{"id":41921,"date":"2018-09-10T11:50:50","date_gmt":"2018-09-10T01:50:50","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=41921"},"modified":"2018-09-10T11:50:50","modified_gmt":"2018-09-10T01:50:50","slug":"us-moves-to-expose-north-koreas-malicious-cyber-activity","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/","title":{"rendered":"US moves to expose North Korea\u2019s malicious cyber activity"},"content":{"rendered":"
<\/figure>\n

Late last week<\/a>, the US Department of Justice filed a criminal complaint<\/a> against a North Korean hacker\u2014who allegedly acted on behalf of the North Korean government\u2014in connection with a series of cyberattacks, including the cyber intrusion and attack against Sony Pictures in 2014<\/a>. Among other things, this individual, along with other unidentified hackers, is alleged to be part of the Lazarus Group<\/a>, which has been implicated in a wide range of malicious cyber activities\u2014including the destructive WannaCry 2.0 worm that affected computers around the world in 2017 and the attempt to steal hundreds of millions from the Bangladesh Bank in 2016.<\/p>\n

This is the first time that the US has criminally charged a North Korean government hacker and, like the indictment of five PLA officers<\/a> for intellectual property theft a few years ago, it\u2019s extremely unlikely that the charged individual (who apparently is in North Korea) will ever see the inside of a US courtroom. The charges are also unlikely to have any real effect on the malign cyber behaviour of North Korea. Unless other measures are brought to bear, North Korea isn\u2019t really susceptible to being \u2018shamed\u2019, even when called out in such detail.<\/p>\n

Nevertheless, the criminal complaint and supporting affidavit serve an important purpose. They demonstrate that, although it may take time, the US will expose malicious nation-state activity, including the individuals responsible and their tradecraft, for the world to see. Though more is required to achieve effective deterrence<\/a>, this development sends an important foundational message, particularly when many doubt that effective attribution is possible.<\/p>\n

I was part of the US government when we were dealing with the Sony attack in 2014. In one of the first instances of US government attribution of cyber conduct to a nation-state, President Barack Obama called a news conference and announced that North Korea was responsible<\/a>. Shortly thereafter, he imposed sanctions on North Korea because of that and other activity. It was a watershed moment\u2014 to make public attribution at the highest level of our government sent a strong message that malicious state cyber activity would not be tolerated.<\/p>\n

The move was coupled with extensive diplomatic outreach to allies and partners around the world to share our views and build support. Indeed that, and our outreach to partners in response to the Iranian distributed denial-of-service attacks against many of our financial institutions, served as the basis for our work to build a collective response by countries against shared cyber threats that continues today.<\/p>\n

Still, the experience was also somewhat frustrating. Although nearly every commentator and researcher had said that North Korea was behind the Sony attack before Obama\u2019s landmark press conference, many voiced doubts<\/a> once the president and the US government went on the record. They challenged the evidence we put forth publicly as incomplete and instead offered a variety of alternative, often conspiratorial, theories.<\/p>\n

The US government released far more corroborating information than it normally would, particularly when, as was the case then, no public criminal charges were brought. But it\u2019s unreasonable to expect the US, or any government, to release all the information it has that led to attribution, especially when that information is particularly sensitive or could compromise sources and methods that are important in tracking and preventing future activity. This practice is no different from how attribution is handled for physical-world incidents. At the end of the day, in cyberspace or the physical world, attribution is a political (small p) decision based on all the information available. Countries nevertheless want to be highly confident that they\u2019re right, because being wrong undermines future credibility and action.<\/p>\n

Russian government representatives also tried to cast doubt on the attribution of North Korea, making the self-serving claim (especially in light of all the malicious cyber and physical activity they\u2019re responsible for) that if one country is going to accuse another, the attribution must be essentially 100% ironclad based on publicly released evidence.<\/p>\n

The Russian position fits in with Moscow\u2019s practice of denying its involvement in everything from election interference to NotPetya in the cyber world, and from the UK poisonings to the Ukraine incursions in the physical one. Even when I was a federal prosecutor, the standard of proof when an individual\u2019s liberty was at stake was never absolute but was instead beyond a reasonable doubt. Demanding absolute proof is a convenient way to deny malicious actions even when it\u2019s clear who the perpetrator is. It\u2019s also used as a subterfuge for getting insights into the information held by other countries to evade detection in the future.<\/p>\n

The complaint and 179-page supporting affidavit<\/a> in this case should help lay to rest a lot of the groundless claims that there wasn\u2019t a strong factual basis for accusing North Korea. The affidavit is remarkable in its thoroughness and detail. I agree with those who have said that it reads like a thorough threat intelligence report with a criminal charging overlay. My former Justice and law enforcement colleagues deserve a lot of credit for all the work that went into the investigation. In any event, it tells a compelling story of the scope and scale of North Korean cyber activity. The fact that it fingers individuals (one by name) and organisations, and that it lays bare at least some of North Korea\u2019s tradecraft in detail, alone make the document important.<\/p>\n

The targeted sanctions imposed concurrently on the defendant and on a Chinese firm that employed him are also helpful. Though China and the US differ on many things, and we rightly remain concerned about Chinese malicious cyber activity, I think there\u2019s some opportunity for common ground with China, assuming that it wouldn\u2019t want rogue actors from other countries operating from its soil and, potentially, causing instability or exposing it to blame.<\/p>\n

The criminal complaint and sanctions, though good, are still unlikely to deter North Korean actions in the future. For that to happen, they need to be part of a comprehensive plan that, among other things, includes putting pressure on the North Korean regime. Like with Russia, or any state adversary, that will require consistent, high-level messaging from the top. Sadly, that is lacking.<\/p>\n

I\u2019ve written before<\/a> that, regardless the activities the US takes to hold Russia accountable for its malicious cyber activity, those efforts are undermined when the president himself not only refuses to publicly endorse them but undercuts those actions by casting doubt on Russia\u2019s involvement. With North Korea, I fully understood why cyber issues wouldn\u2019t be prominently raised during the first US\u2013North Korea summit given the importance of denuclearisation, but thought it needed to be embedded in future dialogue with North Korea. Of course, the talks with North Korea seem largely on the rocks, but whatever their fate, it doesn\u2019t seem likely that cyber matters will be raised despite last week\u2019s charges. Worse yet, on the very morning that the criminal charges were announced, President Donald Trump tweeted<\/a> about how well he and Kim Jong-un get along \u2014 hardly the messaging, on at least this topic, that\u2019s likely to provoke North Korea to stop its activity.<\/p>\n

Until we can do a better and more comprehensive job of pushing back on North Korea\u2019s and other nation-states\u2019 cyber activities, the use of criminal charges and other tools can only help lay an important foundation. But they will not, without more<\/a>, deter our adversaries.<\/p>\n","protected":false},"excerpt":{"rendered":"

Late last week, the US Department of Justice filed a criminal complaint against a North Korean hacker\u2014who allegedly acted on behalf of the North Korean government\u2014in connection with a series of cyberattacks, including the cyber …<\/p>\n","protected":false},"author":783,"featured_media":41923,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,169,728,86],"class_list":["post-41921","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cyber-crime","tag-hacking","tag-north-korea"],"acf":[],"yoast_head":"\nUS moves to expose North Korea\u2019s malicious cyber activity | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"US moves to expose North Korea\u2019s malicious cyber activity | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Late last week, the US Department of Justice filed a criminal complaint against a North Korean hacker\u2014who allegedly acted on behalf of the North Korean government\u2014in connection with a series of cyberattacks, including the cyber ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-10T01:50:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/16429728705_dab78edf58_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"372\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Christopher Painter\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christopher Painter\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/16429728705_dab78edf58_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/16429728705_dab78edf58_z.jpg\",\"width\":640,\"height\":372},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/\",\"name\":\"US moves to expose North Korea\u2019s malicious cyber activity | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/#primaryimage\"},\"datePublished\":\"2018-09-10T01:50:50+00:00\",\"dateModified\":\"2018-09-10T01:50:50+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/55075cd4df3df622c325025bb0cf70d1\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"US moves to expose North Korea\u2019s malicious cyber activity\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/55075cd4df3df622c325025bb0cf70d1\",\"name\":\"Christopher Painter\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7aab58dca488762f36432082ad0dbd37?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7aab58dca488762f36432082ad0dbd37?s=96&d=mm&r=g\",\"caption\":\"Christopher Painter\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/christopher-painter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"US moves to expose North Korea\u2019s malicious cyber activity | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/","og_locale":"en_US","og_type":"article","og_title":"US moves to expose North Korea\u2019s malicious cyber activity | The Strategist","og_description":"Late last week, the US Department of Justice filed a criminal complaint against a North Korean hacker\u2014who allegedly acted on behalf of the North Korean government\u2014in connection with a series of cyberattacks, including the cyber ...","og_url":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2018-09-10T01:50:50+00:00","og_image":[{"width":640,"height":372,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/16429728705_dab78edf58_z.jpg","type":"image\/jpeg"}],"author":"Christopher Painter","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Christopher Painter","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/16429728705_dab78edf58_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/16429728705_dab78edf58_z.jpg","width":640,"height":372},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/","url":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/","name":"US moves to expose North Korea\u2019s malicious cyber activity | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/#primaryimage"},"datePublished":"2018-09-10T01:50:50+00:00","dateModified":"2018-09-10T01:50:50+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/55075cd4df3df622c325025bb0cf70d1"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/us-moves-to-expose-north-koreas-malicious-cyber-activity\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"US moves to expose North Korea\u2019s malicious cyber activity"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/55075cd4df3df622c325025bb0cf70d1","name":"Christopher Painter","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7aab58dca488762f36432082ad0dbd37?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7aab58dca488762f36432082ad0dbd37?s=96&d=mm&r=g","caption":"Christopher Painter"},"url":"https:\/\/www.aspistrategist.ru\/author\/christopher-painter\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/41921"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/783"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=41921"}],"version-history":[{"count":6,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/41921\/revisions"}],"predecessor-version":[{"id":41928,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/41921\/revisions\/41928"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/41923"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=41921"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=41921"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=41921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}