Search results

13 results found.

N. Korea, Lazarus & SWIFT: Are the white hats closing in? (Update: SWIFT cuts off remaining N. Korean banks)

In the last month, major news stories about North Korea have bombarded my batting cage faster than I’ve been able to swing at them. I’d wondered when I’d have a chance to cover Katy Burne’s detailed story in the Wall Street Journal about the empty half of the SWIFT glass — that despite its recent decision to disconnect three U.N.-designated North Korean banks, it’s still messaging for banks that are sanctioned by the Treasury Department, but not by the U.N.:

The U.S. Treasury-sanctioned banks that remain on Swift include the state-owned Foreign Trade Bank of the Democratic People’s Republic of Korea, the country’s primary foreign-exchange bank; Kumgang Bank; Koryo Credit Development Bank; and North East Asia Bank, according to people familiar with the network. A search on Swift’s website listed active bank identifier codes for the institutions as of Monday.

The U.S. designated for sanctions the Foreign Trade Bank in 2013, saying it facilitated weapons of mass destruction programs in North Korea. The other three were sanctioned in December as the U.S. targeted entities it said supported the North Korean government and its weapons programs following the Asian nation’s September 2016 nuclear test.

The apparent sanctions gap raises questions about how easily North Korea could move currency through alternative banking channels, something the U.N. said it has been known to do in the past through fronting companies. [….]

While based in Brussels and regulated by Belgian authorities, the company intersects daily with U.S. financial institutions, processing tens of millions of payment instructions, including through a large facility in Culpeper County, Va. [WSJ, Katy Burne]

I won’t sugar-coat this; the fact that these dirty and important (to His Porcine Majesty) banks can still use SWIFT is a major hole in our sanctions, and whether Congress and the administration are willing to close it will be a test of how serious they are about stranding Pyongyang’s money.

I can understand some of SWIFT’s likely arguments against that, mind you: first, SWIFT has earned much good will from Treasury for favors it has done them on terrorist financing; second, there may be other potential providers of the same service that may be less responsive to U.S. legal pressure. Fair enough, but whoever takes up that slack in SWIFT’s wake should be sanctioned to swift extinction (yes, intended). For a list of North Korean banks indicating which ones are designated by the U.N. and the U.S., see this post, and scroll down.

Meanwhile, Symantec now claims it has additional evidence that the hacker group Lazarus, which it had previously linked to the robbery of the Bangladesh bank using hacked SWIFT software, is responsible for that attack, and more:

A North Korean hacking group known as Lazarus was likely behind a recent cyber campaign targeting organizations in 31 countries, following high-profile attacks on Bangladesh Bank, Sony and South Korea, cyber security firm Symantec Corp said on Wednesday.

Symantec said in a blog that researchers have uncovered four pieces of digital evidence suggesting the Lazarus group was behind the campaign that sought to infect victims with “loader” software used to stage attacks by installing other malicious programs.

“We are reasonably certain” Lazarus was responsible, Symantec researcher Eric Chien said in an interview.

The North Korean government has denied allegations it was involved in the hacks, which were made by officials in Washington and Seoul, as well as security firms.

U.S. Federal Bureau of Investigation representatives could not immediately be reached for comment.

Symantec did not identify targeted organizations and said it did not know if any money had been stolen. Nonetheless, Symantec said the claim was significant because the group used a more sophisticated targeting approach than in previous campaigns.

“This represents a significant escalation of the threat,” said Dan Guido, chief executive of Trail of Bits, which does consulting to banks and the U.S. government. [Reuters]

Further down, the report suggests that one or more Polish banks may also have been hit, but “Reuters has been unable to ascertain what happened in that attack.” The headline having promised evidence of attribution to North Korea, however, the text of the story itself left me wanting more. It’s not news that Symantec has linked Lazarus to North Korea; Symantec did that almost a year ago. Nothing in Reuters’s report adds evidence to that attribution.

Nor does this story suggest that there’s enough evidence for the feds to act against Lazarus, although it does hint that the FBI is investigating. Jurisdiction shouldn’t be an issue in the Bangladesh case; money moved through the New York Federal Reserve Bank. Attribution is the real question. Depending on what they can prove, the feds would have many potential charging options, including bank fraud, wire fraud, the Computer Crime and Abuse Act, racketeering, and money laundering. Furthermore, there are anti-hacking provisions in both the NKSPEA (section 104(a)(7)) and Executive Order 13722, which means that if the feds could find any of Lazarus’s money, or any assets of Lazarus’s co-conspirators — regardless of whether those assets can be traced to any of these specific acts — the Treasury Department could freeze them, and the Justice Department could forfeit them.

And needless to say, the indictment of a state actor would be a big deal, for a lot of reasons.

So far, I don’t see enough in the open sources to support that, but it’s good news that the white hats are working diligently on this. If they can attribute this to senior officials in the North Korean government — most likely, within the Reconnaissance General Bureau — then it would be our legal basis to go after the RGB’s assets, which we’ve recently learned include some sophisticated and global commercial operations. This story bears close watching.

~   ~   ~

Update:

Reuters is reporting that SWIFT will disconnect the remaining North Korean banks:

SWIFT, the inter-bank messaging network which is the backbone of international finance, said it planned to cut off the remaining North Korean banks still connected to its system, as concerns about the country’s nuclear program and missile tests grow. SWIFT said the four remaining banks on the network would be disconnected for failing to meet its operating criteria.

The bank-owned co-operative declined to specify what the banks’ shortcomings were or if it had received representations from any governments. Experts said the decision to cut off banks which were not subject to European Union sanctions was unusual and a possible sign of diplomatic pressure on SWIFT. [Reuters]

Now that SWIFT has gotten itself right with Jesus, I would like to implore everyone, everywhere to lay off SWIFT. It’s absolutely true that if we turn SWIFT into a political surrogate for our sundry political conflicts, the world’s dirtiest banks will just take their business elsewhere. That’s not a trend we want to encourage. SWIFT has usually been a responsible member of the financial community, sometimes at great cost to itself.

My argument all along has been that (1) North Korea deserves to be an exception to that rule because (2) North Korea is a unique threat to the financial system — not to mention, to all of humanity — as documented in (3) seven U.N. Security Council Resolutions, a Patriot Act 311 determination, and a call for “countermeasures” by the Financial Action Task Force. You can’t say that about any other country on earth right now — not even Iran. I can’t reconcile messaging for North Korean banks with any of those authorities. And if any competitor tries messaging for the FTB, it’s especially important that the Treasury Department should have the authority to obliterate them (which is why Congress should still proceed with something like the BANK Act).

Having said all that, I wouldn’t be too quick to assume that diplomatic pressure was the main reason for this most welcome decision. “Operating criteria” could mean a lot of things, but it’s a slightly better fit with “massive global bank fraud” than it is with “diplomatic pressure.” If there are more developments in the Lazarus investigation than the Reuters report makes apparent, and if those developments convinced SWIFT that it had unwittingly helped the North Koreans defraud its more reputable clients by sharing its software with them — and their hackers — that would be a perfectly good (and equally plausible) reason for SWIFT to have cut the North Koreans off.

Yet again, the North Koreans are tactically brilliant criminals. And yet again, they’re strategically moronic. It’s a rare and happy day when someone finally holds them to account for it.

Continue Reading

Lazarus Rises

“My heart feels like it’s going to burst when I think that you’ve left your family to come to see me,” Ms. Kim said. “I wish I could see my grandchildren and daughter in law before I die.”According to Unification Ministry, 486 South Korean civilians abducted to North Korea since the Korean War are still alive in the communist country “• 435 of them were fishermen.

Continue Reading

Computer crime, bank fraud & money laundering: A preview of Kim Jong-un’s indictment

The Wall Street Journal is reporting that hackers employed by the government of North Korea have been implicated in yet another international bank fraud scheme using hacked SWIFT software. This time, the victim is a bank in Taiwan, and the take was $60 million, all of it laundered through accounts in Cambodia, Sri Lanka, and the United States.

In a blog post Tuesday, cybersecurity researchers at U.K. defense company BAE Systems PLC also implicated Lazarus in the Taiwanese theft, saying that tools used in the attack on the Far Eastern International Bank include those used by Lazarus in the past.

“The attack this month on Taiwanese Far Eastern International Bank has some of the hallmarks of the Lazarus group,” BAE researchers wrote.

The suspected ties to Lazarus suggest the group’s continued focus on financial cybercrimes. In addition to the Bangladesh Bank theft, the BAE researchers said the group has been targeting bitcoin and is behind attacks on banks in Mexico and Poland.

Security researchers suspect the group has links to North Korea. U.S. authorities have said that one hack also linked to Lazarus—the 2014 Sony Pictures hack—originated in North Korea. The country has denied being behind the attack.

The BAE researchers said they found further evidence of the group’s North Korea links, saying they observed infrastructure in North Korea controlling the malware used in a previous Lazarus-linked attack. Representatives at North Korea’s Beijing embassy and Hong Kong consulate weren’t immediately available for comment. [WSJ, Dan Strumpf]

Sri Lankan authorities have arrested two suspects, one of whom was trying to withdraw $520,000 (which is more than my ATM ordinarily allows me to take out before a trip to Home Depot for plywood and router bits).

That report closely follows this New York Times story on the recent history of North Korea’s cyber crimes, including the Bangladesh Bank fraud, where the North Koreans got away with $81 million, the 2013 Dark Seoul cyberattacks, the 2014 Sony cyberattack and cyberterrorist attack against the U.S. homeland (about which the United States of America did approximately diddly squat), and (consequently) this year’s the WannaCry ransomware attacks.

Earlier this year, I wrote about reports that high officials in U.S. intelligence and law enforcement agencies had found evidence implicating North Korea in recent cyberattacks. Clearly, the FBI is investigating this course of criminal conduct, which is something I presume the FBI wouldn’t do without some prospect of a prosecution. We are speaking, after all, of conduct that is highly dangerous, ongoing, and undeterred. That gives the U.S. government a powerful incentive to charge those who conspired to commit these crimes.

Which brings us to this question: Is there any real doubt as to who the real person of interest is here? Of course, the feds would need at least some proof to get a grand jury to indict. The opacity of the royal court in Pyongyang presents some obvious challenges to this, but just over a decade ago, when prosecutors very nearly indicted His Porcine Majesty’s father for counterfeiting — before George W. Bush stopped them for political reasons — they concluded that those challenges were surmountable.

“The most difficult thing is connecting evidence of criminality to a state’s leader, because there is so much deniability built in. But there isn’t a whole lot of activity in North Korea that isn’t sanctioned by the leadership, and the evidence we had already built up was very good. These cases were very doable.” The criminal cases, says Asher, were based on information from undercover agents, informants, and a vast surveillance operation. [Vanity Fair, David Rose]

If you’ve read the links above or my posts on the Sony cyber attacks, it’s apparent that our signals intelligence is part of the case that implicates state-sponsored North Korean hackers. The Justice Department has cited the testimony of defectors in recent civil forfeiture cases against North Korean funds, and at least two defectors with inside knowledge of North Korean cyber operations have spoken publicly.

But even assuming there are no defectors who testify to His Porcine Majesty’s complicity, and that the government offers no signals intelligence implicating him (which it might not want to do to protect sources and methods) the feds could still do what the plaintiffs did in their lawsuits against North Korea for the state sponsorship of terrorism — they could call experts to testify about North Korea’s system of government, command systems, and the certainty that this conspiracy must have been approved at the very top.

Then, what would the feds most likely charge? Prosecutors’ opinions inevitably vary, but here are my best guesses. I’ve linked the relevant sections in the Criminal Code so that you can read the elements yourself.

  • Count I: Conspiracy. This one is pretty much a given in most federal prosecutions now. Note that cases interpreting the federal conspiracy statute define “defraud the United States” broadly.
  • Count II: Bank Fraud. Which should be self-explanatory.
  • Count IV: Violations of the Computer Fraud & Abuse Act. This is the statute the feds use to charge computer hacking offenses.
  • Count III: Money Laundering. In plain English, the transfer, use, or spending of crime-tainted funds with intent to carry out, facilitate, or profit from one of the predicate offenses listed in subsection (c) of the money laundering statute. This is an important count, because — let’s face it — it’s not like we’re ever going to arrest Kim Jong-un short of his overthrow. The only way to hold people beyond our personal jurisdiction accountable is to shame them and seize and forfeit their funds. The indictment shames; the forfeiture count takes the money away.
  • Count V: Criminal Forfeiture. This is how we take money away from people after they’re convicted (but hold that thought for a moment).

Assuming the feds do indict, would His Porcine Majesty, a sitting head of state, be immune from prosecution in a U.S. court? I want to thank one of my Twitter followers, Shin Chang-hoon, for pointing me to this interesting discussion of that potential obstacle in the broader, global context. In the U.S. federal courts, however, there is at least one precedent for the feds successfully indicting, prosecuting, and convicting a sitting, de facto head of state. That would be Manuel Antonio Noriega, the former dictator of Panama, whom we arrested after the 1989 U.S. invasion of that country. Noriega argued his indictment on drug charges must be dismissed because he was immune from prosecution. The U.S. Court of Appeals for the 11th Circuit rejected Noriega’s argument on the grounds that the U.S. had not recognized him as the lawful head of state, and because (and this is admittedly circular) by invading Panama, and by arresting and extraditing him, the U.S. showed that it did not intend to immunize him. You can read the court’s decision here.

Yes, the potential for such prosecutions to get out of hand is obvious, but it’s hard to believe that a federal court of appeals would immunize a head of state from prosecution for straight-up international bank fraud. The key distinction is whether the prosecuted conduct consists of the acts of a head of state or “for private or criminal acts.”

Having navigated past one problem, we encounter a more difficult one: the requirement to have a defendant present for the arraignment before a prosecution can go forward. (One of my least pleasant trials was a case where I defended a man who ran away after his arraignment and before trial. Much like Clint Eastwood did not do in 2012, only more effectively, I had to defend an empty chair. The chair got three years — a good result, given the charges and the evidence.)

So, does this bring us to an Emily Litella moment?

Not quite. Admittedly, my experience in federal civilian criminal litigation is limited, but as I read the Federal Rules of Criminal Procedure and the U.S. Attorneys’ Manual, you don’t need to have custody of a defendant to indict. The statute of limitations (typically, five years) stops running when the feds indict. Then, the indictment sits on a shelf until arraignment, which starts the ticking of the defendant’s speedy trial clock. But why do that? Again, past history is instructive.

The final stage, which David Asher says President Bush had been fully briefed about, would have been the unsealing of criminal indictments. “We could have gone after the foreign personal bank accounts of the leadership because we could prove they were kingpins,” Asher says. “We were going to indict the ultimate perpetrators of a global criminal network.” “The world wanted evidence that North Korea is a criminal state, not a lot of hoo-ha,” says Suzanne Hayden, a former senior prosecutor at the Department of Justice who ran its part of the Illicit Activities Initiative. “The criminal cases would have provided the evidence. It would have been in the indictments. As with any money-laundering investigation, we would have identified the players and traced them back, from Macao to those who were behind it in North Korea.” [Vanity Fair, David Rose]

A better reason might be to charge and prosecute the third-country nationals and businesses that provide the North Korean hackers with the havens and support they require.

The feds would also have the alternative of filing a civil forfeiture case under 18 U.S.C. 981, alleging all of the same counts in a civil, in rem suit against funds that belong to Kim Jong-un, on the theory that the funds are proceeds of that conduct, or are facilitating property (such as property co-mingled with the stolen funds to conceal their origin and ownership). The advantage of that strategy is that the feds would only have to prove the forfeitability of the property by a preponderance of the evidence, and the feds would win the suit by default unless Kim Jong-un enters an appearance in federal court and intervenes in the proceeding.

In 2005, President Bush decided not to go forward with the prosecution of Kim Jong-il because it was afraid that he’d walk out of six-party talks. But of course, North Korea did walk about of six-party talks in 2008, hasn’t returned since then, and is absolutely adamant in its refusal to negotiate either a freeze or denuclearization, that concern isn’t present.

Of all the dumb things smart people tend to write about North Korea, the dumbest of them all may be the idea that what North Korea needs most is for us to teach it how to do capitalism. Over the last week, I’ve read reports of how North Korea and its officials make money through drug trafficking, racetrack gambling, tourism, and ivory and rhino horn smuggling. It runs one of the world’s more sophisticated money laundering operations using front and shell companies in Hong Kong. The last thing Pyongyang needs us for is to teach it how to make money. To Pyongyang, capitalism is not a path to reform, but a path to the enslavement of all Koreans. What Pyongyang needs to learn is an object lesson in the rule of law — that at last, its crimes will have consequences, even if some of those consequences are symbolic. And for a system of government built on symbols and myths, symbolic consequences can be some of the most powerful ones.

Continue Reading

Stop talking about bombing North Korea. Talk about the revolution it desperately needs.

The supreme art of war is to subdue the enemy without fighting.  – Sun Tzu

On the Fourth of July, I had a long talk with a Famous Person who would probably prefer that I not mention his name here. He’s famous (or infamous — your mileage may vary) for his association with a foreign policy philosophy described as “neoconservative,” whatever that means. Like many Famous Persons, this person’s public image is an injustice to his actual views, which sounded classically liberal to my ears. He had an easy and unpretentious manner, and great depth in both experience and intellect. He recalled, at length, his support for Kim Dae-Jung’s life and freedom during South Korea’s right-wing dictatorship and other events I watched in rapt attention years ago. Because I’m not naming him, he probably won’t mind me quoting a wise thing he said: “This talk of bombing North Korea is scaring our friends more than it scares our enemies.” I couldn’t agree more. The word I keep returning to is “madness.” Not that it should matter, but there are people in Seoul I love.

It will probably also scare some of our friends that I made the case to this Famous Person that we must match Pyongyang’s escalation and deter the next one by helping the people of North Korea to resist the regime, but at least that suggestion has the advantage of terrifying our enemies and merely dividing our friends. Already, some of you are thinking that I’m scaring the Chinese and the Russians away from cooperating with us, as if all of the State Department’s supplications of the last 20 years have achieved anything. Or, that I’m scaring Pyongyang away from the negotiating table, as if Pyongyang would come back to the negotiating table otherwise, and as if Pyongyang doesn’t already believe we’re trying to overthrow it. Or that I’m ignoring the danger of loose nukes — as if the danger of WMD proliferation isn’t just as great or greater with this regime intact.

If we’re really honest, we’re all praying for some kind of regime change in North Korea. Prayer, of course, is not a strategy. The Sunshine Policy didn’t work, but it was a strategy for regime change by other means. Former South Korean President Kim Dae-Jung, the architect of that policy, was extraordinarily cautious about suggesting an intent to catalyze political change in the North, but a careful reader could see that it necessarily had political objectives: “Through open interaction with the global economy, North Korea will emerge as a responsible member of the international community, contribute to the stability of the peninsula, and develop its economy efficiently.” As Professor Lee, Bruce Klingner and I explained in the pages of Foreign Affairs, that is also why Pyongyang couldn’t let the Sunshine Policy succeed. I also doubt that Kim Dae-Jung was only speaking of South Korea’s former right-wing dictators when he quoted Confucious in his Nobel acceptance speech: “The king is son of heaven. Heaven sent him to serve the people with just rule. If he fails and oppresses the people, the people have the right, on behalf of heaven, to dispose of him.” (This is a point I’ll return to later in this post.)

The same is true of Americans who believe (or believed) in the Sunshine Policy. As the unreconstructed arch-engager David Kang once wrote, “I am totally for regime change, or a regime that modifies its ways and introduces economic and social reforms that improve the lives of its people.” At the height of talks over the 1994 Agreed Framework, Wendy Sherman pined for something more kinetic: “We just thought all that would bring about the collapse of the North Korean government within two or three years.”

We’ve all wished for a change of regime in North Korea, if only on an emotional level, notwithstanding how expensive, chaotic, and dangerous we know Kim Jong-Un’s Götterdämmerung could be. For years, we desperately hoped there might be some path to easy, evolutionary change. The unstated part of this hope was that with sufficient time and engagement, that evolutionary process might terminate as it did in Eastern Europe. But as events have proven beyond a reasonable doubt, there is no path to easy, evolutionary change in North Korea. There is profiteering and outright theft, and Pyongyang’s rich are getting richer. Call that capitalism if you want, but it’s the capitalism of a predatory military-industrial complex that’s no more a harbinger of peace or political reform than Krupp, Messerschmitt, or I.G. Farben were.

Contrary to Wendy Sherman’s expectations, the North Korean government did not collapse, because the North Korean people were too afraid, too hungry, too exhausted, and (above all) too isolated from each other to challenge the state. That is why, though there have been a thousand small and not-small acts of armed and unarmed resistance by the North Korean people against the state in recent years, those acts could not threaten the state’s control or disrupt its oppressive strategy. The people of North Korea had no means to communicate, organize, or resist. For those things, they will need our help. We should give them that help, in ways that would be public knowledge, and in other ways that would necessarily remain covert or clandestine. I don’t see another way. If you do, the comments are open.

In this week’s posts, I’ve explained why every other option ends in either a nuclear war, a surrender of South Korea, the collapse of nonproliferation, or grave threats to our own security and freedom. The hard realities are, in no particular order, that we cannot live with a nuclear North Korea, and that neither talks, nor surrender, nor China, nor the Swiss-educated reformer who never was will solve this crisis for us. War would, but it would also be a catastrophe of incalculable proportions. All options that remain — including the option of doing nothing, or seeking an accommodation with the regime — come with a significant or unacceptable risk of ending catastrophically. There is no safe option left to us; there are only less-dangerous ones. Dramatically improved enforcement of sanctions is the only nonviolent one left, and while I continue to believe that vigorously enforced sanctions could bring the regime to an existential crisis that could dethrone His Porcine Majesty, only the removal of Kim Jong-Un from power (and consequently, from this Earth) can disarm Pyongyang now.

It is increasingly hard to avoid the conclusion that Kim Jong-Un must die so that Korea may live, and that the coup de grâce must come from within, and not from us. It may be that the only way to prevent a larger war is to catalyze a smaller one. But that smaller war — or even the credible threat of one — may stand the best chance of ending with a peace agreement worthy of its name, from which Korea would emerge intact, liberated, unoccupied by foreign powers, and on a manageable timetable for reunification.

~   ~   ~

Let’s stop tiptoeing around what most of us have quietly wished for, but which we’ve done nothing — at least nothing I can see — to instigate: North Korea needs a revolution. It is in our interest to be rid of Kim Jong-Un, but above all, it’s in the interests of the North Korean people to be rid of him. The merchants who have waged an unarmed war of resistance against the state’s uniformed shake-down artists and press-gangs want to be rid of him. The nameless victims of torture who wanted nothing more than the right to live and move freely want to be rid of him. The people of North Hamgyeong, who are still waiting for an uncaring government to help them more than a year after floods devastated their homes and farms, want to be rid of him. The dirt-poor private farmers whose land is being confiscated, even as food prices rise, want to be rid of him. The collective farmers whose hopes for agricultural reform were dashed into the reality of exploitative sharecropping want to be rid of him. The poor in North Korea’s cities and towns, who scrape through life inside the confines of a state-imposed class system, want to be rid of him. The soldiers who are killing their abusive officers or walking through minefields to freedom want to be rid of him. The desperately hungry border guards who carry their guns into China and desert want to be rid of him. The elites in Pyongyang, who have begun defecting in greater numbers than ever — to include diplomats, money launderers, security officials, and (most recently) one of Kim Jong-Un’s bodyguards — want to be rid of him. The men, women, and children in the gulags must surely pray that they may live long enough to be rid of him. The 30,000 North Koreans who risked everything to flee to South Korea — and the countless others who died along the way, or in prison camps after they were recaptured — wanted to be rid of him.

Our real military option isn’t bombing, but a combination of overt, covert, and clandestine operations to catalyze the formation of a resistance movement by North Korea’s rural poor, historically its most exploited and discontented class, particularly in the northern and eastern provinces. The tried-and-tested argument for that uprising is the timeless appeal of class warfare. North Korea’s is a society of artificial, politically assigned, hereditary classes that mark every citizen for life and decide her access to education, a decent job or place to live, and even food.

As for the organizational foundations of such a movement, I’ve already discussed them at length, but they aren’t so different from the model used by Hamas or the Muslim Brotherhood. That model begins with a guerrilla banking system that seeds a multitude of unaffiliated, clandestine social welfare organizations and evolves into a shadow government, providing for the needs of the people that the state does not, and that resists the state’s violation of the fundamental human rights of the people in whatever ways it can. The essential and missing element is a means of communication, but even that isn’t far off. I’ll keep the discussion of logistics to myself or leave that to Dave Maxwell — he’s the retired Special Forces colonel, not me. I’ll only say that North Korea has two long coastlines, one long and partially porous border, robust smuggling networks, and a population that has learned to be extraordinarily resourceful to survive. The markets in North Korea seem to provide anything for which there is a demand.

I think — and there is a basis for my speculation — that Kim Jong-Un’s nightmare scenario is to wake up one day to hear that after an MPS officer beat a merchant who refused him a bribe, that the merchants rioted and killed the officer with a pistol bought from a deserting soldier, that riots spread throughout the province once people began texting the news on smuggled phones, and that people had set up roadblocks all over Hoeryong, within sight of journalists just across the border in China.

There would be no question, of course, of a peasant army marching on Pyongyang. That would be impossible, undesirable, and unnecessary. It would present Pyongyang with the sudden, use-it-or-lose-it choice that we must carefully avoid. The state’s loss of control would instead be gradual. If North Korea’s vast, almost roadless interior dissolved into anarchy as Syria and Libya did so unexpectedly, Pyongyang could lose its land access to the fisheries of the east, the coal mines and power plants in the interior, and all the remote places where it hides his missiles. Broadcasts directed at his elites, who are already defecting in growing numbers, would show them how the countryside was slipping into anarchy. If the security forces were already sanctioned to the verge of bankruptcy, they would be hard-pressed to pay, fuel, and maintain an army to patrol the borders, and the villages and fields near the most critical roads, railroads, and power lines. It is the economic and political blows, not the military one, that would be fatal, and that would force Pyongyang’s elites to demand peace talks on terms that would lead to a genuine peace.

As border control broke down, information would flow in and people would flow out. Trade links to China would become untenable, adding more financial pressure to the effects of sanctions. As Pyongyang functionally became a city-state surrounded by an ungovernable countryside and a patchwork of liberated zones, the elites might decide that the world was closing in on them and hedge their bets about the future. In exchange for our covert support, a thousand unseen eyes in the mountains could report the location of every missile truck, slip messages to unit commanders, or send out videos of gulags or abuses by soldiers. In the towns and villages of Ryanggang and North Hamgyeong, the State Security Department’s officers would become prisoners of the people, too afraid to patrol the markets and reduced to taking bribes from those they no longer dared to extort, in exchange for looking the other way at more open acts of subversion. No foreign power, including China, would dare wade into this mess. As for the generals, all that would be asked of them to save themselves and their families would be to make sure that at the critical hour, their troops don’t move and don’t shoot.

~   ~   ~

What can America give to the people of North Korea? First, a means to communicate and organize among themselves; second, a message to galvanize and focus their discontent; third, a concerted legal attack on the finances of the security forces to give the people breathing space; and perhaps, as a deterrent to further acts of aggression and oppression, a covert supply of arms, or a way to manufacture them in small guerrilla workshops.

We already have specialized aircraft designed for hijacking the airwaves of hostile states. The message we broadcast must be tailored to different audiences — the elites, the military, and the rural poor. For the elites in Pyongyang, the message must be that there is a better future without Kim Jong-Un than with him. That for those who resist the state and refuse to take part in its crimes against humanity, there will be clemency, freedom, and a better life in the future. If the regime persists, they can expect to meet the same fate as Jang Song-Thaek and his family.

For the soldiers, it must be a message of rice, peace, and freedom. In the event of war, they must refrain from killing their brothers and sisters in the South. They must be told that the targets assigned to them are civilian targets, and that their duty as Koreans is to disable their weapons, refuse to fire, or intentionally miss those targets.

For the rural poor, it must be that they are poor and hungry because of the state’s choices — to build weapons and ski resorts, and to import yachts and missile trucks, instead of feeding them. That the state keeps them hungry to control them. That it divides them against each other by making them inform on one another. The message must be rich with actual, credible stories about people like them who have suffered from the regime’s abuse, corruption, and oppression. They must awaken to the fact that they alone can change that, because no one else is coming to save them.

For all North Koreans, we should help them begin a conversation about the difficulties that sudden change will mean to a society that isn’t prepared for them. Should they stay in place or move? Who will own the soil, and who will till it? Will they be allowed to sell the land, and for what price? Will rich South Koreans flood in and make them second-class citizens in their own country? Will they acquire legal ownership of their own homes? Will industries in the hands of the state, the donju, or foreign investors be nationalized and sold off? Will the communes be broken up or consolidated? How can they prevent foreign occupation? What is the right balance between free speech and social stability? Who will be held responsible for crimes against the North Korean people, and who will be forgiven in the name of ending them? They must feel that they will have a say in how those questions are answered.

~   ~   ~

Our sanctions-targeting strategy must also evolve with the recognition of these same hard realities. During this event on Capitol Hill several weeks ago, former Treasury Undersecretary and former CIA Deputy Director David Cohen made a profoundly important statement that would have been easy to miss. Cohen said that the strategy for sanctions enforcement depends on the objective of sanctions. Until now, it has been to pressure Kim Jong-Un to negotiate away his nukes, based on the flawed premise that he cares about the welfare of his people and the development of his country (in fact, those things would pose serious threats to his internal control by breaking the peoples’ material and ideological dependence on the state).

If we agree that Kim Jong-Un will never disarm voluntarily, then our sanctions should instead target the regime’s security forces and their capacity to suppress the population. How? We know, for example, that two sanctioned North Korean coal export companies support the military and that a third supports the Reconnaissance General Bureau. The security forces fund themselves with certain trading companies. If so, our sanctions should preferentially target the regime’s immune system to disrupt its capacity to oppress, to compel its security forces to rely on corruption, and to break down barriers to the smuggling of goods, people, and information across North Korea’s borders.

Part of this strategy could take several years to prepare, unfortunately. The critical communications technology to allow North Koreans to organize still isn’t in place. Once resistance begins, it’s difficult to know whether it would spread or how quickly. If we controlled its funding, we could exercise some control over its conduct, but only to an extent. We can expect Pyongyang to hit back (though in limited, non-suicidal ways) if it knows or assumes that we’re supporting internal resistance. In the meantime, we’ll need an interim containment strategy, including aggressive sanctions enforcement, the accelerated deployment of missile defenses and deterrence, and perhaps a blockade. The President may have to use force to deter the next Yeonpyeong-do incident or slow North Korea’s missile development, and hope that a limited conflict stays limited. At the same time, we must never close the door to an agreement in which Pyongyang would disarm and begin a graduated process of humanitarian reform in exchange for the suspension of sanctions. But in the end, containment alone is not a permanent solution to this problem, and deterrence has been failing since 2010.

For years, the experts who have held the tiller of our policy for so much of the last three decades have offered Pyongyang “security guarantees” for a disarmament deal. Pyongyang either didn’t take them or took them and reneged. It’s time to turn this formula on its head and offer Pyongyang insecurity guarantees as long as it refuses to disarm. Once we pose a credible threat of destabilizing the countryside between Pyongyang and Dandong, our chances of a diplomatic solution rise from zero to something more than zero. How much more depends on the credibility of the threat and how much we have to offer in terms of trading stability for a lasting peace.

~   ~   ~

When Kim Dae Jung quoted Confucious in his Nobel speech, he reminded his audience that Confucious spoke those words 2,000 years before John Locke wrote of his version of the social contract theory, which incorporated a right of revolution. Against Locke, Thomas Hobbes argued, based on his bitter experiences during England’s civil war, that the subject’s duty was to obey the sovereign for better or for worse lest he reduce his kingdom to a state of anarchy where life would be “nasty, brutish, and short.” But North Korea, where the regime has imposed its social contract on the people, is as Hobbesian a place as you will find — it is a living (if one can call it that) exhibit to Locke’s brief for the right to revolution. In another hundred years, Thomas Jefferson would write that when a government becomes destructive of the ends of the life, liberty, and happiness of the people, “it is the right of the people to alter, or to abolish it.” I do not reserve that right to Americans alone. That would make me an American exceptionalist.   

In our long war of skirmishes against the Kim Dynasty, it has always been the people of North Korea who have been our most important — and most overlooked — potential allies. Kim Jong-Il now presents a grave threat to our freedom, our security, our prosperity, and our way of life. We are justified in threatening the integrity of his political system in return. The perpetuation of that system represents a grave threat to us, to our allies, and to the people of North Korea most of all. We also compelled to do this in a way that reduces the risk of catastrophe as much as that is still possible, and that minimizes unnecessary suffering by the North Korean people. Our support for any resistance group must be strictly conditioned on its adherence to the Law of Armed Conflict. It must tolerate no attacks against noncombatants, no banditry, and no theft. The choice to resist, of course, is a choice that belongs to the people of North Korea. But if they are willing to make it, they should find no better friend than us.

Continue Reading

WSJ: Feds may indict North Koreans in Bangladesh Bank fraud

This story just gets more interesting by the day:

Federal prosecutors are building cases that would accuse North Korea of directing one of the biggest bank robberies of modern times, the theft of $81 million from Bangladesh’s account at the Federal Reserve Bank of New York last year, according to people familiar with the matter.

The charges, if filed, would target alleged Chinese middlemen who prosecutors believe helped North Korea orchestrate the theft, the people said.

The current cases being pursued may not include charges against North Korean officials, but would likely implicate North Korea, people close to the process said. [Wall Street Journal, Aruna Viswanatha and Nicole Hong]

Traditionally, robbery has meant theft by means of force or intimidation. I thought this case sounded like a better fit for bank fraud until I read the Criminal Code section on bank robbery, which is much broader than the common law definition and covers the whole life cycle of the criminal course of conduct.

The FBI’s Los Angeles Field Office and the U.S. Attorney’s Office for the Central District of California have the lead, which means the indictments would most likely issue in the Central District of California (and consequently, the Ninth Circuit). It’s not an ideal place to pick venue if you’re the government. The USAO for the Southern District of New York is also investigating other bank fraud cases it suspects of being the work of the same North Korean hacking group, known as “Lazarus.”

As I noted in my report on North Korea’s sponsorship of terrorism, the U.S. government thinks the Reconnaissance General Bureau (which is designated by both U.S. Treasury and the U.N. Security Council) did the Sony cyber attack. Recent reports have also linked the code used in the Bangladesh fraud to the code used in the Sony attack. That would make the RGB a prime suspect in both attacks, which means it would have been a violation of the International Emergency Economic Powers Act (IEEPA) for anyone to knowingly engage in dollar transactions with the RGB’s agents after August 30, 2010, when that agency was first designated.

If charges are filed against alleged middlemen in the Bangladesh theft, they are expected to be similar to charges unsealed in September against a Chinese businesswoman, Ma Xiaohong, some of these people said.

That makes sense. The “Chinese middlemen” could be charged with violating the IEEPA and money laundering whether the feds can pin the bank fraud on the North Koreans or not. Here’s my post on the Ma Xiaohong/Dandong Hongxiang case, with links to the indictment and the civil forfeiture complaint.

There is, apparently, a “minority view” among the feds that the North Koreans may have sold the code to third parties without being directly involved. Depending on the evidence, that might still be a crime — most likely conspiracy to commit bank fraud or a violation of the Computer Fraud and Abuse Act, or aiding and abetting one of those crimes. That might even be a smarter charging strategy.

The report also says the Treasury Department may freeze the assets of those under investigation (I’d guess under Executive Order 13722, implementing the NKSPEA, or EO 13757, Obama’s eleventh-hour cyber executive order).

A decade ago, the feds were ready to indict North Korean officials for counterfeiting, but political pressure from the State Department got the case shelved — permanently. That was the George W. Bush administration. I don’t get the impression that the Trump administration would do any such favors for Kim Jong-un.

Continue Reading

Royce introduces bill to toughen sanctions on N. Korea; subcommittee holds hearing

The big news yesterday was that Ed Royce, the Chairman of the House Foreign Affairs Committee, has introduced a sequel to the North Korea Sanctions and Policy Enhancement Act, or NKSPEA. You can read the full text here, but briefly, the bill —

  1. Expands the mandatory and discretionary sanctions in NKSPEA 104 to match the sanctions added by UNSCR 2270 and UNSCR 2321. It also adds a few more, like authorizing Treasury to sanction anyone who imports food from North Korea — a gravely immoral thing when so many North Koreans are going hungry, and when the state obviously isn’t using its food export revenue to buy gbrain to feed them.
  2. Provides new authorities to ban North Korea from financial messaging networks. Of course, SWIFT is reportedly disconnecting all North Korean banks, but this provision now becomes important to prevent SWIFT’s less reputable competitors from taking that business on.
  3. Codifies the Treasury Department’s new regulatory ban on providing indirect correspondent account services to North Korean banks.
  4. Toughens the NKSPEA 203 provisions denying aid to states (mostly in Africa and the Middle East) that buy weapons from North Korea.
  5. Toughens the NKSPEA 205 provision allowing U.S. Customs to increase inspections of cargo coming from ports that aren’t meeting their UNSCR 2270 obligations to inspect North Korean cargo. It also creates a blacklist of non-compliant ports, including Dandong and Dalian. That could put pressure on those ports to either meet their inspection obligations or shun North Korean cargo altogether. Think of it as the customs equivalent of Banco Delta Asia. But I haven’t even told you the best part yet.
  6. Creates the authority for secondary shipping sanctions against North Korea by giving the Coast Guard the authority to ban ships, shippers, and flags that violate U.N. shipping sanctions from U.S. ports and waterways. That will make for some lively discussions with the Ways and Means and Transportation committee staffers. It also takes a page from the South Koreans and Japanese who’ve enacted similar measures. That would effectively bring the U.S. into a coalition with those nations to isolate North Korea from the global trade system. Given that this coalition would now include China’s three largest trading partners, that’s potentially quite a powerful measure. And as I’ve noted more than once, let there be no doubt that it was China that started the trade war over North Korea. This is how we stand by our allies and deter economic bullying.
  7. Increases sanctions against companies that employ North Korean slave labor, and threatens to raise the tier status of those governments under the Trafficking Victims Protection Act.
  8. Adds a new condition for the suspension of sanctions — that North Korea permit Korean-Americans to have unrestricted and unmonitored meetings with their North Korean relatives before they die.
  9. Offers rewards to defectors, and maybe other informants, who provide information leading to the arrest or conviction (in any country) of persons involved in North Korean WMD, cyberattacks, or money laundering.
  10. Piles on more pressure to designate North Korea as a state sponsor of terrorism.

And we still haven’t even seen the member amendments, which promise to be lovely. (On a related note, the Senate is also moving separate legislation to sanction the companies that have participated in China’s island-building in the South China Sea.) This promises to be an action-packed year for all you sanctions geeks out there. The dark circles under my eyes should be proof enough.

~   ~   ~

The other big event yesterday was the first hearing run by the new Chairman of the Asia-Pacific Subcommittee, Ted Yoho of Florida. As of yesterday morning, I hadn’t really viewed Yoho as a thought leader on Asia policy, but after his performance yesterday, I’ve reassessed that view. Yoho ran a tight ship, kept the proceedings on time, and despite this being his debut, projected a sense of calm command of the proceedings. More importantly, both Yoho and new Ranking Member Brad Sherman came in extremely well-briefed on the issue, and in full command of the facts. There was undoubtedly some first-rate staff work behind that. They’ve clearly digested the Panel of Experts’ latest, something that I’m still in the process of doing. You should really watch the whole thing:

The panel members were Bruce Klingner of the Heritage Foundation, Professor Sung-Yoon Lee of the Fletcher School, and former State/Treasury official Anthony Ruggiero, who has added much-needed expertise to the debate about sanctions policy and administration. I thought all three were extremely effective in breaking through to the members, but then, I consider all three men to be good friends, so I won’t even pretend to be objective. I’ll just post a money quote from each of them. First, Klingner sets the stage for where we find ourselves today, and why Americans should care:

Professor Lee’s statement, frankly, is some of his best work. It’s a must-read, not just for its historical insight about the often-strained relationship between China and North Korea and what that doesn’t mean, and not just for its insight into North Korea’s political objectives, but for the beauty of its prose (which Chairman Yoho also praised).

Ruggiero then brings his practical experience and careful research to the often-underinformed discussion of sanctions as a policy tool. And if I had to pick one panelist whose testimony really seems to have broken through to the Committee members, it’s probably Ruggiero, who reformatted their c-drives about a lot of junk analysis about sanctions:

Thanks for that!

Ruggiero also had some choice words for SWIFT, which I’ll let you read on your own.

With the Trump administration about to conclude its policy review and clearly headed in the direction of a harder line that will emphasize sanctions without sparing Chinese violators, this advice will undoubtedly find audiences in the White House, the National Security Council, and the State and Treasury Departments. My guess is it’s going to be a tense dinner at Mar-a-Lago when — or if — Xi Jinping comes around. But as I’ve said before, our relations will China may have to get worse before they can get better.

Continue Reading

Top NSA official attributes attempted $1B bank heist to North Korean hackers

The story of the Bangladesh Bank/SWIFT heist has gotten much more interesting of late. Now, not only do we have a senior U.S. intelligence official attributing it to a government, we learn that the North Koreans tried to steal nearly ….

A senior National Security Agency official appeared to confirm that North Korean computer hackers were behind a multi-million dollar heist targeting Bangladesh’s central bank last year.

Computer hackers attempted to steal $951 million, but only got away with $81 million, some of which was later recovered. After the theft, security firms quickly pointed the finger at North Korea. Other experts disputed that finding. But on Tuesday, NSA Deputy Director Rick Ledgett appeared to say North Korea was the culprit during a cryptic exchange at a Washington forum.

Speaking at an Aspen Institute roundtable, Ledgett pointed out that private sector researchers had linked the digital break-in in Bangladesh to the 2014 hack on Sony Pictures, which the U.S. government attributed to Pyongyang.

“If that linkage from the Sony actors to the Bangladeshi bank actors is accurate — that means that a nation state is robbing banks,” Ledgett said. “That’s a big deal.” [Foreign Policy]

To be clear, this isn’t U.S. government attribution, and there’s no explanation here of why Ledgett thinks the North Koreans were behind the theft, but Ledgett is described as a “30-year veteran” of the NSA who is due to retire later this year. Such a person wouldn’t ordinarily make that statement unless (1) he believed it, and (2) he was fairly certain the agency management was OK with him saying it in a public forum. In fact,  I think we’re all going to be hearing much more about why people think North Korea is now the only government that robs banks. What I’m also hoping we’ll find out is what bank accounts the money ended up in.

By attacking a bank and making off with large sums of money, North Korea can evade sanctions and obtain foreign currency, but so far, that effort has not delivered serious dividends for Pyongyang.

North Korea: tactically brilliant and strategically moronic since 1948. By the way, don’t expect SWIFT to publicly admit that its software was hacked. Standard behavior for any corporate victim of a cyberattack is to refuse to comment, or even to deny. They’re more worried about their reputations for systems security than in helping to punish hackers and hold them accountable. In most cases, hackers don’t have reputations to protect. When the hacker is a government, however, it has far more to lose by being accused of bank fraud.

Continue Reading

N. Korea’s biggest a**hole shoots Vice-Premier, sends second-biggest a**hole to weed the fields

Here at OFK, stories about kremlinology are usually page two material. Too often, we’ll read reports that some official or minor celebrity has been executed, only to read a year later that the target has risen like Lazarus from the KCNA crypt. As a general rule, the closer a story about North Korea is to the center of the power structure, the less I tend to believe it. Which is why I didn’t even tweet the report yesterday that His Porcine Majesty executed the former agriculture minister and a senior education ministry official with an antiaircraft gun. 

Still, I’m marginally more likely to believe reports from the semi-official news agency Yonhap about this particular type of story, where it’s marginally less likely than most sources to run with stories that turn out to be false. 

So, with those caveats dispensed with, Yonhap quotes an anonymous “Seoul official” as saying that His Porcine Majesty sent Vice-Premier Kim Yong-jin to the firing squad last month for being an “anti-party and anti-revolutionary element,” which, in reality, could mean about anything, but probably means he did something very bad. Kim Yong-jin does not make an appearance in the OFK archives, which may mean nothing more than the fact that he never attracted my attention.

But one person who makes many appearances in the OFK archives is Kim Yong-chol, who according to the same Yonhap story, was sent “to a rural farm for one month of reeducation starting in mid-July” for abuse of power and showing a “’heavy-handed’ attitude.”  Far be it for me to defend an a**hole like Kim Yong-chol, but isn’t that written into the job description?

Since January, Yong-chol’s job has been to head the United Front Department. Immediately before that, however, he headed the Reconnaissance General Bureau, North Korea’s external spy agency. As such, Kim Yong-chol was responsible for the 2010 Cheonan and Yeonpyong Island attacks, the 2014 Sony cyberterrorist attack, the 2015 land mine attack, and a whole series of assassination attempts against South Korean human rights activists and North Korean dissidents in exile.

You can read all about it in my report, “Arsenal of Terror,” which is not available in bookstores.

Kim Yong-chol’s d**k moves also come in the more petty variety. A year and a half ago, when DNI Director James Clapper visited Pyongyang on a hostage-fetching mission, Yong-chol invited Clapper to dinner, only to present him with a bill for his meal. For reasons I’m sure are unrelated to this, Kim Yong-chol was designated by the Office of Foreign Assets Control for a second time right about that time (he was first designated in 2010). Not reported is whether Clapper actually paid the bill, or whether the Treasury Department is investigating.

For more rumors about the latest purges in Pyongyang, The Joongang Ilbo has you covered.

All of which leaves me with two questions. First, do you suppose when a pezzonovante like Kim Yong-chol is weeding peas in the hot July sun, he’s thinking about how deeply sorry and humbled he is, and how much he loves and respects his morbidly obese thirtysomething boss who earned his chops in front of a Playstation? Neither do I.

Second, if Andrei Lankov is right, and the fear of purges is the main reason (or more probably, one important reason) why so many North Korean diplomats are rushing for the exits, will this push more diplomats, officials, bankers, and money launderers to reconsider their return travel plans?

Continue Reading

Global wave of bank burglaries should revive calls to kick N. Korea out of SWIFT

In recent weeks, I’ve watched with keen interest, and some schadenfreude, as news reports have implicated Pakistani and North Korean hackers in a series of massive bank burglaries involving as many as 12 banks around the world, starting with the theft of $81 million (or $101 million, depending on which report you believe) from the Bangladesh Bank’s account in the U.S. Federal Reserve.

These burglaries did not involve guns or ski masks. They were something more like armored car burglaries, but they didn’t involve armored cars. They involved malicious code inserted into software used to connect the banks to SWIFT, the Society for Worldwide Interbank Financial Telecommunications. Although the Bangladesh Bank and SWIFT have been pointing fingers at each other, IT security experts are finding North Korean fingerprints all over the malware behind the theft.

It’s now clear the global banking system has been under sustained attack from a sophisticated group — dubbed “Lazarus” — that has been linked to North Korea, according to a report from cybersecurity firm Symantec.

In at least four cases, computer hackers have been able to gain a dangerous level of access to SWIFT, the worldwide interbank communication network that settles transactions.

In early February, hackers broke into Bangladesh’s central bank and stole $101 million. Their methods appear to have been deployed in similar heists last year targeting commercial banks in Ecuador and Vietnam.

Symantec revealed evidence on Thursday that suggests hackers used the same technique to slip into a bank in the Philippines in October. Symantec (SYMC) did not name the bank.

[….]

The “Lazarus” group has been linked to a string of attacks on U.S. and South Korean government, finance and media websites since 2009. Cybersecurity firm Novetta carefully documented how “Lazarus” hacked Sony Pictures in 2014, stealing data and destroying computers at the Hollywood movie studio.

The U.S. government has publicly blamed that hack on the government of North Korea. [CNN]

SWIFT has since released a series of increasingly panicked press releases about cybersecurity. The integrity of its system has never faced a greater challenge.

Security researchers have tied the recent spate of digital breaches on Asian banks to North Korea, in what they say appears to be the first known case of a nation using digital attacks for financial gain.

In three recent attacks on banks, researchers working for the digital security firm Symantec said, the thieves deployed a rare piece of code that had been seen in only two previous cases: the hacking attack at Sony Pictures in December 2014 and attacks on banks and media companies in South Korea in 2013. Government officials in the United States and South Korea have blamed those attacks on North Korea, though they have not provided independent verification.

On Thursday, the Symantec researchers said they had uncovered evidence linking an attack at a bank in the Philippines last October with attacks on Tien Phong Bank in Vietnam in December and one in February on the central bank of Bangladesh that resulted in the theft of more than $81 million.

“If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea,” said Eric Chien, a security researcher at Symantec, who found that identical code was used across all three attacks.

“We’ve never seen an attack where a nation-state has gone in and stolen money,” Mr. Chien added. “This is a first.” [N.Y. Times, Nicole Perlroth & Michael Corkery]

And of course, North Korea isn’t the kind of place where hackers operate independently from their moms’ basements. Hacking by North Koreans means hacking by North KoreaIn a way, we should count ourselves lucky that the North Koreans only got away with Jed Clampett money; they tried to steal much more:

In the attack at Bangladesh’s central bank in February, the thieves tried to transfer $1 billion in funds from an account at the Federal Reserve Bank of New York. Fed officials became suspicious of the some of requested transfers and released only $81 million to accounts in the Philippines.

“If you presume it’s North Korea, $1 billion is almost 10 percent of their G.D.P.,” Mr. Chien said. “This is not small change for them.” [N.Y. Times]

Although I have no love of North Korean hackers or bank burglars, and no enmity against the utility of SWIFT’s services, I can’t help feeling some schadenfreude for SWIFT, given its resistance to enforcing U.N. sanctions, including sanctions against North Korea. SWIFT tried to stay neutral in the world’s (admittedly half-hearted) struggle to force North Korea to live by the world’s rules. Now, SWIFT may become North Korea’s greatest victim.

SWIFT is not a bank; it’s the virtual post office for banks. It’s a financial messaging service, a consortium established by the banking industry as a more efficient way to deliver messages between banks to debit and credit accounts. Think of SWIFT messages as sealed envelopes, with the name of the sender and recipient, and their addresses, written on the outside. SWIFT is an electronic network that delivers those envelopes, but doesn’t open them. Nearly every bank on earth relies on SWIFT, and in a sense, its reach is broader than Treasury’s, because SWIFT messages transactions in all currencies, not just dollars or Euro. SWIFT is based in Belgium, with large facilities in Switzerland and Virginia, and is regulated by EU law.

SWIFT has long had an uncomfortable coexistence with sanctions. In Treasury’s War, Juan Zarate tells the story of how a Treasury official persuaded a friend at SWIFT to share information from financial messages going to and from known terrorist financiers. The information made an invaluable contribution to Treasury’s early successes against Al Qaeda’s finances. Exposure of the program by the New York Times in 2006 was a severe setback to Treasury, and an embarrassment to SWIFT, which had cultivated a reputation for protecting the confidentiality of its transactions. That revelation has caused SWIFT to resist cooperating with international sanctions ever since, even sanctions approved by the U.N. Security Council.

Starting in early 2012, advocates of sanctions against Iran began to demand that Iran be disconnected from SWIFT, and it didn’t take long for that to happen — Congress introduced legislation that would authorize sanctions against SWIFT (see section 220), the EU passed a sanctions regulation clarifying that financial sanctions on Iranian banks also apply to financial messaging, and SWIFT cut off 30 Iranian banks, including its Central Bank. The SWIFT sanctions legislation was controversial and drew strong opposition from banking industry lobbyists.

At the time, SWIFT’s chief executive called the action “extraordinary and unprecedented,” but as an EU official conceded, it was “a very efficient measure” that could “seriously cripple the banking sector of Iran.” By most accounts, disconnecting Iran from SWIFT was one of the most effective sanctions against Iran, denying those banks the means to transfer money in any currency. The Economist later wrote, “The earlier SWIFT ban is widely seen as having helped persuade Iran’s government to negotiate over its nuclear programme.”

In 2001, the same year that SWIFT began passing information about Al Qaeda to Treasury, SWIFT welcomed North Korean banks to its network. As of 2013, SWIFT was only messaging about 50,000 transactions a year for North Korean banks (compared to about 1 million for Iran). This probably reflects the concentration of North Korea’s wealth in the state, and the almost complete absence of truly private enterprise with exposure to the financial system (in North Korea, truly private enterprise operates on cash, usually yuan and dollars, in the gray markets called jangmadang).

Since 2013, when the United Nations Security Council approved Resolution 2094, SWIFT has arguably been obligated to cut off certain North Korean banks by this paragraph:

“11.  Decides that Member States shall, in addition to implementing their obligations pursuant to paragraphs 8 (d) and (e) of resolution 1718 (2006), prevent the provision of financial services or the transfer to, through, or from their territory, or to or by their nationals or entities organized under their laws (including branches abroad), or persons or financial institutions in their territory, of any financial or other assets or resources, including bulk cash, that could contribute to the DPRK’s nuclear or ballistic missile programmes, or other activities prohibited by resolutions 1718 (2006), 1874 (2009), 2087 (2013), or this resolution, or to the evasion of measures imposed by resolutions 1718 (2006), 1874 (2009), 2087 (2013), or this resolution, including by freezing any financial or other assets or resources on their territories or that hereafter come within their territories, or that are subject to their jurisdiction or that hereafter become subject to their jurisdiction, that are associated with such programmes or activities and applying enhanced monitoring to prevent all such transactions in accordance with their national authorities and legislation;

Can SWIFT honestly argue that financial messaging isn’t a “financial service”? Can it excuse itself from the obligation to “prevent … the transfer” of funds to sanctioned banks and entities with the lame excuse that it doesn’t open the “envelopes,” it just delivers them?

Yet SWIFT has yet to announce any cutoff of North Korean banks — even those that the U.N. itself has designated. Stephan Haggard wrote in 2014 that North Korea’s SWIFT business had declined to almost nothing by 2012, but I have good reason to doubt this was true as of 2013, and let’s just leave it at that. (It has occurred to me that SWIFT actually did quietly cut the North Koreans off sometime after 2013, and that hacking SWIFT is Pyongyang’s way of inflicting some payback, but I have no evidence to support that speculative hypothesis.)

There are valid arguments against involving SWIFT in too many sanctions efforts — mainly, that less reputable services could arise to handle that business. The answer to those concerns is that the U.S. and EU should move aggressively to sanction and block any alternative messaging services that flout U.N. sanctions. Meanwhile, if any actor warrants disconnection from SWIFT, it’s North Korea, which is now the subject of six United Nations Security Council resolutions, imposing increasingly stringent sanctions on its heavily tainted banking sector. And as the North Koreans have shown again and again, if you deal with them, they’ll eventually burn you. For years, sanctions advocates have called for SWIFT to disconnect North Korean banks. Now, for the sake of SWIFT’s own integrity, would be a good time to heed those calls.

Continue Reading

On His Corpulency’s Secret Service: N. Korea has had a lot of car not-accidents (updated)

Kim Yang-gon, the head of the North’s United Front Department, has become the latest top North Korean official to assume ambient temperature. As head of the UFD, Kim was North Korea’s nearest analogue to the South’s Unification Minister, but he was also responsible for North Korea’s influence and subversion operations inside South Korea. It is one of my ruder habits to point out that the UFD has a rather substantial fifth column at its service in the South. For more on the inner workings of the UFD, the book you must read is “Dear Leader,” by Jang Jin-sung. For more on Kim’s biography, and his rapid rise since the succession of His Porcine Majesty, I’ll refer you to John Grisafi at NK News.

The point being, Kim was a pezzanovante. He (along with Hwang Pyeong-so) negotiated that agreement between the Koreas to fight another day, after the crisis that followed when North planted mines that maimed two South Korean soldiers. In terms of ideology, Michael Madden describes him as “not exactly a moderate, but … a pragmatist,” and worries that his subtraction from the equation might benefit “more hawkish elements.”

Kim’s official cause of death was a car “accident,” if you can believe that. A few people, including Andrei Lankov and Greg Scarlatoiu, seem skeptical. Personally, I have no idea. North Korea’s roads aren’t much better than the rest of its infrastructure. By most accounts, Pyongyang has more traffic now than in previous years, which still isn’t saying much. There are actual, accidental car accidents in Pyongyang. But there is also a very suspicious history:

In 1976, an official said to be a rival to then-president Kim Il Sung died in a car crash. In 2003, a predecessor to Kim Yang Gon died in a traffic accident and in 2010 top official Ri Je Gang also died in a crash.

“North Korea has a long track record of suspicious deaths around high-level officials,” said North Korea expert Andrei Lankov. “Most die either because they are machine-gunned, or they die in car crashes”.

“There are almost no cars and security for high-officials traveling in cars is extremely tight. Given that, one is bound to be skeptical about any such report coming from North Korea.” [Reuters, Jack Kim & James Pearson]

Scarlatoiu notes that senior officials like Kim Yang-gon have drivers for their fancy European sedans. Except, so senior defectors tell Scarlatoiu, when they have to drive themselves to parties — like, say, New Year’s parties — at Kim Jong-il’s house. That’s when the more suspicious accidents tend to happen.

In its 2012 annual report on North Korea, Amnesty International cited “unconfirmed reports that the authorities had either executed by firing squad or killed in staged traffic accidents 30 officials who had participated in inter-Korean talks or supervised bilateral dialogue.”

Only in North Korea would your organizational affiliation dictate your precise cause of death.

Later that same year, a defector claimed he’d been ordered by His Corpulency’s Secret Service to target his equally corpulent (but much nicer) sibling, Jong-nam, for a car not-accident in China. Still unexplained is the 2013 incident in which Kim Jong-un thanked a female traffic cop for saving his life, which caused some to speculate that His Corpulency might also have been the target of a car not-accident.

trafficlady

[caption contest in the comments section]

Our other top story this week is that General Choe Ryong-hae is still not dead. Choe had been variously reported to have been purged and sent to either a farm in South Hamgyeong or a mine in South Pyongan. As of today, he seems to have been un-purged — his name is on the list for Kim Yang-gon’s funeral committee. For those keeping track, this is at least the second time Choe has had a Lazarus-like resurrection.

If you can believe that.

(Update: And after all that, Choe was a no-show for Kim’s funeral. This is all just too weird.)

Grisafi, for whom I have much respect, thinks that the fates of Kim Yang-gon and Choe Ryong-hae mean that “the Kim Jong Un regime appears to have recently shifted away from violent purges by execution of senior officials in favor of milder punishments and reeducation.” But if Kim Yang-gon’s death really was an accident, it means that Choe’s resurrection is the only data point Grisafi has to support this argument. If it wasn’t, a staged car accident isn’t what I’d call “mild” punishment, although it could mean that his parents, children, and wife might be spared relocation to a gulag peace farm.

I think the data pool is much too thin, and the standard deviation much too high, to identify any trends. In fact, I’m officially prepared to admit that I have no effing idea what is going on in His Corpulency’s Court, except that by all outward appearances, it’s amateur hour with nuclear weapons up there.

Update 2: Via Yonhap:

“This is the big question right now facing Pyongyang watchers,” Ken Gause, a senior North Korea analyst at CNA Corp., said. “Was this an accident or is this a cover up for a purge? Sometimes when leaders are purged, the car accident is used as a way of getting rid of them without branding them a criminal or a traitor.” [….]

“The early indications are that this was an accident,” Gause said. “If, however, we begin to see a major shift away from inter-Korean dialogue toward a more aggressive, brinksmanship or isolationist policy, then we may have to take another look at this ‘accident.'”

[….]

“Kim Yang-gon’s death in a car accident might be interpreted as paying the ultimate price for the collapse of the inter-Korean mini-detente following the August agreement,” Bruce Klingner, a senior Korea expert at the Heritage Foundation, said.

But Klinger also pointed out that prior to his death, there were no indications Kim was distrusted or in danger of being purged. The frequency of Kim accompanying the leader had also increased under Kim Jong-un’s reign as compared with the era of late leader Kim Jong-il, he said.

The expert also noted leader Kim’s expression of sorrow about the loss of Kim.

“The North Korean leader attended the funeral, expressing ‘bitter grief’ and bemoaning the loss of ‘his faithful helper whom nobody can replace,’ suggesting an accidental rather than planned death,” Klingner said. “That said, other North Korean elites may now be more wary of getting into their cars.”

Continue Reading

Breaking: N. Korea announces purge of Jang Song Thaek for “anti-party, counter-revolutionary factional acts” (Updates below)

KCNA has just published a lengthy denunciation of Jang Song Thaek after an unusual, hastily scheduled meeting of the Political Bureau of the Central Committee of the ruling Workers’ Party of Korea.

In this connection, the Political Bureau of the C.C., the WPK convened its enlarged meeting and discussed the issue related to the anti-party, counter-revolutionary factional acts committed by Jang Song Thaek.  [….]

The Jang Song Thaek group, however, committed such anti-party, counter-revolutionary factional acts as gnawing at the unity and cohesion of the party and disturbing the work for establishing the party unitary leadership system and perpetrated such ant-state, unpopular crimes as doing enormous harm to the efforts to build a thriving nation and improve the standard of people’s living.

Jang pretended to uphold the party and leader but was engrossed in such factional acts as dreaming different dreams and involving himself in double-dealing behind the scene.

The denunciation blames Jang for everything from wrecking the iron, fertilizer, and vinalon industries, to “selling off precious resources of the country at cheap prices,” to offenses against North Korea’s purity.

Affected by the capitalist way of living, Jang committed irregularities and corruption and led a dissolute and depraved life.

By abusing his power, he was engrossed in irregularities and corruption, had improper relations with several women and was wined and dined at back parlors of deluxe restaurants.

Ideologically sick and extremely idle and easy-going, he used drugs and squandered foreign currency at casinos while he was receiving medical treatment in a foreign country under the care of the party.

Presumably, Jang won’t be welcome at Kim Jong Un’s yacht for Dennis Rodman’s next visit, to enjoy that “seven-star” lifestyle North Korea is so justly famous for. The denunciation ends by announcing that “the party eliminated Jang and purged his group.” I’ve posted KCNA’s entire denunciation below the fold, because I think its very tone of desperation is telling.

In case you’re wondering what all this means, it means that North Korea’s absolute ruler is a volatile man-child with a small nuclear arsenal and no adult supervision. It means that although South Korea’s National Intelligence isn’t gifted at domestic politics, it is at least a competent intelligence agency. It could also mean that Kim Jong Un has just suppressed a coup by Jang and his followers.

~  ~  ~

Several days ago, as the news of Jang’s ouster first hit the wires, I wrote about a recent wave of executions in North Korea, cited evidence that these they could indicate a fratricidal power struggle within the security forces, and suggested that Jang’s reported purge could be related to this. At the time, I still saw little evidence that Jang had really been purged, so I decided to wait a few days and see what else emerged. After all, how many times had we heard that Kim Kyok-Sik was demoted or purged before he appeared again, like Lazarus from the grave? The answer is either three (1, 2, 3) or four, depending on where he is now (I lost track). Jang himself had experienced at least one resurrection.

Over the weekend, other reports provided circumstantial support for the report of Jang’s removal. We heard that Jang’s associates have been summoned to Pyongyang, both from abroad and within North Korea. The Daily NK, tapping into its sources inside North Korea, reported that cadres had been summoned to Pyongyang en masse and were afraid that a bloody purge was coming. The new reports also caused me to take a second look at a months-old report that Jang was then in a power struggle with Choi Ryong-Hae, a man without a deep military background whom Kim Jong Un appointed to oversee party control of the military, but whom the military reportedly distrusts.

It was this report that finally persuaded me. It showed that Jang had been Trotskied out of 13 different scenes in a North Korean TV program that had already been shown several times with Jang appearing prominently. Have a look.

Screen Shot 2013-12-08 at 1.06.30 PM Screen Shot 2013-12-08 at 1.06.18 PM[via Yonhap]

At this point, I had written most of this post was was prepared to publish it tomorrow. When I read the KCNA announcement, I decided to update and publish it now.

~  ~  ~

The speculation about Jang’s fate can now give way to the speculation about Kim Jong Un’s, and North Korea’s. Jang’s purge is immensely important. Plenty of us used to think that he was the real power behind the scenes, or at the very least, Kim Jong Un’s adult supervision. Jang is married to Kim Kyong-Hui, the sister of Kim Jong Il and daughter of Kim Il Sung. He was the Vice Chairman of the powerful National Defense Commission, had a strong power base within both the party and the military, and had a reputation for being a relatively pragmatic and competent technocrat and infighter (though by no means a nice person).

The first obvious question is whether this hints at instability in Pyongyang. As of this afternoon, opinion on this question was decidedly split. Gordon Chang predicted “a new period of instability,” and quoted Bruce Bechtol, who wrote in his new book, “Sections of the elite have felt increasingly betrayed because of the large number of purges and executions that have occurred, presumably because of succession issues.” At least some South Korean experts agreed. One said, “With Jang gone, the overall stability of the North’s regime will decrease.” Even so, Chang conceded that most experts think Kim Jong Un has effectively consolidated his control, although the only example of this majority view I can cite is Bruce Klingner, who infers from this that “the North Korean ruler is firmly in control and confident enough to target even the most senior strata of power.”

Klingner is one of the very best in the Norkromancy industry — even-keeled, objective, and almost always right. This time, however, I think his conclusion rests on a questionable premise, which is that Kim Jong Un must have thought through the consequences of this purge and made a well-supported, logical calculation that he could get away with freaking out a significant percentage of his power base. This is a premise that can’t be assumed. We don’t know why Kim Jong Un makes a lot of the decisions we think he makes, but we know that at least some of them do not have a logical basis.

For example, it cannot be logical for the nominal leader of a political system founded on the intellectual superiority, monastic self-sacrifice, moral and ethnic purity, and martial discipline of its leaders to allow himself to be filmed with the likes of Dennis Rodman — twice. It’s no great loss to Rodman (or to us) that he went from being an object of ridicule to an object of loathing; it’s far more consequential to Kim Jong Un that domestic perceptions of him were probably just as negative.

It cannot be logical that a man whose power depends on the capacity for patronage funded by foreign capital would have received Rodman, but spurned Eric Schmidt, a receiving line of foreign diplomats, the President of Mongolia, and God-knows-how-many interview requests from the AP. Imagine all the aid Kim Jong Un could have bilked out of gullible foreigners who desperately wanted to believe he was a Western-oriented reformer, if only he’d chosen his company more advisedly. Imagine all of the loyalty he could have bought with that aid. But, hey! Dennis Rodman! Kim Jong Un’s personal and professional history both point to him being an impulsive person who makes impulsive decisions. The poor quality of those decisions suggests that he’s surrounded by yes-men who are afraid to caution him against yielding to those impulses. Is it possible that Jang was the last man in North Korea who tried to tell him “no”?

Jang’s removal suggests that a rift is opening in North Korea’s security apparatus. Unlike Jang, neither Kim Jong Un nor Choi Ryong-Hae has Jang’s long-standing personal connections, seniority, or gravitas. There are rumors of widespread purges in the military, both past and future, and The New York Times quotes one U.S. intelligence official who sees signs of “some kind of broader contest for control, which Jang lost, at least for now.” New Focus also sees Jang’s removal in the context of a wider power struggle between various factions, backed by different parts of the internal security apparatus.

Many in the power structure probably fear for their lives now. Those who were close to Jang have probably heard that two of his closest associates were publicly executed last month, and the head of South Korea’s National Intelligence Service is not exactly denying reports that one senior Jang protege fled to China and sought asylum. Memories of Ri Yong-Ho’s purge in July of 2012, so shortly after his promotion, must still be fresh. In October, Kim Jong Un is thought to have fired the head of the armed forces for the third time since December 2011. At that time, Aidan Foster-Carter said that was “not normal.” Needless to say, this is less normal than that. The message for North Korea’s nomenklatura must be that rank and privilege offer no protection. And while we’re on that subject, when when is the last time anyone saw Kim Jong Un’s wife?

Jang’s ouster could have security and financial consequences. I’ve never bought into the description of Jang as a “reformer,” but he did have a reputation for pragmatism, and he had extensive connections to the regime’s overseas financial lifelines. Leadership that is less pragmatic and in greater need of external enemies is more likely to provoke. Jang was closely associated with cash cows like the special economic zones at Rason, which are often confused with reform. A few days ago, a sensational Chosun Ilbo report made Rason sound like the next Wendover, Nevada, but the Joongang Ilbo now writes that Rason is “a ghost town,” and that several of its officials are under arrest. Jang was also deeply involved in North Korea’s foreign currency earnings, and those called back to Pyongyang include the North Korean Ambassador in Malaysia, a suspected haven for North Korean money laundering, and its recently purged Ambassador to Cuba (both were relatives of Jang’s). One South Korean expert predicts that “[t]rade and operations, such as the dispatching of North Korean laborers to foreign countries, will probably be hit.” Again, a logical analyst would infer that Kim Jong Un knows he has other sources of foreign income, but an impulsive mind would not have thought that through, listened to his experts, or even sought their advice.

So be it if what follows will be read as wishful thinking — wishing for something that I know could be very awful, but probably less awful than the status quo. What we’re seeing now looks a lot like my best guess about what the earliest stages of North Korea’s collapse would look like. This doesn’t mean that’s what we’re seeing, but that collapse, though long behind schedule, has never seemed more inevitable. A combination of support from China (and sometimes, South Korea) and Kim Jong Il’s Machiavellian competence delayed it for two decades, and even overcame the long odds against hereditary successions in modern times — once.

What if North Korea is purging its last reserve of Machiavellian competence, just as it encounters those long odds for the second time?

 

UPDATE: Robert Koehler, who kindly links to this post (thank you), has a photograph of Jang being perp-walked out of the Central Committee meeting. I couldn’t help being reminded of this, which proves that a volatile and impulsive tyrant can take on a significant part of his own power base and still spend the next quarter-century palace-hopping. There are both similarities and differences between the two cases, but how North Korea’s future plays out will be a function of Kim Jong Un’s Machiavellian competence. The next few months will tell us much about that.

Like me, you probably wondered just what KCNA meant when it said that “the party eliminated Jang.” NK News, citing Free North Korea Radio, passes along a rumor that Jang was actually executed on December 5th. If that’s true, it would bolster the theory that Jang attempted a coup. And if someone as close to Kim Jong Un as Jang Song Thaek tried that, you have to think that (1) Jang tested the waters and first and found Kim Jong Un’s support weak, and (2) others who do not have personal and familial ties to Kim Jong Un have had similar thoughts.

GI Korea posts about a tantalizing report on the recent high-level defection in China I refer to above. Evidently, the man was something of a pezzanovante. Says Reuters: “If true, the defection would likely be the first time in 15 years a significant insider from the Pyongyang regime has switched sides.” Reuters, citing YTN, reports that the individual “had knowledge of funds belonging to Kim and his father, former North Korean leader Kim Jong Il,” which is like porn to anyone with a serious interest in regime modification through financial pressure. The individual is reportedly under the protection of South Korean officials “in a secret location in China.” So this would be one of those “financial consequences” I was talking about.

Oh, and Yonhap notes that North Korea’s Ambassador to China is also a close associate of Jang. That could get interesting. For its part, China says it’s all an internal matter.

The Daily NK has an immediate reaction from its North Korean informants in North Hamgyeong Province, in the far northeast. One says his (unspecified) city is “reeling” at the news. Others echo the theme that Jang’s presence had been reassuring, as they had presumed that he was Kim Jong Un’s adult supervision.

“Jang Sung Taek is a familiar face for people, and one of the most trusted as well. He watched over the Marshal (Kim Jong Eun), and is even his uncle. People thought that if there were ever to be a problem within the Party Jang Sung Taek would play a big role, so the fact that he has been disposed of in a purge like this is causing great discomfort.” [….]

“We assumed that the captain of the Kim Jong Eun regime was Jang, and that the young and inexperienced Kim Jong Eun was getting a lot of political advice from his uncle.There is now the rumor that this incident occurred because Jang went against the orders of Kim on economic reform,” he added. In fact, today’s Rodong Sinmun denunciation of Jang’s actions contains this information.

The Daily NK reports that even North Koreans who rarely discuss politics are noting Kim Jong Un’s ruthless willingness to dispose of his own family members. Others were concerned that their country could become unstable. A separate analysis piece, co-authored by Chris Green, predicts that “[f]ierce competition to show loyalty to the center will grow fiercer as a result, and ordinary people will surely suffer as the incentive to toe the line grows, and rules are more rigidly adhered to.” Another expert points out that Kim can’t be having an easy time pulling off this transition, given that “he has not attended a single foreign summit or event to date,” although Jong Un hasn’t been so inclined to meet foreign leaders who come to his doorstep, either.

At the root of all of this is the high probability that the one experienced and pragmatic person in a position to observe Kim Jong Un’s style of governance either decided to oppose him, or was purged for giving him candid advice. Neither alternative is comforting.

Author’s note: I made minor stylistic and grammatical edits to this post after publication, along with one correction (see comments).

 

Continue Reading

110535895932311677

Lazarus rising:

A former South Korean soldier captured by North Korea during the Korean War escaped to China and was arrested by Chinese police while seeking to enter South Korea, a Chinese source said Monday. . . . Another source familiar with North Korea said if South Korean POWs who escaped from the North were extradited to the communist country they were likely to be executed. Returning Han to Pyongyang would be tantamount to sending him to the scaffold, the source said.

But wouldn’t depriving North Korea of its legitimate right to shoot this unreformed class enemy harm prospects for reunification? Another Hobson’s choice for the Anti-Unification Ministry.

Continue Reading

110535895932311677

Lazarus rising:

A former South Korean soldier captured by North Korea during the Korean War escaped to China and was arrested by Chinese police while seeking to enter South Korea, a Chinese source said Monday. . . . Another source familiar with North Korea said if South Korean POWs who escaped from the North were extradited to the communist country they were likely to be executed. Returning Han to Pyongyang would be tantamount to sending him to the scaffold, the source said.

But wouldn’t depriving North Korea of its legitimate right to shoot this unreformed class enemy harm prospects for reunification? Another Hobson’s choice for the Anti-Unification Ministry.

Continue Reading