When President Trump met with North Korean leader Kim Jong-un in Singapore earlier this month, the topic of denuclearization was the number-one issue on the table. And nuclear weapons are indeed an existential threat worth talking about. But many of us in the tech world were surprised that another threat from North Korea was not even on the agenda at the Singapore summit–hacking at the hands of North Korea.
North Korean cyber warfare has had a direct and immediate impact on the United States, South Korea, and other foreign countries. Indeed, not long before Trump and Kim met, North Korea was hacking into a South Korean think tank to obtain intel on South Korean National Security.
Prevention of nuclear war needed to be a top priority in the five-hour meeting, but to ignore the hacking threat that North Korea poses is irresponsible. The harm that could be caused by cyber warfare may seem less immediate than that from nuclear war, but it’s a major threat that could easily escalate to more direct forms of warfare.
“The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber-war capacity,” a North Korean defector told the BBC in 2015. “Their cyber attacks could have similar impacts as military attacks, killing people and destroying cities.”
North Korean hackers attacked private ATM accounts in South Korea to steal money from private citizens, and, more recently, they have been taking aim at banks around the world, including the U.S. Federal Reserve.
The Daily Beast reported that North Korea may also be planning to attack the U.S. power grid, something that could paralyze our financial systems, and demobilize major cities around the country.
— PBS NewsHour (@NewsHour) June 12, 2018
Moreover, North Korea’s cyber war activities appear to be part of a coordinated campaign. The WannaCry attack, you’ll remember, infected and encrypted data on computers around the world for a few days. The hackers demanded people affected by the malware pay a ransom in bitcoin to unlock their data.
While China and Russia mostly use hacking to steal military information, technology, intellectual property, and trade secrets, North Korea’s hacking is mainly focused on earning money for the country itself.
Earlier this year, Bloomberg Businessweek published an interview with a defector who was part of North Korea’s hacker army. The defector said, “Hackers were required to earn up to $100,000 a year, through whatever means they could, and were allowed to keep less than 10% of that.” The article shares many details about the North Korean hacking army and how it works toward its ultimate goals. It illustrates how organized and detailed North Korea’s cyber warfare activities are, and the kind of damage it has done and can do.
Our government officials, especially in our security agencies, are no doubt aware of this North Korean threat and its potential impact on our national security, businesses, and even individuals. But I’ve not seen any statements from government officials about North Korean hacking in the context of the Singapore summit.
President Trump does not have a grasp on the way technology works, and I do not believe he or his closest advisors understand the magnitude of this threat. His security agencies do, but they probably don’t have the influence to set the agenda at major diplomatic events like the one in Singapore. The fact that cybersecurity wasn’t part of the discussions at the Singapore Summit suggests, to me, that Trump and his closest advisors are not taking this threat seriously.
Now that the two countries are talking, I’m hopeful that cybersecurity becomes part of the discussion. And I strongly believe that any eventual peace document between the U.S. and North Korea should contain language about North Korea curtailing its hacking program.