Even so, Kim Jong-un’s minions still got away with $81 million in that heist.
Then only sheer luck enabled a 22-year-old British hacker to defuse the biggest North Korean cyberattack to date, a ransomware attack last May that failed to generate much cash but brought down hundreds of thousands of computers across dozens of countries — and briefly crippled Britain’s National Health Service.
Their track record is mixed, but North Korea’s army of more than 6,000 hackers is undeniably persistent, and undeniably improving, according to American and British security officials who have traced these attacks and others back to the North.
Amid all the attention on Pyongyang’s progress in developing a nuclear weapon capable of striking the continental United States, the North Koreans have also quietly developed a cyberprogram that is stealing hundreds of millions of dollars and proving capable of unleashing global havoc.
Unlike its weapons tests, which have led to international sanctions, the North’s cyberstrikes have faced almost no pushback or punishment, even as the regime is already using its hacking capabilities for actual attacks against its adversaries in the West.
And just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyberpotential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose.
The country’s primitive infrastructure is far less vulnerable to cyberretaliation, and North Korean hackers operate outside the country, anyway. Sanctions offer no useful response, since a raft of sanctions are already imposed. And Mr. Kim’s advisers are betting that no one will respond to a cyberattack with a military attack, for fear of a catastrophic escalation between North and South Korea.
“Cyber is a tailor-made instrument of power for them,” said Chris Inglis, a former deputy director of the National Security Agency, who now teaches about security at the United States Naval Academy. “There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use. It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.”
Mr. Inglis, speaking at the Cambridge Cyber Summit this month, added: “You could argue that they have one of the most successful cyberprograms on the planet, not because it’s technically sophisticated, but because it has achieved all of their aims at very low cost.”
It is hardly a one-way conflict: By some measures the United States and North Korea have been engaged in an active cyberconflict for years.
Both the United States and South Korea have also placed digital “implants” in the Reconnaissance General Bureau, the North Korean equivalent of the Central Intelligence Agency, according to documents that Edward J. Snowden released several years ago. American-created cyber- and electronic warfare weapons were deployed to disable North Korean missiles, an attack that was, at best, only partially successful.
Indeed, both sides see cyber as the way to gain tactical advantage in their nuclear and missile standoff.
A South Korean lawmaker last week revealed that the North had successfully broken into the South’s military networks to steal war plans, including for the “decapitation” of the North Korean leadership in the opening hours of a new Korean war.
There is evidence Pyongyang has planted so-called digital sleeper cells in the South’s critical infrastructure, and its Defense Ministry, that could be activated to paralyze power supplies and military command and control networks.