia threat expert at the NSA, and now the director of strategic threat development at Recorded Future, told VICE News that at any one time fewer than 200 people within Kim Jong Un’s inner circle have the ability to access the world wide web.
After analyzing the traffic for about a year and noting which hardware and software were being used, Moriuchi and her colleague Fred Wolens noticed that a lot of U.S. technology had ended up in the hands of North Korea's social elite.
Among the devices being used were the latest smartphones from Apple, the iPhone X and iPhone 8, as well as numerous versions of Microsoft’s Windows operating system, including the most recent Windows 10 update. A number of Samsung smartphones were also in use.
The analysis showed that Apple’s iPhone was the most popular smartphone, though some were still using the seven-year-old iPhone 4S. Kim has been photographed a number of times using Apple products, including a MacBook Pro.
While the majority of North Korea’s cyber attacks are conducted outside the country, they are still coordinated from Pyongyang. Moriuchi points out that North Korea hackers have made use of Windows and Adobe vulnerabilities to infiltrate systems across the globe — indicating that North Korea’s overseas cyber army is also utilizing U.S. technology.
So how has North Korea’s ruling elite got hold of this technology?
"Export control has been successful for many other things, like nuclear weapons development and other armaments, but when it comes to technology, it is just a completely different ecosystem," Moriuchi said.
There are a number of issues limiting the U.S. government’s ability to stop North Korea getting hold of cutting-edge technology.
There are two distinct ways that U.S. technology makes its way into North Korea. The first is directly from the U.S. Since 2000 there have been seven years when exporting technology directly to North Korea has not been illegal, so companies and exporters could send smartphones and laptops without breaking any laws or breaching U.S. sanctions.
While that has changed now, there are still well-established networks of technology resellers in countries such as China, which are willing to sell U.S.-made technology to North Korea. They can do this because the sanctions that are in place to prevent the sale of luxury items to the Hermit Kingdom are ill-defined.
The U.N. clarified its definition of “luxury goods” in Resolution 2321 as not including electronics, but each U.N. member state is allowed to interpret the term “luxury goods” as they wish. This has led to loopholes in the sanctions allowing North Korea to continue to acquire U.S. technology.
While companies are simply following the rules set down by the U.N. and individual governments, Moriuchi believes the White House needs to do more to stop its homegrown technology getting into the hands of rogue regimes.
"It is really up to the governments to set the tone, to say it is unacceptable for North Korea to hold the U.S. government and technology companies hostage to its ongoing cyber operations, to say they are not willing to let western technology be part of those cyber operations," he said.
Responsibility for U.S. export enforcement falls under the auspices of three executive branch agencies.
The Treasury and Department of Homeland Security failed to respond to a request for comment on the report while the Department of Commerce’s Bureau of Industry and Security declined to comment.
Cover image: The CNN application is seen in this photo illustration on May 25, 2018. (Jaap Arriens/NurPhoto via Getty Images)