From IT Emergence to AI Threats in the Sanctions Era
By Ian Yihwan Cho
‘Outstanding North Korean Information Technology’ — at first glance, such a term might sound like an oxymoron, juxtaposing the image of one of the world’s most impoverished and secluded countries against the backdrop of cutting-edge technology today. This seemingly contradictory phrase, however, reflects a surprising reality; U.S. officials consider North Korea’s cyber capabilities a rising threat to national security, and in 2022, the regime was alleged to be responsible for the US$1.7 billion of cryptocurrency theft.
North Korea’s hacking talents, as well as its foundational information technology, did not emerge from a vacuum. Since the early days of the internet, Pyongyang has consistently endorsed its information technology. Such long-standing historical development reflects the regime’s consistent commitment to leveraging technology for national objectives.
The Faces of Janus: Development of North Korean Information Technology
Although the birth of North Korea’s information technology dates back to the mid-twentieth century, it was in the 1990s when the regime started to establish its cyber strategy. While this era was broadly characterised by the expectation of an information revolution, it was actually the Gulf War and the Kosovo War that heavily influenced the mindset of North Korean decision-makers. Witnessing U.S. and NATO forces overwhelming its enemies with cutting-edge C4I systems — advanced military frameworks combining cyber-enhanced command, communications, and intelligence — Kim Jong Il quickly realised the importance of information warfare. For a country facing the U.S. as its potential adversary, determining how best to leverage information technology was a critical strategic challenge to address.
North Korea’s full-fledged willingness to transition into an IT state was shown in Kim Jong Il’s Speech in March 2001. During the speech, Kim called for ‘the necessity of rapid development of information technology’ and showed his willingness to cultivate IT talents . His promise was soon realised. Computer education was heavily endorsed in primary and secondary schools, allowing young geniuses to be transferred to higher education for the cultivation of IT talents. Further, computer science departments were established in every major university.
The successive inauguration of progressive governments in South Korea in the 2000s, pursuing coexistence with North Korea through material aid, allowed room for Pyongyang to increasingly get support for its technological development. For instance, Samsung was encouraged by the South Korean government to invest US$73 million into the Korea Computer Centre (KCC), North Korea’s national computer science research centre,.
Empowered by state-level endorsement and inter-Korean détente, KCC developed Eunbyul, a Go AI that became the world’s best by dominating international competitions until 2010. The achievement of Eunbyul in the international Go arena was so stupendous that Go game enthusiasts in East Asian markets were extremely eager to buy the software. The success of Eunbyul implies that North Korea was prepared to apply its technological advancements for peaceful purposes, as long as they aligned with the regime’s interests.
Along with the end of peaceful inter-Korean relations caused by North Korea’s alleged torpedo assault against a South Korean naval corvette in 2010, the country’s relatively peaceful use of IT came to a halt. Facing financial challenges caused by the cessation of South Korea’s support and increasingly elevated United Nations’ economic sanctions, the regime chose to leverage its IT capabilities for asymmetric warfare.
Since 2009, North Korea’s cyber capability has caught the eyes of cyber security analysts around the world. The official websites of the South Korean government began facing cyber-attacks believed to be orchestrated by North Korean-linked cyber units, including basic website defacements and advanced intrusions for data theft and operational disruption. The regime’s asymmetric cyber-strategy was not confined to its southern counterpart. In fact, it was omnidirectional, as evidenced by the 2014 Sony Pictures Entertainment hack against international corporations, the 2016 Bangladesh Bank heist demonstrating infiltration of global financial systems, and more recent involvement in cryptocurrency thefts to secure foreign currency for nuclear weapon development. .
Such a shift in IT transition for malignant use was a relatively easy task. Despite its secluded and economically dire status, the regime already had a vast pool of cyber talent, enabled by a decade of intensive education and years of investment from the South Korean capital. What Chairman Kim Jong Un simply did was change the way the technology was being used. The epitome of such an ironic shift can be seen in the fate of the executive developer of Eunbyul, once a symbol of North Korea’s potential harmony with the global community. The collapse of inter-Korean détente, along with the absolute necessity for extensive data sets and significant funding — resources evidently lacking in North Korea — compelled the developer to abandon the AI project. Later, in 2018, he was placed on the U.S. Treasury sanction list for illicit cyber activities in the China-North Korea borderland.
Intention, Means, and Prospects of North Korea’s Cyber Strategy
Looking back at the short history of North Korea’s cyber strategy, it becomes evident that the regime has been consistently flexible in its engagement with digital technology . During the relatively peaceful times in the late 90s and 2000s, the regime committed its efforts to software development and education. When it started to face formidable challenges in 2009, it unhesitatingly adopted its outstanding cyber capabilities for pernicious use. Such flexible shifts in Pyongyang’s cyber strategy are ascribed to the fact that IT in North Korea serves the national priorities set by the Kim family, which have always placed a high emphasis on maintaining the regime’s security over any other objective. For the Kims, the ends justify the means.
During turbulent times for the regime like today, North Korea increasingly depends on its cyber capabilities as a means to wage guerilla tactics. North Korean hacker groups’ successes in cryptocurrency thefts, exemplified by several high-profile incidents , indicate that the regime is likely to strategically utilise cutting-edge cyber technologies in its broader national strategy.
Facing stringent UN economic sanctions, cryptocurrency theft has become a key source of Pyongyang’s funding for its nuclear and ICBM programmes. The successful advancement of nuclear programmes, demonstrated by the recent test-fire of its ICBM, capable of reaching the North American continent, was fundamentally enabled by the country’s innovative cyber tactics to bypass global financial barriers. This organic escalation of North Korea’s asymmetric capabilities poses a looming threat to the stability of the Indo-Pacific region, emphasising the importance of monitoring and countering such covert financial strategies.
Artificial Intelligence is the most recent example of the regime’s cyber advancement strategy. Experts warn that North Korean hacker groups are becoming increasingly interested in using Large Language Models (LLMs, similar to AI systems like ChatGPT) to facilitate their cyber operations. The state is also seeking to develop its own AI capabilities, emulating the AI models developed by the Defense Advanced Research Projects Agency (DARPA), an R&D organisation of the U.S. Department of Defense.
The world is currently experiencing an exponential AI evolution, which is anticipated to significantly impact the essence of global security dynamics. In a world where AI is indispensable for national strategy, North Korea’s interest in AI, as was the case in its nuclear development, could lead to significant state investment in developing these capabilities. Concurrently, the IT industry’s efforts to reduce machine learning computational costs could lower barriers, making advanced technology more accessible. Empowered by these two dynamics, Pyongyang’s advancement in AI may significantly bolster its capabilities. This prospect, coupled with its history of malevolent cyber activities, raises concerns about the potential global consequences.
Responding to the rising North Korean cyber threat, South Korea, the United States, and Japan have stepped up collaborative efforts, as evidenced by the recent joint working-level discussions on North Korean cyber activities. Nevertheless, effectively countering North Korea’s guerilla-style cyber tactics is a complex and challenging task. In the cyber environment where the distinction between aggressor and victim is increasingly difficult, these nations are tasked with developing a nuanced and effective strategy to deal with the elusive nature of North Korea’s cyber warfare. As North Korea continues to enhance its cyber capabilities, formulating a robust response that can keep pace with its evolving tactics remains a crucial yet challenging objective.
About the author: Ian Yihwan Cho, currently studying for an MSc in Theory and History of International Relations at LSE, formerly served as an Intelligence Officer in the South Korean Army. He is now a correspondent for the London Globalist, focusing on the Indo-Pacific region.
Edited by: Ayush Das
Comments