WSJ: Feds may indict North Koreans in Bangladesh Bank fraud

This story just gets more interesting by the day:

Federal prosecutors are building cases that would accuse North Korea of directing one of the biggest bank robberies of modern times, the theft of $81 million from Bangladesh’s account at the Federal Reserve Bank of New York last year, according to people familiar with the matter.

The charges, if filed, would target alleged Chinese middlemen who prosecutors believe helped North Korea orchestrate the theft, the people said.

The current cases being pursued may not include charges against North Korean officials, but would likely implicate North Korea, people close to the process said. [Wall Street Journal, Aruna Viswanatha and Nicole Hong]

Traditionally, robbery has meant theft by means of force or intimidation. I thought this case sounded like a better fit for bank fraud until I read the Criminal Code section on bank robbery, which is much broader than the common law definition and covers the whole life cycle of the criminal course of conduct.

The FBI’s Los Angeles Field Office and the U.S. Attorney’s Office for the Central District of California have the lead, which means the indictments would most likely issue in the Central District of California (and consequently, the Ninth Circuit). It’s not an ideal place to pick venue if you’re the government. The USAO for the Southern District of New York is also investigating other bank fraud cases it suspects of being the work of the same North Korean hacking group, known as “Lazarus.”

As I noted in my report on North Korea’s sponsorship of terrorism, the U.S. government thinks the Reconnaissance General Bureau (which is designated by both U.S. Treasury and the U.N. Security Council) did the Sony cyber attack. Recent reports have also linked the code used in the Bangladesh fraud to the code used in the Sony attack. That would make the RGB a prime suspect in both attacks, which means it would have been a violation of the International Emergency Economic Powers Act (IEEPA) for anyone to knowingly engage in dollar transactions with the RGB’s agents after August 30, 2010, when that agency was first designated.

If charges are filed against alleged middlemen in the Bangladesh theft, they are expected to be similar to charges unsealed in September against a Chinese businesswoman, Ma Xiaohong, some of these people said.

That makes sense. The “Chinese middlemen” could be charged with violating the IEEPA and money laundering whether the feds can pin the bank fraud on the North Koreans or not. Here’s my post on the Ma Xiaohong/Dandong Hongxiang case, with links to the indictment and the civil forfeiture complaint.

There is, apparently, a “minority view” among the feds that the North Koreans may have sold the code to third parties without being directly involved. Depending on the evidence, that might still be a crime — most likely conspiracy to commit bank fraud or a violation of the Computer Fraud and Abuse Act, or aiding and abetting one of those crimes. That might even be a smarter charging strategy.

The report also says the Treasury Department may freeze the assets of those under investigation (I’d guess under Executive Order 13722, implementing the NKSPEA, or EO 13757, Obama’s eleventh-hour cyber executive order).

A decade ago, the feds were ready to indict North Korean officials for counterfeiting, but political pressure from the State Department got the case shelved — permanently. That was the George W. Bush administration. I don’t get the impression that the Trump administration would do any such favors for Kim Jong-un.

Continue Reading

Top NSA official attributes attempted $1B bank heist to North Korean hackers

The story of the Bangladesh Bank/SWIFT heist has gotten much more interesting of late. Now, not only do we have a senior U.S. intelligence official attributing it to a government, we learn that the North Koreans tried to steal nearly ….

A senior National Security Agency official appeared to confirm that North Korean computer hackers were behind a multi-million dollar heist targeting Bangladesh’s central bank last year.

Computer hackers attempted to steal $951 million, but only got away with $81 million, some of which was later recovered. After the theft, security firms quickly pointed the finger at North Korea. Other experts disputed that finding. But on Tuesday, NSA Deputy Director Rick Ledgett appeared to say North Korea was the culprit during a cryptic exchange at a Washington forum.

Speaking at an Aspen Institute roundtable, Ledgett pointed out that private sector researchers had linked the digital break-in in Bangladesh to the 2014 hack on Sony Pictures, which the U.S. government attributed to Pyongyang.

“If that linkage from the Sony actors to the Bangladeshi bank actors is accurate — that means that a nation state is robbing banks,” Ledgett said. “That’s a big deal.” [Foreign Policy]

To be clear, this isn’t U.S. government attribution, and there’s no explanation here of why Ledgett thinks the North Koreans were behind the theft, but Ledgett is described as a “30-year veteran” of the NSA who is due to retire later this year. Such a person wouldn’t ordinarily make that statement unless (1) he believed it, and (2) he was fairly certain the agency management was OK with him saying it in a public forum. In fact,  I think we’re all going to be hearing much more about why people think North Korea is now the only government that robs banks. What I’m also hoping we’ll find out is what bank accounts the money ended up in.

By attacking a bank and making off with large sums of money, North Korea can evade sanctions and obtain foreign currency, but so far, that effort has not delivered serious dividends for Pyongyang.

North Korea: tactically brilliant and strategically moronic since 1948. By the way, don’t expect SWIFT to publicly admit that its software was hacked. Standard behavior for any corporate victim of a cyberattack is to refuse to comment, or even to deny. They’re more worried about their reputations for systems security than in helping to punish hackers and hold them accountable. In most cases, hackers don’t have reputations to protect. When the hacker is a government, however, it has far more to lose by being accused of bank fraud.

Continue Reading

N. Korea, Lazarus & SWIFT: Are the white hats closing in? (Update: SWIFT cuts off remaining N. Korean banks)

In the last month, major news stories about North Korea have bombarded my batting cage faster than I’ve been able to swing at them. I’d wondered when I’d have a chance to cover Katy Burne’s detailed story in the Wall Street Journal about the empty half of the SWIFT glass — that despite its recent decision to disconnect three U.N.-designated North Korean banks, it’s still messaging for banks that are sanctioned by the Treasury Department, but not by the U.N.:

The U.S. Treasury-sanctioned banks that remain on Swift include the state-owned Foreign Trade Bank of the Democratic People’s Republic of Korea, the country’s primary foreign-exchange bank; Kumgang Bank; Koryo Credit Development Bank; and North East Asia Bank, according to people familiar with the network. A search on Swift’s website listed active bank identifier codes for the institutions as of Monday.

The U.S. designated for sanctions the Foreign Trade Bank in 2013, saying it facilitated weapons of mass destruction programs in North Korea. The other three were sanctioned in December as the U.S. targeted entities it said supported the North Korean government and its weapons programs following the Asian nation’s September 2016 nuclear test.

The apparent sanctions gap raises questions about how easily North Korea could move currency through alternative banking channels, something the U.N. said it has been known to do in the past through fronting companies. [….]

While based in Brussels and regulated by Belgian authorities, the company intersects daily with U.S. financial institutions, processing tens of millions of payment instructions, including through a large facility in Culpeper County, Va. [WSJ, Katy Burne]

I won’t sugar-coat this; the fact that these dirty and important (to His Porcine Majesty) banks can still use SWIFT is a major hole in our sanctions, and whether Congress and the administration are willing to close it will be a test of how serious they are about stranding Pyongyang’s money.

I can understand some of SWIFT’s likely arguments against that, mind you: first, SWIFT has earned much good will from Treasury for favors it has done them on terrorist financing; second, there may be other potential providers of the same service that may be less responsive to U.S. legal pressure. Fair enough, but whoever takes up that slack in SWIFT’s wake should be sanctioned to swift extinction (yes, intended). For a list of North Korean banks indicating which ones are designated by the U.N. and the U.S., see this post, and scroll down.

Meanwhile, Symantec now claims it has additional evidence that the hacker group Lazarus, which it had previously linked to the robbery of the Bangladesh bank using hacked SWIFT software, is responsible for that attack, and more:

A North Korean hacking group known as Lazarus was likely behind a recent cyber campaign targeting organizations in 31 countries, following high-profile attacks on Bangladesh Bank, Sony and South Korea, cyber security firm Symantec Corp said on Wednesday.

Symantec said in a blog that researchers have uncovered four pieces of digital evidence suggesting the Lazarus group was behind the campaign that sought to infect victims with “loader” software used to stage attacks by installing other malicious programs.

“We are reasonably certain” Lazarus was responsible, Symantec researcher Eric Chien said in an interview.

The North Korean government has denied allegations it was involved in the hacks, which were made by officials in Washington and Seoul, as well as security firms.

U.S. Federal Bureau of Investigation representatives could not immediately be reached for comment.

Symantec did not identify targeted organizations and said it did not know if any money had been stolen. Nonetheless, Symantec said the claim was significant because the group used a more sophisticated targeting approach than in previous campaigns.

“This represents a significant escalation of the threat,” said Dan Guido, chief executive of Trail of Bits, which does consulting to banks and the U.S. government. [Reuters]

Further down, the report suggests that one or more Polish banks may also have been hit, but “Reuters has been unable to ascertain what happened in that attack.” The headline having promised evidence of attribution to North Korea, however, the text of the story itself left me wanting more. It’s not news that Symantec has linked Lazarus to North Korea; Symantec did that almost a year ago. Nothing in Reuters’s report adds evidence to that attribution.

Nor does this story suggest that there’s enough evidence for the feds to act against Lazarus, although it does hint that the FBI is investigating. Jurisdiction shouldn’t be an issue in the Bangladesh case; money moved through the New York Federal Reserve Bank. Attribution is the real question. Depending on what they can prove, the feds would have many potential charging options, including bank fraud, wire fraud, the Computer Crime and Abuse Act, racketeering, and money laundering. Furthermore, there are anti-hacking provisions in both the NKSPEA (section 104(a)(7)) and Executive Order 13722, which means that if the feds could find any of Lazarus’s money, or any assets of Lazarus’s co-conspirators — regardless of whether those assets can be traced to any of these specific acts — the Treasury Department could freeze them, and the Justice Department could forfeit them.

And needless to say, the indictment of a state actor would be a big deal, for a lot of reasons.

So far, I don’t see enough in the open sources to support that, but it’s good news that the white hats are working diligently on this. If they can attribute this to senior officials in the North Korean government — most likely, within the Reconnaissance General Bureau — then it would be our legal basis to go after the RGB’s assets, which we’ve recently learned include some sophisticated and global commercial operations. This story bears close watching.

~   ~   ~

Update:

Reuters is reporting that SWIFT will disconnect the remaining North Korean banks:

SWIFT, the inter-bank messaging network which is the backbone of international finance, said it planned to cut off the remaining North Korean banks still connected to its system, as concerns about the country’s nuclear program and missile tests grow. SWIFT said the four remaining banks on the network would be disconnected for failing to meet its operating criteria.

The bank-owned co-operative declined to specify what the banks’ shortcomings were or if it had received representations from any governments. Experts said the decision to cut off banks which were not subject to European Union sanctions was unusual and a possible sign of diplomatic pressure on SWIFT. [Reuters]

Now that SWIFT has gotten itself right with Jesus, I would like to implore everyone, everywhere to lay off SWIFT. It’s absolutely true that if we turn SWIFT into a political surrogate for our sundry political conflicts, the world’s dirtiest banks will just take their business elsewhere. That’s not a trend we want to encourage. SWIFT has usually been a responsible member of the financial community, sometimes at great cost to itself.

My argument all along has been that (1) North Korea deserves to be an exception to that rule because (2) North Korea is a unique threat to the financial system — not to mention, to all of humanity — as documented in (3) seven U.N. Security Council Resolutions, a Patriot Act 311 determination, and a call for “countermeasures” by the Financial Action Task Force. You can’t say that about any other country on earth right now — not even Iran. I can’t reconcile messaging for North Korean banks with any of those authorities. And if any competitor tries messaging for the FTB, it’s especially important that the Treasury Department should have the authority to obliterate them (which is why Congress should still proceed with something like the BANK Act).

Having said all that, I wouldn’t be too quick to assume that diplomatic pressure was the main reason for this most welcome decision. “Operating criteria” could mean a lot of things, but it’s a slightly better fit with “massive global bank fraud” than it is with “diplomatic pressure.” If there are more developments in the Lazarus investigation than the Reuters report makes apparent, and if those developments convinced SWIFT that it had unwittingly helped the North Koreans defraud its more reputable clients by sharing its software with them — and their hackers — that would be a perfectly good (and equally plausible) reason for SWIFT to have cut the North Koreans off.

Yet again, the North Koreans are tactically brilliant criminals. And yet again, they’re strategically moronic. It’s a rare and happy day when someone finally holds them to account for it.

Continue Reading

North Korean diplomats behaving badly, Part 2

On balance, I suppose Kim Jong-un probably prefers to see his foreign emissaries expelled than boarding KAL flights to Seoul. Still, since we last took inventory of Pyongyang’s distressed diplomatic corps in March, several more North Korean diplomats have been kicked out and sent home, and His Corpulency is apparently displeased. 

Pakistan

In 2014, I wrote about North Koreans who were bootlegging alcohol in Muslim countries, quite possibly the only illicit North Korean activity that also provides a useful service to humanity. At the time, I didn’t see strong evidence that any of the perpetrators were diplomats, but a series of arrests has delivered that evidence. Several North Korean diplomats have since been arrested for smuggling alcohol, using their status as a cover. 

In April, a North Korean diplomat posted in the Pakistani city of Karachi was apprehended while trying to bring 855 boxes of duty-free liquor, nearly double the amount allowed, into the country. A source in Pakistan Tuesday identified the diplomat as Kang Song Gun, a commercial counselor at North Korea’s consulate in Karachi. [VOA]

You can read more about that arrest here. This Pakistani customs trade journal has a nice, detailed inventory of how North Korean diplomats stock their speakeasies.

In May 2015, another North Korean diplomat, Koh Hak Chol, a third secretary at the consulate, was apprehended by customs officials while carrying liquor that exceeded quotas, the source said. Pakistani officials questioned Koh for several hours but released him without charge. The Pakistani source said both Kang and Koh are still with the diplomatic mission.

Another source in Pakistan said some North Korean diplomats who were arrested for illegal liquor selling continued the illicit activity after their release. Trading alcohol in a black market is an important money-making source for many North Korean diplomats although the sale of alcohol is strictly banned in the Muslim country, according to the source. [….]

In April 2015, a North Korean diplomat and his wife were caught selling liquor inside the upscale Defense Housing Authority (DHA) development in Karachi. In 2013, Pakistan’s Express Tribune newspaper reported Pakistani officials had investigated complaints that North Korean diplomats were selling alcohol at the complex. [VOA]

An unnamed Pakistani source tells VOA that “[t]here have been at least 10 confirmed cases of illegal liquor trade involving North Korean diplomats in Pakistan since 2009.” So there is ample evidence that North Korean diplomats are involved. Unfortunately — or fortunately, if you’re a thirsty Pakistani — the Pakistani government still isn’t expelling them.

Germany

In April, North Korea suddenly recalled its ambassador to Germany, Ri Si-hong, who had been in his post since 2011. The reasons for Ri’s recall weren’t clear, although the Korean press offered several lines of speculation. The Chosun Ilbo reported that Ri’s recall followed Germany’s deportation of two other North Korean diplomats for “illegally raising cash for the regime,” and cited Radio Free Asia’s speculation that Ri was recalled “because he was being blamed” for the arrests. Yonhap (also citing RFA) offered the alternative theory that Ri had failed “to meet expectations,” which may mean he isn’t kicking up enough loyalty payments. The Donga Ilbo claimed that he was being held “accountable for Berlin’s condemnation of the North’s nuclear test in January” and for Germany’s subsequent support for UNSCR 2270. It also reports that North Korean diplomats had previously quarreled with their German hosts after the embassy rented out part of its building, in violation of the Vienna Convention.

Whatever the reason for Ri’s recall, in July, we learned that Germany had refused to credential Ri’s designated successor. Yet again, we could only speculate as to why, and yet again, the Korean press was equal to the challenge. Some said he was a spy in involved in “dubious business activities” (North Korea’s Reconnaissance General Bureau is designated by the U.N. and the U.S. Treasury Department). Yonhap also implied that the nominee had been “involved in unlawful activities in the past.”

At last word, Ri was back to Berlin to resume his duties — presumably, with his family under the watchful eyes of the Ministry of Peoples’ Security back in Pyongyang. If the German authorities ultimately determine that Ri was involved in illicit activities, it may be required to expel him, too.

Vietnam

In July, Vietnam banned a total of 28 U.N.-designated North Koreans and deported at least two of them. According to UPI, one of the men, Choe Sung-il, was a representative of U.N.-designated Tanchon Commercial Bank, who was in charge of North Korea’s arms sales in Asia. He was deported in April. Also deported this year was Kim Jung-jong.

According to NK News, however, Vietnam later denied that either of the men was associated with Tanchon, and even asked the U.N. 1718 Committee to update its designations accordingly. Valiantly attempting to deconflict these reports, Hamish MacDonald writes:

However, despite the requested amendments, it appears that Vietnam is not necessarily refuting that the two individuals were representatives of Tanchon Commercial Bank (TCB), but rather take issue with them being identified as representatives specifically “in Vietnam”, considering that it says that TCB did not have a physical branch within the country.

In the report’s conclusion, the Vietnamese authorities suggested that the listing of the two North Koreans be altered to simply “Tanchon Commercial Bank Representatives”, with no mention of Vietnam itself.

Another likely factor in the request is that the two individuals in question are no longer residing in Vietnam. According to Vietnamese authorities, Kim left the country in January – prior to the adoption of Resolution 2270 – while Choe departed Vietnam in April.

“Vietnam is clearly requesting a change to the designation explanations for Choe Song Il and Kim Jung Jong. It does not wish to be publicly associated with sanctions breaches and has given evidence that the individuals have left the country, which it claims should be sufficient for the ‘Vietnam’ portion of the designation text to be stricken,” Andrea Berger of the Royal United Services Institute (RUSI) told NK News on Thursday.

“Its assertion that the individuals cannot be connected to Tanchon because there is no evidence that Tanchon had representation in the country, may in fact be the product of clever North Korean sanctions evasion,” Berger added. [NK News, Hamish MacDonald]

According to the U.N. Panel of Experts’ 2016 report, Vietnam had previously been one of Pyongyang’s customers, which might explain why Hanoi has a motive to dissemble. Furthermore, Tanchon had been designated long before this year. Vietnam may be concerned that the U.N. designation list implicates it retroactively.

Some of the 26 other North Koreans appear to be senior officials without ostensible links to ’Nam, who may have been added to pad its list. I say let bygones be bygones (this is Vietnam we’re talking about, after all). Now, our interests are converging again. It can’t hurt our efforts to secure Vietnam’s compliance that Vietnamese opinion has turned sharply against China over the South China Sea.

Bangladesh

Earlier this month, Bangladesh expelled a North Korean diplomat for smuggling cigarettes and unspecified electronic goods in a shipping container.  Reuters identified the diplomat as Han Son-ik, the First Secretary of North Korea’s embassy in Dhaka.

Bangladesh foreign secretary Shahidul Haque confirmed the order had been made to the North Koreans, but declined to give a timetable for his departure. Local media said he had been ordered by leave by Monday.

“We have asked North Korea to take him back for violating diplomatic norms,” Haque, Bangladesh’s top foreign bureaucrat, told AFP, declining to give details. A senior customs official told AFP the North Korean used his diplomatic immunity earlier this month to import the goods which were suspected destined for the blackmarket.

“The diplomat declared that his cargo contained food and soft drinks. But when we opened the cargo, we found 1.6 million stalks of expensive cigarettes and electronics,” Moinul Khan, head of intelligence at Bangladesh customs, told AFP. “At market prices these products are valued at 35 million taka (US$430,000). We suspect that he brought the products to sell to local smuggling gangs,” he said. [Channel News Asia]

KBS reports that the containers came in from Malaysia, which has close commercial ties to North Korea, and which should now conduct its own investigation into the smuggling operation — first, to determine whether any of the electronics were proliferation-sensitive items or luxury goods headed for Pyongyang; second, to determine whether U.N.-designated persons were involved in the shipments; and third, to determine whether the revenues from the transactions violated any of the financial due diligence provisions of UNSCR 2270 or 2094.

If that seems brazen, KBS also reports that Bangladeshi authorities are “conducting a probe into two other containers held under the North Korean embassy’s name that are suspected of carrying undeclared vehicles including Rolls-Royces and BMWs.” That’s a potential violation of UNSCR 1718’s luxury goods ban, depending on where those vehicles ended up. 

I’ve long hoped that the Panel of Experts would focus more attention on North Korea’s Malaysian connections, in the hope that Malaysia would decide that it would rather do without this kind of attention. Hopefully, we’ll learn more about that investigation in the next POE report. 

The position of First Secretary in Dhaka has experienced significant turnover recently. Last year, Bangladesh expelled Han’s predecessor, Son Young-nam, for smuggling $1.4 million worth of gold. UNSCR 2270 requires member states to “prohibit the procurement of” gold by North Koreans.

~   ~   ~

Expulsions of North Korean diplomats appear to be on the rise. In some cases, that’s because UNSCR 2270 has emphasized member states’ duty to expel diplomats involved in certain prohibited activities. In other cases, diplomats appear to be engaged in the same old garden-variety smuggling North Korean diplomats are infamous for, only they’re making more stupid mistakes than they used to. Based on other reports I’ve read, North Korean diplomats are under pressure to maintain agency operations, pay their own salaries, and make steep loyalty payments to the Mother Ship. They appear to be making those stupid mistakes out of financial desperation.

It won’t improve morale that following Thae Yong-ho’s defection, Pyongyang is sending more security agents abroad to watch its diplomats more closely than ever, and has ordered the execution — with antiaircraft guns! — of those who fail to prevent defections. Or so says a “source, who declined to be identified.” That source also claims that His Corpulency “has ordered the families of North Korean diplomats and overseas workers back to the country following Thae’s defection,” as I’d have expected. I’m no longer alone in describing the death spiral of rising pressure on a shrinking pool of North Korean expatriates to support the regime, which ultimately breaks their morale, spurs more defections, and causes Pyongyang to call yet more expats home.

Lather, rinse, repeat.

But why the financial desperation? I’ve explained my doubts that the U.S. has made full use of its power to freeze North Korean slush funds, and I stand by those doubts. Could it be that South Korea’s cutoff of Kaesong, and its diplomatic push to cut Pyongyang’s sources of hard currency, have been more effective than I’d realized? Or might banks be blocking North Korean accounts already, in anticipation of Treasury’s final rule cutting North Korean banks’ correspondent relationships, or in fear of the enhanced due diligence requirements that will apply to North Korean customers? I suppose time will tell.

Update: Uzbekistan embassy closes

Yonhap reports that North Korea has closed its embassy in Tashkent for “restructuring.” That leaves no North Korean embassies in the ‘stans, and only one former Soviet state with a North Korean embassy — Russia. Really? Evidently so. I guess that foils my plans for getting my first visit from Turkmenistan.

 

Continue Reading

Global wave of bank burglaries should revive calls to kick N. Korea out of SWIFT

In recent weeks, I’ve watched with keen interest, and some schadenfreude, as news reports have implicated Pakistani and North Korean hackers in a series of massive bank burglaries involving as many as 12 banks around the world, starting with the theft of $81 million (or $101 million, depending on which report you believe) from the Bangladesh Bank’s account in the U.S. Federal Reserve.

These burglaries did not involve guns or ski masks. They were something more like armored car burglaries, but they didn’t involve armored cars. They involved malicious code inserted into software used to connect the banks to SWIFT, the Society for Worldwide Interbank Financial Telecommunications. Although the Bangladesh Bank and SWIFT have been pointing fingers at each other, IT security experts are finding North Korean fingerprints all over the malware behind the theft.

It’s now clear the global banking system has been under sustained attack from a sophisticated group — dubbed “Lazarus” — that has been linked to North Korea, according to a report from cybersecurity firm Symantec.

In at least four cases, computer hackers have been able to gain a dangerous level of access to SWIFT, the worldwide interbank communication network that settles transactions.

In early February, hackers broke into Bangladesh’s central bank and stole $101 million. Their methods appear to have been deployed in similar heists last year targeting commercial banks in Ecuador and Vietnam.

Symantec revealed evidence on Thursday that suggests hackers used the same technique to slip into a bank in the Philippines in October. Symantec (SYMC) did not name the bank.

[….]

The “Lazarus” group has been linked to a string of attacks on U.S. and South Korean government, finance and media websites since 2009. Cybersecurity firm Novetta carefully documented how “Lazarus” hacked Sony Pictures in 2014, stealing data and destroying computers at the Hollywood movie studio.

The U.S. government has publicly blamed that hack on the government of North Korea. [CNN]

SWIFT has since released a series of increasingly panicked press releases about cybersecurity. The integrity of its system has never faced a greater challenge.

Security researchers have tied the recent spate of digital breaches on Asian banks to North Korea, in what they say appears to be the first known case of a nation using digital attacks for financial gain.

In three recent attacks on banks, researchers working for the digital security firm Symantec said, the thieves deployed a rare piece of code that had been seen in only two previous cases: the hacking attack at Sony Pictures in December 2014 and attacks on banks and media companies in South Korea in 2013. Government officials in the United States and South Korea have blamed those attacks on North Korea, though they have not provided independent verification.

On Thursday, the Symantec researchers said they had uncovered evidence linking an attack at a bank in the Philippines last October with attacks on Tien Phong Bank in Vietnam in December and one in February on the central bank of Bangladesh that resulted in the theft of more than $81 million.

“If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea,” said Eric Chien, a security researcher at Symantec, who found that identical code was used across all three attacks.

“We’ve never seen an attack where a nation-state has gone in and stolen money,” Mr. Chien added. “This is a first.” [N.Y. Times, Nicole Perlroth & Michael Corkery]

And of course, North Korea isn’t the kind of place where hackers operate independently from their moms’ basements. Hacking by North Koreans means hacking by North KoreaIn a way, we should count ourselves lucky that the North Koreans only got away with Jed Clampett money; they tried to steal much more:

In the attack at Bangladesh’s central bank in February, the thieves tried to transfer $1 billion in funds from an account at the Federal Reserve Bank of New York. Fed officials became suspicious of the some of requested transfers and released only $81 million to accounts in the Philippines.

“If you presume it’s North Korea, $1 billion is almost 10 percent of their G.D.P.,” Mr. Chien said. “This is not small change for them.” [N.Y. Times]

Although I have no love of North Korean hackers or bank burglars, and no enmity against the utility of SWIFT’s services, I can’t help feeling some schadenfreude for SWIFT, given its resistance to enforcing U.N. sanctions, including sanctions against North Korea. SWIFT tried to stay neutral in the world’s (admittedly half-hearted) struggle to force North Korea to live by the world’s rules. Now, SWIFT may become North Korea’s greatest victim.

SWIFT is not a bank; it’s the virtual post office for banks. It’s a financial messaging service, a consortium established by the banking industry as a more efficient way to deliver messages between banks to debit and credit accounts. Think of SWIFT messages as sealed envelopes, with the name of the sender and recipient, and their addresses, written on the outside. SWIFT is an electronic network that delivers those envelopes, but doesn’t open them. Nearly every bank on earth relies on SWIFT, and in a sense, its reach is broader than Treasury’s, because SWIFT messages transactions in all currencies, not just dollars or Euro. SWIFT is based in Belgium, with large facilities in Switzerland and Virginia, and is regulated by EU law.

SWIFT has long had an uncomfortable coexistence with sanctions. In Treasury’s War, Juan Zarate tells the story of how a Treasury official persuaded a friend at SWIFT to share information from financial messages going to and from known terrorist financiers. The information made an invaluable contribution to Treasury’s early successes against Al Qaeda’s finances. Exposure of the program by the New York Times in 2006 was a severe setback to Treasury, and an embarrassment to SWIFT, which had cultivated a reputation for protecting the confidentiality of its transactions. That revelation has caused SWIFT to resist cooperating with international sanctions ever since, even sanctions approved by the U.N. Security Council.

Starting in early 2012, advocates of sanctions against Iran began to demand that Iran be disconnected from SWIFT, and it didn’t take long for that to happen — Congress introduced legislation that would authorize sanctions against SWIFT (see section 220), the EU passed a sanctions regulation clarifying that financial sanctions on Iranian banks also apply to financial messaging, and SWIFT cut off 30 Iranian banks, including its Central Bank. The SWIFT sanctions legislation was controversial and drew strong opposition from banking industry lobbyists.

At the time, SWIFT’s chief executive called the action “extraordinary and unprecedented,” but as an EU official conceded, it was “a very efficient measure” that could “seriously cripple the banking sector of Iran.” By most accounts, disconnecting Iran from SWIFT was one of the most effective sanctions against Iran, denying those banks the means to transfer money in any currency. The Economist later wrote, “The earlier SWIFT ban is widely seen as having helped persuade Iran’s government to negotiate over its nuclear programme.”

In 2001, the same year that SWIFT began passing information about Al Qaeda to Treasury, SWIFT welcomed North Korean banks to its network. As of 2013, SWIFT was only messaging about 50,000 transactions a year for North Korean banks (compared to about 1 million for Iran). This probably reflects the concentration of North Korea’s wealth in the state, and the almost complete absence of truly private enterprise with exposure to the financial system (in North Korea, truly private enterprise operates on cash, usually yuan and dollars, in the gray markets called jangmadang).

Since 2013, when the United Nations Security Council approved Resolution 2094, SWIFT has arguably been obligated to cut off certain North Korean banks by this paragraph:

“11.  Decides that Member States shall, in addition to implementing their obligations pursuant to paragraphs 8 (d) and (e) of resolution 1718 (2006), prevent the provision of financial services or the transfer to, through, or from their territory, or to or by their nationals or entities organized under their laws (including branches abroad), or persons or financial institutions in their territory, of any financial or other assets or resources, including bulk cash, that could contribute to the DPRK’s nuclear or ballistic missile programmes, or other activities prohibited by resolutions 1718 (2006), 1874 (2009), 2087 (2013), or this resolution, or to the evasion of measures imposed by resolutions 1718 (2006), 1874 (2009), 2087 (2013), or this resolution, including by freezing any financial or other assets or resources on their territories or that hereafter come within their territories, or that are subject to their jurisdiction or that hereafter become subject to their jurisdiction, that are associated with such programmes or activities and applying enhanced monitoring to prevent all such transactions in accordance with their national authorities and legislation;

Can SWIFT honestly argue that financial messaging isn’t a “financial service”? Can it excuse itself from the obligation to “prevent … the transfer” of funds to sanctioned banks and entities with the lame excuse that it doesn’t open the “envelopes,” it just delivers them?

Yet SWIFT has yet to announce any cutoff of North Korean banks — even those that the U.N. itself has designated. Stephan Haggard wrote in 2014 that North Korea’s SWIFT business had declined to almost nothing by 2012, but I have good reason to doubt this was true as of 2013, and let’s just leave it at that. (It has occurred to me that SWIFT actually did quietly cut the North Koreans off sometime after 2013, and that hacking SWIFT is Pyongyang’s way of inflicting some payback, but I have no evidence to support that speculative hypothesis.)

There are valid arguments against involving SWIFT in too many sanctions efforts — mainly, that less reputable services could arise to handle that business. The answer to those concerns is that the U.S. and EU should move aggressively to sanction and block any alternative messaging services that flout U.N. sanctions. Meanwhile, if any actor warrants disconnection from SWIFT, it’s North Korea, which is now the subject of six United Nations Security Council resolutions, imposing increasingly stringent sanctions on its heavily tainted banking sector. And as the North Koreans have shown again and again, if you deal with them, they’ll eventually burn you. For years, sanctions advocates have called for SWIFT to disconnect North Korean banks. Now, for the sake of SWIFT’s own integrity, would be a good time to heed those calls.

Continue Reading

North Korean diplomats behaving badly

If you’re a North Korean diplomat, a good general rule is that all publicity is bad publicity. Over the last two weeks, North Koreans, most of them diplomats or former diplomats, have attracted much publicity of the kind they couldn’t have wanted.

The Chinese government reports that “a North Korean consular official” killed two Chinese citizens while driving home drunk in Dandong last month. The North Korean diplomat was on his way home from an “event celebrating North Korea’s launch of a long-range rocket.” So, that’s another way post-launch events may not have worked out quite as His Porcine Majesty might have hoped.

Also this week, Tanzanian authorities expelled a former North Korean diplomat, Kang Sungguk, for using forged passports and for suspected involvement in various unspecified illegal activities. Prior to 2001, Kang had been an “economic councilor” at the North Korean embassy in Dar-as-Salam. Since then, he had been “a prominent North Korean businessman with supposed diplomatic status who ran several businesses from his base in Guangzhou, China.” It’s always China.

The acting Commissioner of Immigration (Border Management and Control), Wilson Bambaganya, said that immigration officers with support from security officers had been watching Kang closely for sometime and observed his various violations of both national and international laws.

“We (Immigration) gathered information about his habit of changing passports with fake names, different dates of births and numbers,” Bambaganya said. “We asked ourselves what his motives were for constantly forging those details, and we realised that for a person of his status to do such things, he must be engaged in some illegal business, although we couldn’t establish exactly what business.”
When Kang was recently interrogated by immigration officers, he failed to produce any traceable legal business links, which only served to raise more suspicions about him, the senior immigration department official said.

“We even tried to communicate with his country’s embassy here in Tanzania, but they also said they had no proper information about Kang and his current businesses. So we finally decided to expel him via a PI note,” Bambaganya explained.

He added: “Even if he (Kang) was a genuine businessman in China or anywhere else, here in our country we have concluded that he was dealing in illegal business activities.” [IPP Media, via The Guardian]

Last week, Sri Lankan authorities detained two North Koreans for carrying $150,000 in cash. That’s U.S. dollars, in case it matters to you which convertible currency discriminating North Korean money launderers prefer. The two — contra the post title, these two probably were not diplomats — were on their way from Oman to China carrying home “wages earned by themselves as well as other co-workers at construction sites in Oman.” Like many governments, Sri Lanka requires persons carrying more than $10,000 in cash to declare it to the authorities.

In China, the two would presumably have deposited the cash into a bank that would have been willing to scrub the subsequent wire transfers of all references to a North Korean affiliation. Not that any Chinese bank would do thatNorth Korea has since demanded the release of the men and the return of the money. Because the money consists of proceeds of North Korean labor exports, it’s subject to blocking under Executive Order 13722, but not under U.N. Security Council Resolution 2270 (unless, of course, it’s associated with WMD programs, weapons trafficking, or luxury goods imports).

North Korean consulates are expected to be self-financing, so North Korean diplomats often find themselves placed under arrest in far-flung, exotic locations, like Mozambique, were North Korean diplomat Pak Chol-jun was arrested in May of last year with ten pounds of rhino horn worth $99,300. South Africa later expelled Pak, who was posted at the North Korean embassy in Pretoria.

Just over a year ago, Son Young-nam, the first secretary of the North Korean embassy in Dhaka was arrested by Bangladeshi authorities carrying 59 pounds of gold, worth $1.4 million, which he hadn’t declared to customs. North Korea later apologized, and Bangladesh expelled the diplomat. Gold smuggling is a traditional method for North Korea to evade sanctions and money laundering crackdowns. UNSCR 2270 requires member states to “prohibit the procurement of” gold by North Koreans.

Also on the slave labor front, the Daily NK has an exposé of the role of North Korean consulates in China in procuring human chattels for rental.

“Starting from about a few years ago, officials in the North Korean consulates in China started to provide young female workers to ethnic Korean owned toll processing businesses for a fee. Recently, one such consulate has been receiving a 200-Yuan per month fee in similar transactions with a wig-making factory. The fee in this case is transferred from the worker’s account in accordance with the contract,” a North Korean source currently residing in China reported to Daily NK on March 18.

This development was corroborated by an additional source close to the issue in China.

The brokering of these deals originated in Shenyang, where ethnic Korean managers of seafood processing and packaging, textiles manufacturing, and wig and artificial eyebrow making factories started hiring young, cheap female workers from Pyongyang. The number of Chinese businesses looking to hire young, pretty, 20-something natives of Pyongyang is so large that the consulates have stepped in to facilitate.

Demand from Chinese businesses in the Northeast cities of Jilin, Heilongjiang, and Liaoning quickly built on the momentum, meeting supply from North Korean authorities looking to export labor for a profit. There is a heavy emphasis on beautiful young girls from big cities like the capital. Even now, in the face of strict primary and secondary sanctions targeting the North Korean regime, the demand for young North Korean female workers has not abated. [Daily NK]

If a plain-looking woman can pack seafood or knit a wig just as efficiently as a pretty one can, it’s unclear why the Chinese employers put such a premium on appearance unless they intend to exploit the women sexually. This goes unstated in the article, but previous reports have alleged that North Korean managers had pimped out female North Korean workers in a food processing plant in Donggang.

Finally, a number of sources are reporting that two countries are about to expel North Korean diplomats who’ve been designated by the U.N. Security Council. North Korea has replaced its Ambassador to Burma after the Security Council designated the incumbent, Kim Sok-chol. The U.S. Treasury Department designated Kim last November for activities on behalf of the Korea Mining Development Trading Corporation, or KOMID, a trading company designated for proliferation.

Egypt is also said to be about to expel North Korean Ambassador Pak Chun-il after his designation. Pak allegedly “played a key role in establishing an Egyptian branch of … KOMID,” and was involved in weapons smuggling and other illegal activities. Egypt has recently come up in multiple reports on North Korea sanctions violations, and was mentioned in the most recent U.N. Panel of Experts report. Last November, the U.S. Treasury Department designated Eko Development and Investment Company, a/k/a, Eko Development and Investment Food Company, a/k/a Eko Import and Export Company, a North Korean trading company based in Cairo, for being a KOMID front. Treasury also designated Egypt-based Ri Won Ho last week, when it first published Executive Order 13722. Treasury describes Ri as “an official of the DPRK’s Ministry of State Security based in Egypt” who was working for KOMID.

Last month, investigative journalist George Turner revealed that Egyptian-U.S. dual national Naguib Sawaris of Orascom/Koryolink infamy was in partnership with North Korea’s Foreign Trade Bank, designated by Treasury for proliferation, through the Orascom-linked, North Korean-chartered Orabank.

Continue Reading

In North Korea, prostitution used to be a survival strategy. Now, it’s just another racket.

The Great Famine of the 1990s changed North Korean society so profoundly that we are still trying to understand the breadth and depth of that change. During and after the famine, millions of North Koreans grasped at any survival strategy necessary to feed themselves. Those who did not change, and whom the state did not feed, died. For thousands of North Korean women, prostitution was the survival strategy of last resort to feed themselves, and often, their children.

In Kim Il Sung’s North Korea, the sex trade was invisible to the outside world. That began to change when Chinese traffickers and johns forced thousands of female famine refugees into the sex trade. By the end of the great famine, prostitution had become stealthily ubiquitous inside North Korea. It also became more organized and more predatory, with state officials playing a growing role its patronage and protection.

In Hamheung in 2008, a number of high-ranking party officials were accused of patronizing a tea house that also sold sex, and for protecting it against police interference. In Hyesan in 2009, the manager of a state-run inn frequently patronized by central party officials was arrested for pimping women and girls, some in their mid-teens. North Korea’s 2009 currency “reform” drove more women into the sex trade. By 2010, prostitution in Chongjin had been organized by “couple managers” who matched customers, often soldiers, with sex workers, often female university students, and sometimes women who had become dependent on drugs. Last year, the manager of a North Korean factory in China was accused of pimping out female factory workers.

The reports do not suggest that the state has consciously chosen to tolerate or profit from the sex trade as a matter of policy. The security forces periodically crack down on the sex trade, but inevitably, when corrupt authorities attempt to police a profitable trade, the authorities begin to see that trade as just another way to supplement their pay. More fundamentally, in a society where officials are the law, where enforcement is arbitrary, and where the state profits from trade at least indirectly, it can be hard to tell the difference between corruption and state policy. Today, the Daily NK reports that prostitution is increasingly run by well-connected businessmen and protected by the officials they’re connected with:

The sex industry in North Korea is becoming more systematic in large cities, as the number of pimps who lure in young workers is on the rise, and Ministry of People’s Security [MPS] officials who are tasked with cracking down on sex work are looking the other way, leaving the door open for prostitution around the clock, Daily NK has learned.

This is the first report I’ve seen of organized prostitution in the capital.

“In Pyongyang and other major cities, more professional prostitution rings that use young women to make money are surfacing,” a source in South Hamkyung Province told Daily NK on Wednesday. “People who run these operations bribe everyone from MPS agents to night patrol members under the same unit so they can do business.”

As is the case in South Korea, prostitution in North Korea tends to congregate in neighborhoods near train stations.

“In areas like Hamheung, Chongjin, and other large cities, if you go to train stations and areas around the marketplace, you’ll easily see older women approaching men and asking if they’d like ‘temporary lodging,'” he said. “They usually go up to well-dressed officials who seem to be on business trips or military officials, telling them they have full amenities (code for room and board and women of all ages).”

Although the price differs by region, mostly for women in their early teens and 20s, it costs roughly 40,000 to 50,000 KPW [5-6 USD], while for those in their 30s, it’s about 20,000 to 30,000 KPW [2.5-3.7 USD] The women who direct customers to the facility typically get a 30 percent cut, while the homeowner and sex worker split up the remaining sum. The latter two will for the most part make at least 10,000 KPW [1.2 USD] per case, according to the source.

“These days since sex businesses receive protection from crackdown agents, the industry has been growing, leading to squabbles over customers,” the source said. “With more operations up and running, there are even allotted schedules. During the day, all businesses run together, while at night, the hours are divided into early and late operations.

Yet again, the reports suggest that regime officials both patronize and protect the sex trade:

Party cadres and officials in the judicial system are frequent clients of sex services, and many venture out to places like Pyongyang’s Munsuwon and high-end public bathhouses such as ‘Eundeokwon’ with prostitutes, said the source. In the North, there are baths designated specifically for married couples and can only be used after national IDs are verified.

Some officials also use the sex trade to entrap and extort johns.

Also profiting from the business are safety officials, who not only receive bribes for turning a blind eye, they sometimes use pretty women to draw customers into the ‘temporary lodging’ facility and catch them in the act, he asserted. Then, they blackmail the clients for large sums of money or in some cases, call up for regular bribes. If customers do not comply, the officials report them and use it as an opportunity to add more ‘points’ and get a leg up at work.

North Korean society’s acceptance of prostitution will probably remain until long after unification; after all, prostitution still carries on more-or-less openly in South Korea, under terms that can also be very exploitative. Different societies take different views on whether the sex trade, at least between consenting and unmarried adults, is inherently evil, but the conditions in which North Korean women must sell their bodies is unquestionably evil. Their working conditions are horrible — for the obvious reasons, of course, but also for the general lack of health care available to those who became pregnant, or contract STDs. Some turn to addictive drugs, in the false hope that they can protect them from contracting disease.

The role of state officials in organizing and profiting from the sex trade is repellant, but still not as repellant as the state’s role in creating the conditions that force women into prostitution to begin with. Women who ought to be doctors should not be sex workers. Of North Korea’s many tragedies, there may be none greater than all the human potential destroyed by its unjust and unequal political system.

Continue Reading

MUST READ: WSJ on Bureau 39 and North Korean money laundering, post-BDA

The Obama Administration has never talked much, or done much, about North Korean money laundering. There is a tendency to assume that a problem that isn’t discussed isn’t a problem at all, but The Wall Street Journal‘s Alastair Gale has just interviewed some senior defectors with inside knowledge of North Korea’s money laundering, and the product of those interviews was some outstanding reporting. Gale’s interviews confirm the continued importance of Bureau 39 to North Korea’s regime, and that it continues to engage in and profit from illicit activity:

High-level defectors, security officials and analysts say the fund still enables current ruler Kim Jong Un to underwrite comfortable lifestyles for the upper tier of North Korean society to ensure their support. His father, who died in December 2011, was known for throwing lavish parties for officials and importing luxury items such as cognac for himself and the elite.

Analysts and security officials say the execution of Kim Jong Un’s uncle, Jang Song Thaek, late last year may have been because Mr. Jang had interrupted the flow of funds to Office 39. [Alastair Gale, Wall Street Journal]

Admittedly, this much won’t be terribly surprising to many readers, but what I’ve long wondered was how North Korea has hardened its finances to avoid a recurrence of the Banco Delta Asia fiasco, in which a single bank became a point of vulnerability that, when closed off, nearly suffocated the regime itself. That is why Gale’s companion Q&A is, by far, the more interesting read, and possibly the most interesting thing I’ve read about North Korea all year:

How are financial transactions done for North Korea’s trade?

But because of the Banco Delta Asia sanctions, North Korea now does transactions through personal bank accounts under individuals’ names. So, for example, if there’s money from exporting zinc, North Korea divides it among a few individuals’ accounts. Likewise, an order may come from North Korea for individuals to pay out from their accounts to a certain company for an import shipment. Such accounts are in China and Macau. North Korea also works through small regional banks in Italy, Russia and Africa.

To understand the significance of these reports, you first have to understand how money laundering works, and the critical fact that it requires some legal lines of business to conceal the proceeds of the illicit ones. Law enforcement uses the terms “placement” and “co-mingling” to describe the process of blending the legal and illicit proceeds to disguise their origin, and to allow the launderer to claim that it’s all legit.

The co-mingled funds are then invested, spent on goods that are re-sold, and transferred multiple times to hide their origin and ownership. This is known as “layering.” Only then is the money used to buy Swiss watches, Italian yachts, aluminum tubing, cell phone trackers, and maraging steel. None of which is news to the Treasury Department.

What do you know about trade of weapons and other illicit items?

People come from North Korea to do individual deals for nuclear and missile material imports. Trade representatives located overseas don’t really know what’s happening. I was not involved with counterfeiting but I saw people around me getting involved with sales of drugs and counterfeited cigarettes. Drugs are sold in China, Taiwan and Japan and cigarettes mostly to Indonesia.

It’s uncertain whether the state is still involved with narcotics sales. But Kim Jong Un doesn’t care how the money is made if someone can make a million dollars.

This suggests two paths to exerting effective financial pressure on North Korea, either of which would be possible under H.R. 1771.

The first, which would be far less likely to be effective without the cooperation of China and other member states, would be to pursue the individual North Korean agents and accounts used for co-mingling, structuring, layering, and laundering North Korea’s offshore assets money. The term Marcus Noland has coined for this is “whack-a-mole.” This would be extremely resource-intensive for financial investigators. Like the process of bankrupting Al Qaeda, it’s a process that would take years. To be as effective, it would involve the designation of hundreds of individuals, entities, and assets. This clearly isn’t the case today; a total of 62 North Korean entities and individuals have been designated in a decade, most of them during the Bush Administration.

Once Treasury designated an individual or account as North Korean property, the bank holding the deposit would have little choice but to cooperate with Treasury. They key, of course, is identifying the asset as North Korean and associating it with illicit activity in the first place. Treasury’s means to identify non-dollar assets are much more limited if the jurisdiction that regulates that currency doesn’t cooperate.

The obvious limitation of this strategy is the lack of financial intelligence to implement it. The U.S., Treasury typically gathers financial intelligence through the Currency and Transaction reports (for transactions over $10,000), and Suspicious Activity Reports filed by banks. Needless to say, not all jurisdictions require North Korea to report its transactions in such detail, although the Financial Action Task Force has made good progress toward setting base lines for transaction reporting.

That limitation could be remedied if the next U.N. Security Council resolution expands on the “enhanced monitoring” requirement of UNSCR 2094 and requires member states to impose specific reporting requirements on transactions by North Korean persons and entities, and to share those data with the U.N. Panel of Experts, and with member state regulators. This, in turn, would create an international database of North Korean financial data that would be invaluable to regulators in identifying North Korean money launderers, procurers, and proliferators.

Such a database wouldn’t necessarily require the U.N.’s consent, but could be done under the umbrella of the Financial Action Task Force or the Proliferation Security Initiative. On the other hand, it’s hard to expect other nations to enhance their monitoring of North Korean transactions when the U.S. Treasury Department’s own sanctions regulations are as weak as they are, and don’t even require the licensing of most investments, loans, or other financial transactions in North Korean property. It would be fair to say that the U.S. itself is out of compliance with this provision.

The near-certainty that China would cooperate as little as possible, however, also calls for a second approach — to apply a rebuttable negative presumption to all North Korean entities and assets. That presumption finds some support in the burden-shifting language of UNSCR 1718 (“ensure that any funds … are prevented from being made available … for the benefit of such persons or entities”) and 2094 (“resources, including bulk cash, that could contribute to the DPRK’s nuclear or ballistic missile programmes”). Treasury could then apply appropriate exemptions under section 207 of the NKSEA for in-kind purchases of food, medicine, humanitarian goods, consular activities, and other legitimate exempt activities. North Korea’s banking system would be a particular vulnerability — collectively, North Korean banks are the BDA of today.

A combination of these strategies, but one that relied more heavily on the second approach, proved highly effective against Iran and Burma.

A strategy that falls somewhere between these approaches would be the designation of North Korea as a primary money laundering concern. This, along with the discretionary sanctions authorities in NKSEA section 104(b)(2), would allow Treasury to require banks known to service large numbers of North Korean customers to provide enhanced transaction reporting of their dollar-based transactions. This limitation on access to the financial system would be so costly that it could, by itself, cause banks to refuse all North Korean business. It would also help regulators identify suspicious individuals, entities, accounts, and transactions for specific designation.

The secondary effect of this strategy would be to channel North Korea’s dealings into a few financial nodes. Some of those nodes, no doubt, would be the scavengers of the financial ecosystem, the next Banco Delta Asias of the world. Those entities would then be easier to identify and designate as primary money laundering concerns themselves. Others, however, would be foreign financial institutions licensed to handle legitimate, transparent transactions as specifically authorized under section 207(d).

That would be a mechanism to force North Korea to accept financial transparency as a condition of access to the financial system, and would give U.N. member states a wide degree of control over how North Korea earns and spends its money. It would effectively put the North Korean economy into financial receivership, as responsible national governments sometimes do with corrupt unions and banks.

~   ~   ~

Correction: A previous version of this post incorrectly stated that the reporter, Alastair Gale, interviewed the subjects of his report in Leiden. Mr. Gale writes in to say that the interviews were actually done in Seoul. Thanks to Mr. Gale for spotting and correcting the error, and for his outstanding reporting for this story.

Continue Reading

Plan B Watch: Einhorn Goes to Tokyo, Pressure Builds on China

The latest reports in the Korean press tell us that the President will soon sign an over-arching executive order that will subsume the authorities of Executive Order 13,382 (see sidebars), and will also allow the blocking of assets used for proliferation, drug trafficking, and currency counterfeiting:

In a press briefing on Monday, Department spokesman Philip Crowley said, “We have no doubt that North Korea has engaged directly in counterfeit operations as a means of bringing currency into the country. This is a longstanding practice.” [Chosun Ilbo]

Several reports discuss plans by Treasury to blacklist specific individuals and institutions suspected of being involved in illegal activity and money laundering:

Observers say a financial services blacklist of individuals to be announced in the new sanctions will likely include O Kuk-ryol, vice head of North Korea’s National Defense Commission, which is led by Kim Jong-il and his family. O is known to be managing a company that tries to attract foreign investment to the North. [Joongang Ilbo]

It will be interesting to see whether the executive order will make findings that Bureau 39, or perhaps the North Korean government itself, is a primary concern for money laundering. That description has been applied to other states for much less — that is, a lackadaisical rather than intentionally criminal approach to the proceeds of illicit activity. If it weren’t for the State Department and its politics, Treasury would probably have designated North Korea years ago.

The United States is expected to blacklist three key North Korean finance officials believed to be taking care of leader Kim Jong-il’s secret funds as part of new sanctions against the communist nation, a government source said Wednesday.

One of the three finance officials is Kim Tong-myong, head of Tanchon Commercial Bank, the source said. “The U.S. is paying special attention to three people, including Kim Tong-myong, who operate North Korea’s secret funds abroad,” the source said on condition of anonymity. “If they are included in the new sanctions, it could deal a blow to North Korea’s leadership.”

The U.S. has also collected evidence that nine North Korean financial institutions operating overseas and as least two trading firms have been used for the regime’s illicit activities, such as trade in conventional arms, luxury goods and counterfeit money, the source said.

Overall, the U.S. is expected to add some 10-20 North Korean entities and individuals to its blacklist of those to be subject to sanctions, which include freezing their assets in the U.S. and banning them from dealing with American financial institutions. [Yonhap]

And given the lack of food or medical care in nominally socialist North Korea, you might be tempted to assume (or even mislead others to believe) that its government had no money to spend for such things. You would be wrong:

Data from the Bank for International Settlements released last month showed that North Korean deposits at banks around the world stood at $670 million as of the end of March. [Joongang Ilbo]

That sum represents just about enough to fund World Food Program operations in North Korea … for three years. Now explain to me again why North Koreans still starve.

Finally, the Daily NK’s Kim Yong Hun explains why Chinese banks will be forced to cooperate with the U.S. Treasury Department, whether the Chinese government wants them to or not. I won’t give you any quotes — just read the whole thing. Marcus Noland has more on this in via the Council on Foreign Relations:

China–which had been essentially unwilling to implement the sanctions on luxury goods–cooperated with the sanctions against BDA. The reason [for that cooperation] is it was not the Chinese foreign ministry or the customs administration, but rather the Chinese ministry of finance and central bank implementing these sanctions. Their concern was that they had much more at stake with respect to Chinese banks’ [access] to the lucrative U.S. market than they ever would have dealing with some small bank in Macao or possible financial transactions in North Korea. The lessons from this seem to be that financial sanctions–that play on banks’ desire to maintain a good reputation, stay within the increasingly stringent international rules on money laundering, and maintain a good relationship with the United States–play to our strengths in terms of the U.S. financial system and the increasingly well-defined and articulated set of international norms and agreements on money laundering. [Financial sanctions] will be more successful than the traditional trade sanctions that are oftentimes implemented less than rigorously.

I suspect Einhorn will have less difficulty securing the cooperation of the Japanese. Perhaps more surprisingly, Hong Kong also appears to be on an active hunt for dirty North Korean money.

One thing that I will say about this, however, is that we should be prepared for the Chinese government to look for ways to actively undermine Treasury’s efforts, such as shipping hard currency directly to North Korea in paper form, gold, or stored-value cards. This certainly isn’t a very efficient way to do things, but it might be just enough to keep the Kim Dynasty in power until the U.S. government decides to cave yet again for political reasons. As always, determination will be dispositive to whether this will work.

During the news conference held in Seoul, Monday, Einhorn played hardball with North Korea with regard to dialogue.

“We can’t repeat the kind of cycle that we’ve been through on a number of previous occasions where North Korea engages in talks, makes commitments, and then abandons those talks. We have to break that cycle,” he said.

“Before the six-party talks to be convened, it’s essential that North Korea demonstrate in an intangible way that it’s prepared this time to make commitments and to fulfill them. And there are some important commitments already existing such as September 2005 commitments. [Korea Times]

When we see the new executive order that will be used as the legal basis for this plan, we’ll probably find out that 80% of the Korean press reports about this are actually true. Recently, we’ve seen some on the American left call South Korea the tail that wags the dog. Frankly, I happen to agree with them on this, up to a point. One of the things that I continue to find simply staggering is the extent of South Korea’s influence on U.S. government policymaking. Clientitis, in its various forms, is rife within these circles, though many of these insiders still privately suspect that the National Intelligence Service frequently plants stories to manipulate press coverage.

Fine, but where were these same people when the tail was Roh Moo Hyun, and the wag was indirect U.S. financial support for Kim Jong Il, his atrocities toward his people, and his proliferation? By which I mean that as U.S. soldiers (me being one of them) ostensibly defended South Korea from North Korea and subsidized its defense, South Korea sent Kim Jong Il billions of dollars in tribute that it didn’t have to spend on its own defense. If you agree that perpetuating North Korea’s capacity to terrorize and proliferate is contrary to America’s interests, and that finally working with allies in the region to address and suppress that threat is in its interests, then the “tail wags dog” meme would have been far more suitable to the years between 1997 and 2008.

Continue Reading

Prostitution Said to Be Widespread in Chongjin

Next time one of North Korea’s apologists speaks of its pristine moral vales, gender equality, or absence of sexist billboards, someone remind me to point them to this:

“The prostitution of teenage females is rampant, which has forced the security services of Chongjin to dispatch plain-clothed security officers to the station to crackdown on it. But the cleverly disguised prostitution of female university students is increasing, and some of them have close relationships with the same security officials who are participating in the crackdown. These conditions have made the situation uncontrollable.” [Daily NK]

Eventually, the system will be destroyed by the corruption it has forced on everyone else. The problem is, North Korean women who are reduced to this won’t ever completely recover from it, and their society won’t recover from it for decades.

Continue Reading

1 July 2010

Congratulations to Barbara Demick, whose wonderful book, “Nothing to Envy,” has just won Britain’s Samuel Johnson Prize for non-fiction.

_______________________

Closets Are for Clothes! Yonhap: “N. Korean leader makes robust outings amid tension with S. Korea”
_______________________

The aid NGO Caritas claims that North Koreans will suffer from donor fatigue. I think donor fatigue has afflicted me, too. I’d long been a supporter of monitored food aid, but I’ve coe to doubt that Kim Jong Il will ever allow monitoring of aid distribution that meets basic, internationally accepted standards. Furthermore, it’s not the lack of aid that’s causing the hunger or even, I suspect, the lack of food. The problem is one of distribution, caused by the regime’s discriminatory food distribution system and its intentional destruction of the markets on which 80% of North Koreans depend for their food supply. What good is it for us to try to feed the people of a country when their government is clearly so committed to the opposite goal?
_______________________

It’s always interesting to me what thoughts go through the minds of North Koreans before they take the risky decision to defect:

I joined the military in the early 1990s. I started at the bottom and I worked my way up and became a captain. I was in the military for eight years.

I was always taught how great North Korean society is and how superior it is, but while I was in the military I started to question my education. I realised that there are so many contradictions. Also, Kim Il-sung and Kim Jong-il are worshipped there as Gods.

I started to wonder whether there was another society outside of North Korea – and whether it would be better. I thought about it for a long time and I wanted to find out, so I decided to defect. I also wanted to change North Korean society. [BBC]

_______________________

All animals are equal, but some are more equal than others.
_______________________

I’m sure this must have been a pretty tense moment.
_______________________

A majority of Germans wants the Deutschmark back.
_______________________

Now, that’s not very nice (ht to a reader).
_______________________

My philosophical struggle for today is whether it’s wrong to prompt anyone to pray for Christopher Hitchens, whose writing I love and hate in almost equal measure, and whose article and photograph here inspired my masthead. He’s had some terrible news — cancer of the esophagus, which took Tom Lantos from us just months after he announced his diagnosis.

Continue Reading

More North Korean Diplomats Busted for Smuggling

Not a day goes by that I don’t rue all of the commerce we’re missing out on by not having diplomatic relations with North Korea:

Swedish police have arrested two North Korean diplomats on suspicion of smuggling 230,000 cigarettes into the Nordic country, the Swedish Customs Office said Friday. The pair, a man and a woman who have diplomatic status in Russia, were stopped by Swedish customs officers Wednesday morning as they drove off a ferry from Helsinki, the Finnish capital. Customs officials discovered Russian cigarettes in the car driven by the couple, Swedish Customs spokeswoman Monica Magnusson told Reuters. [Reuters]

They always travel in pairs, you know. Lucky for them, they had an almost completely flawless back-up plan:

The two North Koreans claimed diplomatic immunity.

“They were accredited as diplomats in Russia, but had no accreditation in Sweden,” she said. “They were arrested on suspicion of smuggling.”

Magnusson added that the pair were still being held by Swedish police and that she was not aware of them having any contact with North Korean officials since their arrest. Sweden’s Foreign Ministry said it had been informed of the arrests but would not comment directly on the matter, saying it was a criminal case and was being handled by the police.

Foreign Ministry spokeswoman Cecilia Julin said foreign diplomats are only immune from criminal prosecution in countries where they have been accredited with the authorities. “If you come to Sweden and commit a crime, you’re just like any other foreign national,” she said.

What? You mean someone is proposing to apply the same standards to North Korea that they apply to other countries? Such brigandish hooliganism cannot stand!

Sweden is one of only seven countries to have an embassy in North Korea, treated by much of the world as a rogue state due to human rights abuses and its possession of nuclear weapons despite opposition by the international community.

North Korea is believed to derive a substantial amount of its foreign exchange from tobacco smuggling, although estimates of the amounts vary widely. Cigarettes are one of the milder commodities in which North Korean diplomats routinely traffic. They’ve also been caught smuggling dope, cash, gold, and just about every foul substance you can imagine:

Authorities in numerous countries have stopped North Korean diplomats from smuggling vehicles, alcohol, fake antiques, electronic goods, weapons, and more. Other reports deeply implicate officials in the endangered-species trade. Since 1996, at least six North Korean diplomats have been forced to leave Africa after attempts to smuggle elephant tusks and rhinoceros horns. Such efforts seem partly driven by the dismal funding of North Korea’s embassies. Lacking cash, North Korea closed at least 14 embassies last year and reportedly told those remaining to become “self-sufficient.” Still other diplomatic smuggling incidents involve cigarettes, allegedly sold tax free on the black market, and pirated CDs. Two diplomats crossing into Romania from Bulgaria last year were found to have crammed 12,000 bootleg CDs in the trunk of their car. [U.S. News, Feb. 7, 1999]

This 2007 Congressional Research Service report states that at that time, there had been 50 documented incidents in which North Korean diplomats were caught smuggling illegal drugs in 20 different countries. Etcetera, etcetera, etcetera.

It’s enough to make you wonder what else they’ve carried without getting caught.

Continue Reading

A North Korean Connection to Those Counterfeit Bonds?

counterfeit-bonds.jpgIt’s very short on specifics, but it’s the first published report affirmatively linking those fake bonds to North Korea:

An Italian newspaper reports a recent mysterious case involving US$134.5 billion worth of counterfeit bonds has a North Korea connection. Earlier this month two Japanese nationals were caught in Italy allegedly trying to smuggle the bonds into Switzerland.

Il Messaggero says the fake bonds may have been manufactured in North Korea since the two men are North Korean agents and are believed to have been seeking to purchase weapons.  [Chosun Ilbo]

When the Justice Department first indicted the former IRA terrorist, Stalinist splinter cell leader, and alleged supernote co-conspirator Sean Garland, it claimed that one of the purposes of the plot was to destroy the U.S. economy.  North Korea appears not to have printed anywhere near enough supernotes to do that, but printing good facsimiles of bearer bonds worth billions would be another matter entirely.  Fortunately, the bonds appear to have been obvious fakes, despite the good quality of the printing:

“They are all fraudulent, it’s obvious. We don’t even have paper securities outstanding for that value,” said Mckayla Braden, senior adviser for public affairs at the Bureau of Public Debt at the US Treasury department. “This type of scam has been going on for years.”

The Treasury has not issued physical Treasury bonds since the 1980s ““ they are handled electronically ““ though they still issue savings bonds in paper format.

In Washington a US Secret Service official said the agency, which is working with the Italian authorities, believed the bonds were fake.  [Financial Times]

I will note that the Financial Times had reported that police speculation had originally focused on the Italian mafia, based on a previous alleged scam done jointly with crooked bankers in Venzuela.  That report was printed ten days ago, however, so it’s possible that the investigation has developed further since then.

Either way, it seems odd that Italian police later released the two Japanese men, despite having caught them with the bonds in false-bottom suitcases.  Although both men were holding Japanese passports, the Japanese government professes not to have been told who these guys were.

Previous posts on North Korean supernote counterfeiting here and here.

Continue Reading

WaPo on North Korea’s Global Insurance Scam

For Kim Jong Il’s birthday, North Korean insurance managers prepared a special gift.

In Singapore, they stuffed $20 million in cash into two heavy-duty bags and sent them, via Beijing, to their leader in Pyongyang, said Kim Kwang Jin, who worked as a manager for Korea National Insurance Corp., a state-owned monopoly.

Kim said he helped arrange the shipment and watched in February 2003 as the cash was packed. After the money arrived, Kim Jong Il sent a letter of thanks to the managers and arranged for some of them to receive gifts that included oranges, apples, DVD players and blankets, Kim said.

“It was a great celebration,” he said. [Blaine Harden, WaPo]

It’s not exactly news that North Korea has been scamming reinsurance companies; somewhere in my archives is a post I wrote about this topic years ago, and I recently posted about how Lloyd’s of London settled one particularly suspicious claim.  Still, Harden has a meticulously sourced story adding much more insider detail to the scam than we’d known before (what a refreshing change he is from the thoroughly awful Glenn Kessler).

The scam worked like this — a North Korean state insurance company would purchase reinsurance from international insurers like Lloyds to protect things like supply houses and ferries.  Then, there would be a disaster, and the North Koreans would present meticulous documentation of the accident but prohibit the reinsurance companies from visiting the sites or doing their own investigations:

According to Kim, KNIC would target a different potential disaster and a different reinsurance company each year. “We pass it around,” he said. “One year, it might be Lloyd’s; the next year, it might be Swiss Re; and the next, Munich Re.”

That’s high-level defector Kim Kwang Jin.  I’ve met Kim myself, and while I’m in no better position to authenticate what he says than anyone else, he does seem credible when you talk to him, and his English is excellent.

The scam was quite profitable:

When he worked at KNIC, Kim said, annual revenue from North Korea’s reinsurance claims was about $50 million to $60 million. Most of that money, he said, was used to scout out potential disasters inside North Korea, to buy more reinsurance on the global market and to pay premiums.

“The remaining hard currency should have been used to help people recover from disasters and accidents, but it was not used that way,” Kim said. “It is just going into the pocket of Kim Jong Il.”

He said cash shipments of $20 million arrived yearly in Pyongyang, usually in the week before Feb. 16, which is Kim Jong Il’s birthday and a national holiday. In his six years at KNIC, Kim said, bags of cash arrived in Pyongyang from Singapore, Switzerland, France and Austria.

All of the proceeds went straight to Bureau 39.  So, what have we learned from all of this?

“All these companies learned a lesson,” said an expert on the British insurance industry who is familiar with the helicopter case. “Never agree to have disputes decided in a North Korea court and never reinsure KNIC.”

I wonder what lawyer reviewed and approved that contract.  No matter how often I see the naivete of Earthlings who deal with North Korea, I never lose my capacity to be astounded.  But at least the reinsurance companies have learned their lesson.  Even the North Koreans’ British solicitor admits that his clients have been harmed by the publicity surrounding the scam allegations and are having trouble finding willing reinsurers today.  I wish I could say that our State Department had learned anything from North Korea’s last two nuclear disarmament scams.

Continue Reading

Obama Gears Up for “Plan B;” John Kerry Blocks Terror Re-Listing

I really don’t know what to make of this.  A young, inexperienced president, one whom the North Koreans arguably endorsed, comes into office showing every sign of being easier meat than Lance Bass in Riker’s Island.  The North Koreans, true to Joe Biden’s prophetic gaffe, and with their exquisite sensitivity to American weakness, don’t even let the man get inaugurated before they begin the noisy repudiation of every agreed framework, U.N. resolution, and armistice they can stuff into a shredder.

Now for the unexpected part:  we actually seem ready to attach real consequences to those provocations.  What?  We aren’t already groveling for Agreed Framework III?  Did the North Koreans get Obama as wrong as Leon Sigal didDid I?  I’m starting to wonder if Obama is a closet OFK reader:

A U.S. delegation headed by Deputy Secretary of State James Steinberg briefed President Lee Myung-bak and other officials on independent U.S. sanctions “with a financial focus” against North Korea, a senior Cheong Wa Dae official said on Thursday. The sanctions are expected to be an expanded version of a 2006 freeze of North Korean accounts in Banco Delta Asia in Macau.  [Chosun Ilbo]

I can hardly believe I’m actually reading this, despite its welcome familarity.  Am I just three years ahead of my time?  Today, not only are Obama’s people talking about imposing sanctions, they’re talking about imposing them in a comprehensive way, which will be essential for them to really work.  Referring to the 2005-2006 Banco Delta Asia sanctions, one U.S. official says:

Continue Reading

That’s Going to Buy a Lot of Cognac for Someone (Updated 7/2009)

How likely a story does this sound to you?

The accident took place in April 2005 when, it is claimed, a helicopter owned by Air Koryo, the North Korean state airline, was dispatched from Pyongyang, the capital, to collect a woman who was in labour with triplets from a remote island. On the return flight it crashed into a warehouse on the outskirts of the city, causing a fire that destroyed a large amount of humanitarian relief goods. [Times of London]

It didn’t sound very likely to a consortium of reinsurers, including Lloyds of London, either. Suspecting fraud, they refused to pay, so the North Koreans sued in a British court. There have been previous reports that North Korea has engaged in fraud and staged accidents to collect reinsurance payments. This particular case resulted in years of expensive litigation.

Today, the Moonie rag Segye Ilbo is reporting that North Korea has won the case, for 39 million Euros (linked story is in Korean).

So what can we all learn from this? For one thing, if you are going to do business with some of the world’s most notorious international criminals, at least read the contact carefully before signing it:

According to the contract, disputes were to be settled under North Korean law and last month a court in Pyongyang ordered the reinsurers to pay the North Korean company the €44 million. They refuse to do so. [….]

The contract also states that claims in North Korean won will be converted at a rate of 160 won to the euro, close to the Government’s exchange rate. But the black market rate, which is used for all practical purposes in North Korea, is closer to 2,000 won to the euro. If this were applied it would reduce the reinsurers’ bill from €44 million to €3.5 million.

More background here. An interesting question this raises is how the insurers will be able to pay that sum to the North Koreans without violating UNSCR 1718, which would require them to “ensure” that the North won’t spend the whole sum — or any of it — on uranium centrifuges and large-bore aluminum tubing. Of course, there are some who take a less skeptical approach:

“All this business about spending the money on their nuclear programme is complete tosh,” a source close to the North Korean side said. “They just don’t like the contract they wrote and they regret it bitterly.

Right. What could I possibly have been thinking?

Update:  Noted North Korea authority Aidan Foster-Carter notes that North Korea obtained a settlement, not a judgment.  That’s consistent with what I’ve heard more recently.  He also notes that the largest payor was Allianz, not Lloyds.  I will defer to Mr. Foster-Carter on that point.  By all means, read what he has to say about this subject.

Continue Reading

Second N. Korean Disqualified for Doping

Earlier, I reported that North Korean pistol-shooter Kim Jong-Su had been stripped of two medals,  one silver and  one bronze, for doping.  The banned drugs Kim took were beta-blockers, which suppress anxiety that  can make a shooter jittery.  Now, a second North Korean shooter, Kim Hyon-Ung, has been disqualified:

“Kim Hyon-Ung was barred from participating in the Games after it became known belatedly that he failed a doping test carried out during the Asian championships,” the official said.

“North Korean officials at that time claimed that Kim Hyon-Ung had taken some medicine for illness and this might have caused him to fail the test,” he said.  [AFP]

The second Kim’s  history was reexamined because of the scrutiny brought down by the first Kim.  They’re now going home to an uncertain future for themselves and their families. 

My home state is an indirect beneficiary of Kim Jong Su’s disqualification —  Shelby, South Dakota farmer Brian Beaman now moves up to fourth place.

Does anyone else agree that the greater cause of peace demands  that we  write special rules to allow the North Koreans to play even if they cheat, or is that something we only do  with trivial things like nuclear proliferation, international kidnapping, and money laundering?

Continue Reading