fb-pixel Skip to main content

The world once laughed at North Korean cyber power. No more

Staffers at the Korea Internet and Security Agency in Seoul monitored cyberattacks that some blamed on North Korea.AFP/Getty Images/File

NEW YORK — Amid all the attention on Pyongyang’s progress in developing a nuclear weapon capable of striking the continental United States, North Korea has quietly developed a cyberprogram that is stealing hundreds of millions of dollars and proving capable of unleashing global havoc.

Unlike its weapons tests, which have led to international sanctions, the North’s cyberstrikes have faced almost no pushback or punishment, even as the regime is already using its hacking capabilities for attacks against its adversaries in the West.

While its track record is mixed, North Korea’s army of more than 6,000 hackers is undeniably persistent, and improving, according to American and British security officials who have traced cyberattacks to the North.


When North Korean hackers tried to steal $1 billion from the New York Federal Reserve last year, only a spelling error stopped them.

The hackers were digitally looting an account of the Bangladesh Central Bank, when bankers grew suspicious about a withdrawal request that had misspelled “foundation” as “fandation.” Even so, Kim Jong Un’s minions still got away with $81 million in that heist.

Then only sheer luck enabled a 22-year-old British hacker to defuse the biggest North Korean cyberattack to date, a ransomware attack last May that failed to generate much cash but brought down hundreds of thousands of computers across dozens of countries — and briefly crippled Britain’s National Health Service.

Just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyberpotential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose.

The country’s primitive infrastructure is far less vulnerable to cyberretaliation, and North Korean hackers operate outside the country, anyway.

Sanctions offer no useful response, since a raft of sanctions are already imposed. And Kim’s advisers are betting that no one will respond to a cyberattack with a military attack, for fear of a catastrophic escalation between North and South Korea.


“Cyber is a tailor-made instrument of power for them,” said Chris Inglis, a former deputy director of the National Security Agency, who now directs cyberstudies at the US Naval Academy.

“There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use,’’ Inglis said. “It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.”

Inglis, speaking at the Cambridge Cyber Summit this month, added: “You could argue that they have one of the most successful cyberprograms on the planet, not because it’s technically sophisticated, but because it has achieved all of their aims at very low cost.”

It is hardly a one-way conflict: By some measures the United States and North Korea have been engaged in an active cyberconflict for years.

Both the United States and South Korea have also placed digital “implants” in the Reconnaissance General Bureau, the North Korean equivalent of the Central Intelligence Agency, according to documents that Edward J. Snowden released several years ago.

American-created cyber- and electronic warfare weapons were deployed to disable North Korean missiles, an attack that was, at best, only partly successful.

Indeed, both sides see cyber as the way to gain tactical advantage in their nuclear and missile standoff.

A South Korean lawmaker last week revealed that the North had successfully broken into the South’s military networks to steal war plans, including for the “decapitation” of the North Korean leadership in the opening hours of a new Korean war.


There is evidence Pyongyang has planted so-called digital sleeper cells in the South’s critical infrastructure, and its Defense Ministry, that could be activated to paralyze power supplies and military command and control networks.

But the North is not motivated solely by politics: Its most famous cyberattack came in 2014, against Sony Pictures Entertainment, in a largely successful effort to block the release of a movie that satirized Kim.

What has not been disclosed, until now, is that North Korea had also hacked into a British television network a few weeks earlier to stop it from broadcasting a drama about a nuclear scientist kidnapped in Pyongyang.

Once North Korea counterfeited crude $100 bills to try to generate hard cash. Now intelligence officials estimate that North Korea reaps hundreds of millions a dollars a year from ransomware, digital bank heists, online video game cracking, and hacks of South Korean Bitcoin exchanges.

One former British intelligence chief estimates the take from its cyberheists may bring the North as much as $1 billion a year, or a third of the value of the nation’s exports.

The North Korean cyberthreat “crept up on us,” said Robert Hannigan, the former director of Britain’s Government Communications Headquarters, which handles electronic surveillance and cybersecurity. “Because they are such a mix of the weird and absurd and medieval and highly sophisticated, people didn’t take it seriously,” he said. “How can such an isolated, backward country have this capability? Well, how can such an isolated backward country have this nuclear ability?”


Kim Jong Il, the father of the current dictator and the initiator of North Korea’s cyberoperations, was a movie lover who became an Internet enthusiast, a luxury reserved for the country’s elite. When Kim died in 2011, the country was estimated to have 1,024 Internet addresses, fewer than on most New York City blocks.

Kim, like the Chinese, initially saw the Internet as a threat to his regime’s ironclad control over information. But his attitude began to change in the early 1990s, after a group of North Korean computer scientists returned from travel abroad proposing to use the Web to spy on and attack enemies such as the United States and South Korea, according to defectors.

North Korea began identifying promising students at an early age for special training, sending many to China’s top computer science programs.

In the late 1990s, the Federal Bureau of Investigation’s counterintelligence division noticed that North Koreans assigned to work at the United Nations were also enrolling in university computer programming courses in New York.

“The FBI called me and said, ‘What should we do?’ ” recalled James A. Lewis, at the time in charge of cybersecurity at the Commerce Department. “I told them, ‘Don’t do anything. Follow them and see what they are up to.’ ”

The North’s cyberwarfare unit gained priority after the 2003 invasion of Iraq by the United States.


After watching the American “shock and awe” campaign on CNN, Kim Jong Il issued a warning to his military: “If warfare was about bullets and oil until now,” he told top commanders, according to a prominent defector, Kim Heung Kwang, “warfare in the 21st century is about information.”

“There was an enormous growth in capability from 2009 or so, when they were a joke,” said Ben Buchanan, the author of “The Cybersecurity Dilemma” and a fellow at the Cyber Security Project at Harvard.

“They would execute a very basic attack against a minor Web page put up by the White House or an American intelligence agency, and then their sympathizers would claim they’d hacked the US government,’’ Buchanan said. “But since then, their hackers have gotten a lot better.”