An increasingly “techno-savvy” ruling elite in North Korea is using a “full range” of computerized devices and tactics, including the issuing of fraudulent ICOs (initial coin offerings), to evade global sanctions and, “…generate revenue for the Kim regime,” Insikt Group reports.
Insikt’s cybersecurity researchers have noted significant changes in the online behaviour of the few North Koreans allowed to access the Internet- mostly members of the ruling families and the ruling elite.
These changes, including sudden and possibly coordinated migration of North Koreans from Western to Chinese social media and sudden comprehensive increases in operational security, “reveal just how adaptable and innovative North Korea’s most senior leadership are.”
The researchers found a, “…marked increase (of 1200%) in the use of operational security techniques, such as Virtual Private Networks (VPN), Virtual Private Servers (VPS), Transport Layer Security (TLS), and The Onion Router (Tor).”
This much-improved security among North Koreans accessing the Internet is having the desired effect and is making it harder for Insikt researchers to do their jobs:
“North Korean senior leaders exhibit significantly greater operational security today than in early 2017…negatively impact(ing) our visibility into the daily internet activities of North Korea’s ruling elite. “
The security firm believes only a policy edict issued from above could have induced such uniform moves.
The sudden migration of North Korean users from Western social networks to Chinese ones commenced in late 2017 and finished in early 2018.
But the one Western social network North Koreans didn’t abandon is apparently LinkedIn, says Insikt Group.
Many cryptocurrency and ICO projects and products are promoted on LinkedIn.
Insikt group says it has linked, with varying degrees of certainty, North Korean operatives to two ICOs issued in Singapore -the Interstellar/Stellar/HOLD coin and Marine Chain.
“HOLD coin was listed and delisted on a series of exchanges,” before it was rebranded as HUZU.
Insikt Group says it, “…assessed with low confidence that North Korean users were involved (in the HOLD/HUZU project),” when the company, “…began to notice a number of connections and a large amount of data transfer with several nodes that were associated with the alt coin…Interstellar, Stellar, or HOLD coin.”
Insikt Group says the HUZU site no longer resolves and says purveyors have now, “left investors high and dry.”
“Marine Chain was supposedly an asset-backed cryptocurrency that enabled the tokenization of maritime vessels for multiple users and owners.”
“The companies Capt. Foong has worked for have been linked to manipulating the national flag registries for three countries, which were frequently used as flags of convenience for North Korean vessels.”
Insikt believes these ICO scams are in line with other types of, “low-level financial crime described by defectors that has plagued South Korea for years, and that the international community is just beginning to track.”
Insert says North Korea has cyber-operatives stationed now in China, India, Nepal, Bangladesh, Mozambique, Kenya, Thailand, and Indonesia, working to help, “….the Kim regime…cultivate the internet as a potent tool for revenue generation and sanctions circumvention by utilizing (and exploiting) cryptocurrencies, various interbank transfer systems, the pluralized nature of the ‘gig economy,’ online gaming, and more.”
The new cyber-savvy North Korea is also “pairing” its new tactics, “…with a decades-old smuggling network and system of corrupted diplomats, embassies, and consulates.”
Ultimately, says Insikt:
“The Kim regime has developed a model for using and exploiting the internet that is unique — it is a nation run like a criminal syndicate.”