Computer crime, bank fraud & money laundering: A preview of Kim Jong-un’s indictment

The Wall Street Journal is reporting that hackers employed by the government of North Korea have been implicated in yet another international bank fraud scheme using hacked SWIFT software. This time, the victim is a bank in Taiwan, and the take was $60 million, all of it laundered through accounts in Cambodia, Sri Lanka, and the United States.

In a blog post Tuesday, cybersecurity researchers at U.K. defense company BAE Systems PLC also implicated Lazarus in the Taiwanese theft, saying that tools used in the attack on the Far Eastern International Bank include those used by Lazarus in the past.

“The attack this month on Taiwanese Far Eastern International Bank has some of the hallmarks of the Lazarus group,” BAE researchers wrote.

The suspected ties to Lazarus suggest the group’s continued focus on financial cybercrimes. In addition to the Bangladesh Bank theft, the BAE researchers said the group has been targeting bitcoin and is behind attacks on banks in Mexico and Poland.

Security researchers suspect the group has links to North Korea. U.S. authorities have said that one hack also linked to Lazarus—the 2014 Sony Pictures hack—originated in North Korea. The country has denied being behind the attack.

The BAE researchers said they found further evidence of the group’s North Korea links, saying they observed infrastructure in North Korea controlling the malware used in a previous Lazarus-linked attack. Representatives at North Korea’s Beijing embassy and Hong Kong consulate weren’t immediately available for comment. [WSJ, Dan Strumpf]

Sri Lankan authorities have arrested two suspects, one of whom was trying to withdraw $520,000 (which is more than my ATM ordinarily allows me to take out before a trip to Home Depot for plywood and router bits).

That report closely follows this New York Times story on the recent history of North Korea’s cyber crimes, including the Bangladesh Bank fraud, where the North Koreans got away with $81 million, the 2013 Dark Seoul cyberattacks, the 2014 Sony cyberattack and cyberterrorist attack against the U.S. homeland (about which the United States of America did approximately diddly squat), and (consequently) this year’s the WannaCry ransomware attacks.

Earlier this year, I wrote about reports that high officials in U.S. intelligence and law enforcement agencies had found evidence implicating North Korea in recent cyberattacks. Clearly, the FBI is investigating this course of criminal conduct, which is something I presume the FBI wouldn’t do without some prospect of a prosecution. We are speaking, after all, of conduct that is highly dangerous, ongoing, and undeterred. That gives the U.S. government a powerful incentive to charge those who conspired to commit these crimes.

Which brings us to this question: Is there any real doubt as to who the real person of interest is here? Of course, the feds would need at least some proof to get a grand jury to indict. The opacity of the royal court in Pyongyang presents some obvious challenges to this, but just over a decade ago, when prosecutors very nearly indicted His Porcine Majesty’s father for counterfeiting — before George W. Bush stopped them for political reasons — they concluded that those challenges were surmountable.

“The most difficult thing is connecting evidence of criminality to a state’s leader, because there is so much deniability built in. But there isn’t a whole lot of activity in North Korea that isn’t sanctioned by the leadership, and the evidence we had already built up was very good. These cases were very doable.” The criminal cases, says Asher, were based on information from undercover agents, informants, and a vast surveillance operation. [Vanity Fair, David Rose]

If you’ve read the links above or my posts on the Sony cyber attacks, it’s apparent that our signals intelligence is part of the case that implicates state-sponsored North Korean hackers. The Justice Department has cited the testimony of defectors in recent civil forfeiture cases against North Korean funds, and at least two defectors with inside knowledge of North Korean cyber operations have spoken publicly.

But even assuming there are no defectors who testify to His Porcine Majesty’s complicity, and that the government offers no signals intelligence implicating him (which it might not want to do to protect sources and methods) the feds could still do what the plaintiffs did in their lawsuits against North Korea for the state sponsorship of terrorism — they could call experts to testify about North Korea’s system of government, command systems, and the certainty that this conspiracy must have been approved at the very top.

Then, what would the feds most likely charge? Prosecutors’ opinions inevitably vary, but here are my best guesses. I’ve linked the relevant sections in the Criminal Code so that you can read the elements yourself.

  • Count I: Conspiracy. This one is pretty much a given in most federal prosecutions now. Note that cases interpreting the federal conspiracy statute define “defraud the United States” broadly.
  • Count II: Bank Fraud. Which should be self-explanatory.
  • Count IV: Violations of the Computer Fraud & Abuse Act. This is the statute the feds use to charge computer hacking offenses.
  • Count III: Money Laundering. In plain English, the transfer, use, or spending of crime-tainted funds with intent to carry out, facilitate, or profit from one of the predicate offenses listed in subsection (c) of the money laundering statute. This is an important count, because — let’s face it — it’s not like we’re ever going to arrest Kim Jong-un short of his overthrow. The only way to hold people beyond our personal jurisdiction accountable is to shame them and seize and forfeit their funds. The indictment shames; the forfeiture count takes the money away.
  • Count V: Criminal Forfeiture. This is how we take money away from people after they’re convicted (but hold that thought for a moment).

Assuming the feds do indict, would His Porcine Majesty, a sitting head of state, be immune from prosecution in a U.S. court? I want to thank one of my Twitter followers, Shin Chang-hoon, for pointing me to this interesting discussion of that potential obstacle in the broader, global context. In the U.S. federal courts, however, there is at least one precedent for the feds successfully indicting, prosecuting, and convicting a sitting, de facto head of state. That would be Manuel Antonio Noriega, the former dictator of Panama, whom we arrested after the 1989 U.S. invasion of that country. Noriega argued his indictment on drug charges must be dismissed because he was immune from prosecution. The U.S. Court of Appeals for the 11th Circuit rejected Noriega’s argument on the grounds that the U.S. had not recognized him as the lawful head of state, and because (and this is admittedly circular) by invading Panama, and by arresting and extraditing him, the U.S. showed that it did not intend to immunize him. You can read the court’s decision here.

Yes, the potential for such prosecutions to get out of hand is obvious, but it’s hard to believe that a federal court of appeals would immunize a head of state from prosecution for straight-up international bank fraud. The key distinction is whether the prosecuted conduct consists of the acts of a head of state or “for private or criminal acts.”

Having navigated past one problem, we encounter a more difficult one: the requirement to have a defendant present for the arraignment before a prosecution can go forward. (One of my least pleasant trials was a case where I defended a man who ran away after his arraignment and before trial. Much like Clint Eastwood did not do in 2012, only more effectively, I had to defend an empty chair. The chair got three years — a good result, given the charges and the evidence.)

So, does this bring us to an Emily Litella moment?

Not quite. Admittedly, my experience in federal civilian criminal litigation is limited, but as I read the Federal Rules of Criminal Procedure and the U.S. Attorneys’ Manual, you don’t need to have custody of a defendant to indict. The statute of limitations (typically, five years) stops running when the feds indict. Then, the indictment sits on a shelf until arraignment, which starts the ticking of the defendant’s speedy trial clock. But why do that? Again, past history is instructive.

The final stage, which David Asher says President Bush had been fully briefed about, would have been the unsealing of criminal indictments. “We could have gone after the foreign personal bank accounts of the leadership because we could prove they were kingpins,” Asher says. “We were going to indict the ultimate perpetrators of a global criminal network.” “The world wanted evidence that North Korea is a criminal state, not a lot of hoo-ha,” says Suzanne Hayden, a former senior prosecutor at the Department of Justice who ran its part of the Illicit Activities Initiative. “The criminal cases would have provided the evidence. It would have been in the indictments. As with any money-laundering investigation, we would have identified the players and traced them back, from Macao to those who were behind it in North Korea.” [Vanity Fair, David Rose]

A better reason might be to charge and prosecute the third-country nationals and businesses that provide the North Korean hackers with the havens and support they require.

The feds would also have the alternative of filing a civil forfeiture case under 18 U.S.C. 981, alleging all of the same counts in a civil, in rem suit against funds that belong to Kim Jong-un, on the theory that the funds are proceeds of that conduct, or are facilitating property (such as property co-mingled with the stolen funds to conceal their origin and ownership). The advantage of that strategy is that the feds would only have to prove the forfeitability of the property by a preponderance of the evidence, and the feds would win the suit by default unless Kim Jong-un enters an appearance in federal court and intervenes in the proceeding.

In 2005, President Bush decided not to go forward with the prosecution of Kim Jong-il because it was afraid that he’d walk out of six-party talks. But of course, North Korea did walk about of six-party talks in 2008, hasn’t returned since then, and is absolutely adamant in its refusal to negotiate either a freeze or denuclearization, that concern isn’t present.

Of all the dumb things smart people tend to write about North Korea, the dumbest of them all may be the idea that what North Korea needs most is for us to teach it how to do capitalism. Over the last week, I’ve read reports of how North Korea and its officials make money through drug trafficking, racetrack gambling, tourism, and ivory and rhino horn smuggling. It runs one of the world’s more sophisticated money laundering operations using front and shell companies in Hong Kong. The last thing Pyongyang needs us for is to teach it how to make money. To Pyongyang, capitalism is not a path to reform, but a path to the enslavement of all Koreans. What Pyongyang needs to learn is an object lesson in the rule of law — that at last, its crimes will have consequences, even if some of those consequences are symbolic. And for a system of government built on symbols and myths, symbolic consequences can be some of the most powerful ones.

Continue Reading

To prevent a larger hostage crisis, shut PUST down now — all of it.

The news that North Korea arrested its third American hostage over the weekend ought to change the shape of our discussion about PUST, the Pyongyang University of Science and Technology.

Kim Sang-duk, a U.S. citizen and professor at the Yanbian University of Science and Technology (YUST) in Yanji, China, was detained in North Korea on Saturday at Pyongyang’s Sunan airport, a source familiar with the case confirmed to NK News on Sunday.

Chan-Mo Park, current chancellor of the Pyongyang University of Science and Technology (PUST), said that Kim and his wife had been on his way back to China after teaching a class in International Finance and Management at the university.

“Professor Kim Sang-duk was arrested on the way out of the country yesterday (22nd),” Park told NK News over email. “From what I heard, he is being investigated for the matters that are not tied to the PUST.”

Kim joins two other U.S. citizens in detention there, 22-year-old Otto Warmbier and 62-year-old Kim Dong Chul, both of whom are serving sentences of hard labor of 15 and 10 years respectively.

An earlier report from South Korea’s Yonhap News Agency reported that Kim is a 50-something Korean-American. [NK News, Oliver Hotham]

I’ve previously written that the Commerce Department should review PUST’s licenses for scientific and technological training while leaving its medical training programs intact for now. (The same should go for OFAC’s licenses for PUST’s financial transactions with Pyongyang.) That’s not only because the experiment itself has failed. Nor is it only because PUST has been changed by Pyongyang more than it has changed Pyongyang. It’s not even because of the danger that PUST may be training North Korean hackers, although that would be a good enough reason by itself. It’s because resolutions that our U.N. Ambassador voted for require us to suspend that training pending a review.

“11.  Decides that all Member States shall suspend scientific and technical cooperation involving persons or groups officially sponsored by or representing the DPRK except for medical exchanges unless:

(a) In the case of scientific or technical cooperation in the fields of nuclear science and technology, aerospace and aeronautical engineering and technology, or advanced manufacturing production techniques and methods, the Committee has determined on a case-by-case basis that a particular activity will not contribute to the DPRK’s proliferation sensitive nuclear activities or ballistic missile-related programmes; or

(b) In the case of all other scientific or technical cooperation, the State engaging in scientific or technical cooperation determines that the particular activity will not contribute to the DPRK’s proliferation sensitive nuclear activities or ballistic missile-related programmes and notifies the Committee in advance of such determination; [UNSCR 2321]

In plain English, this language creates three categories of scientific cooperation: medical exchange, which is fine; nuclear science and the other items in 11(a), which must full-stop pending immediate 1718 Committee review; and “all other” scientific and technical cooperation, which member states are obligated under 11(b) to review to ensure they will not contribute to banned programs (note the shifting of the burden). The 11(b) review is also subject to the “suspend scientific and technical cooperation … unless” clause; thus, 11(b) requires us to suspend “all other” scientific or technical cooperation pending that review. That the U.S. government still hasn’t acted on this can only be due to the slow pace of the Trump administration’s appointments and its consequent inattention to the problem.

As far as PUST’s medical training goes, that can continue in Yanbian or other locations outside North Korea for reasons that ought to be obvious now. The other danger that has now come into clearer focus is that the other Americans on the PUST campus will also become hostages. Admittedly, as Ron White says, “You can’t fix stupid,” and the stupidity of intelligent people can be the most stubborn kind. Some of PUST’s administrators and instructors will stay in Pyongyang even if we do revoke those licenses, just as some tourists will find ways to go to North Korea even if Congress finally gets around to banning tourist travel there. What is increasingly worrisome is this question: if Pyongyang is willing to take athletes and diplomats from Malaysia hostage, despite Malaysia being a friendly country, why would Pyongyang hesitate to take any American hostage, no matter how good her intentions?

Continue Reading

WSJ: Feds may indict North Koreans in Bangladesh Bank fraud

This story just gets more interesting by the day:

Federal prosecutors are building cases that would accuse North Korea of directing one of the biggest bank robberies of modern times, the theft of $81 million from Bangladesh’s account at the Federal Reserve Bank of New York last year, according to people familiar with the matter.

The charges, if filed, would target alleged Chinese middlemen who prosecutors believe helped North Korea orchestrate the theft, the people said.

The current cases being pursued may not include charges against North Korean officials, but would likely implicate North Korea, people close to the process said. [Wall Street Journal, Aruna Viswanatha and Nicole Hong]

Traditionally, robbery has meant theft by means of force or intimidation. I thought this case sounded like a better fit for bank fraud until I read the Criminal Code section on bank robbery, which is much broader than the common law definition and covers the whole life cycle of the criminal course of conduct.

The FBI’s Los Angeles Field Office and the U.S. Attorney’s Office for the Central District of California have the lead, which means the indictments would most likely issue in the Central District of California (and consequently, the Ninth Circuit). It’s not an ideal place to pick venue if you’re the government. The USAO for the Southern District of New York is also investigating other bank fraud cases it suspects of being the work of the same North Korean hacking group, known as “Lazarus.”

As I noted in my report on North Korea’s sponsorship of terrorism, the U.S. government thinks the Reconnaissance General Bureau (which is designated by both U.S. Treasury and the U.N. Security Council) did the Sony cyber attack. Recent reports have also linked the code used in the Bangladesh fraud to the code used in the Sony attack. That would make the RGB a prime suspect in both attacks, which means it would have been a violation of the International Emergency Economic Powers Act (IEEPA) for anyone to knowingly engage in dollar transactions with the RGB’s agents after August 30, 2010, when that agency was first designated.

If charges are filed against alleged middlemen in the Bangladesh theft, they are expected to be similar to charges unsealed in September against a Chinese businesswoman, Ma Xiaohong, some of these people said.

That makes sense. The “Chinese middlemen” could be charged with violating the IEEPA and money laundering whether the feds can pin the bank fraud on the North Koreans or not. Here’s my post on the Ma Xiaohong/Dandong Hongxiang case, with links to the indictment and the civil forfeiture complaint.

There is, apparently, a “minority view” among the feds that the North Koreans may have sold the code to third parties without being directly involved. Depending on the evidence, that might still be a crime — most likely conspiracy to commit bank fraud or a violation of the Computer Fraud and Abuse Act, or aiding and abetting one of those crimes. That might even be a smarter charging strategy.

The report also says the Treasury Department may freeze the assets of those under investigation (I’d guess under Executive Order 13722, implementing the NKSPEA, or EO 13757, Obama’s eleventh-hour cyber executive order).

A decade ago, the feds were ready to indict North Korean officials for counterfeiting, but political pressure from the State Department got the case shelved — permanently. That was the George W. Bush administration. I don’t get the impression that the Trump administration would do any such favors for Kim Jong-un.

Continue Reading

Top NSA official attributes attempted $1B bank heist to North Korean hackers

The story of the Bangladesh Bank/SWIFT heist has gotten much more interesting of late. Now, not only do we have a senior U.S. intelligence official attributing it to a government, we learn that the North Koreans tried to steal nearly ….

A senior National Security Agency official appeared to confirm that North Korean computer hackers were behind a multi-million dollar heist targeting Bangladesh’s central bank last year.

Computer hackers attempted to steal $951 million, but only got away with $81 million, some of which was later recovered. After the theft, security firms quickly pointed the finger at North Korea. Other experts disputed that finding. But on Tuesday, NSA Deputy Director Rick Ledgett appeared to say North Korea was the culprit during a cryptic exchange at a Washington forum.

Speaking at an Aspen Institute roundtable, Ledgett pointed out that private sector researchers had linked the digital break-in in Bangladesh to the 2014 hack on Sony Pictures, which the U.S. government attributed to Pyongyang.

“If that linkage from the Sony actors to the Bangladeshi bank actors is accurate — that means that a nation state is robbing banks,” Ledgett said. “That’s a big deal.” [Foreign Policy]

To be clear, this isn’t U.S. government attribution, and there’s no explanation here of why Ledgett thinks the North Koreans were behind the theft, but Ledgett is described as a “30-year veteran” of the NSA who is due to retire later this year. Such a person wouldn’t ordinarily make that statement unless (1) he believed it, and (2) he was fairly certain the agency management was OK with him saying it in a public forum. In fact,  I think we’re all going to be hearing much more about why people think North Korea is now the only government that robs banks. What I’m also hoping we’ll find out is what bank accounts the money ended up in.

By attacking a bank and making off with large sums of money, North Korea can evade sanctions and obtain foreign currency, but so far, that effort has not delivered serious dividends for Pyongyang.

North Korea: tactically brilliant and strategically moronic since 1948. By the way, don’t expect SWIFT to publicly admit that its software was hacked. Standard behavior for any corporate victim of a cyberattack is to refuse to comment, or even to deny. They’re more worried about their reputations for systems security than in helping to punish hackers and hold them accountable. In most cases, hackers don’t have reputations to protect. When the hacker is a government, however, it has far more to lose by being accused of bank fraud.

Continue Reading

N. Korea, Lazarus & SWIFT: Are the white hats closing in? (Update: SWIFT cuts off remaining N. Korean banks)

In the last month, major news stories about North Korea have bombarded my batting cage faster than I’ve been able to swing at them. I’d wondered when I’d have a chance to cover Katy Burne’s detailed story in the Wall Street Journal about the empty half of the SWIFT glass — that despite its recent decision to disconnect three U.N.-designated North Korean banks, it’s still messaging for banks that are sanctioned by the Treasury Department, but not by the U.N.:

The U.S. Treasury-sanctioned banks that remain on Swift include the state-owned Foreign Trade Bank of the Democratic People’s Republic of Korea, the country’s primary foreign-exchange bank; Kumgang Bank; Koryo Credit Development Bank; and North East Asia Bank, according to people familiar with the network. A search on Swift’s website listed active bank identifier codes for the institutions as of Monday.

The U.S. designated for sanctions the Foreign Trade Bank in 2013, saying it facilitated weapons of mass destruction programs in North Korea. The other three were sanctioned in December as the U.S. targeted entities it said supported the North Korean government and its weapons programs following the Asian nation’s September 2016 nuclear test.

The apparent sanctions gap raises questions about how easily North Korea could move currency through alternative banking channels, something the U.N. said it has been known to do in the past through fronting companies. [….]

While based in Brussels and regulated by Belgian authorities, the company intersects daily with U.S. financial institutions, processing tens of millions of payment instructions, including through a large facility in Culpeper County, Va. [WSJ, Katy Burne]

I won’t sugar-coat this; the fact that these dirty and important (to His Porcine Majesty) banks can still use SWIFT is a major hole in our sanctions, and whether Congress and the administration are willing to close it will be a test of how serious they are about stranding Pyongyang’s money.

I can understand some of SWIFT’s likely arguments against that, mind you: first, SWIFT has earned much good will from Treasury for favors it has done them on terrorist financing; second, there may be other potential providers of the same service that may be less responsive to U.S. legal pressure. Fair enough, but whoever takes up that slack in SWIFT’s wake should be sanctioned to swift extinction (yes, intended). For a list of North Korean banks indicating which ones are designated by the U.N. and the U.S., see this post, and scroll down.

Meanwhile, Symantec now claims it has additional evidence that the hacker group Lazarus, which it had previously linked to the robbery of the Bangladesh bank using hacked SWIFT software, is responsible for that attack, and more:

A North Korean hacking group known as Lazarus was likely behind a recent cyber campaign targeting organizations in 31 countries, following high-profile attacks on Bangladesh Bank, Sony and South Korea, cyber security firm Symantec Corp said on Wednesday.

Symantec said in a blog that researchers have uncovered four pieces of digital evidence suggesting the Lazarus group was behind the campaign that sought to infect victims with “loader” software used to stage attacks by installing other malicious programs.

“We are reasonably certain” Lazarus was responsible, Symantec researcher Eric Chien said in an interview.

The North Korean government has denied allegations it was involved in the hacks, which were made by officials in Washington and Seoul, as well as security firms.

U.S. Federal Bureau of Investigation representatives could not immediately be reached for comment.

Symantec did not identify targeted organizations and said it did not know if any money had been stolen. Nonetheless, Symantec said the claim was significant because the group used a more sophisticated targeting approach than in previous campaigns.

“This represents a significant escalation of the threat,” said Dan Guido, chief executive of Trail of Bits, which does consulting to banks and the U.S. government. [Reuters]

Further down, the report suggests that one or more Polish banks may also have been hit, but “Reuters has been unable to ascertain what happened in that attack.” The headline having promised evidence of attribution to North Korea, however, the text of the story itself left me wanting more. It’s not news that Symantec has linked Lazarus to North Korea; Symantec did that almost a year ago. Nothing in Reuters’s report adds evidence to that attribution.

Nor does this story suggest that there’s enough evidence for the feds to act against Lazarus, although it does hint that the FBI is investigating. Jurisdiction shouldn’t be an issue in the Bangladesh case; money moved through the New York Federal Reserve Bank. Attribution is the real question. Depending on what they can prove, the feds would have many potential charging options, including bank fraud, wire fraud, the Computer Crime and Abuse Act, racketeering, and money laundering. Furthermore, there are anti-hacking provisions in both the NKSPEA (section 104(a)(7)) and Executive Order 13722, which means that if the feds could find any of Lazarus’s money, or any assets of Lazarus’s co-conspirators — regardless of whether those assets can be traced to any of these specific acts — the Treasury Department could freeze them, and the Justice Department could forfeit them.

And needless to say, the indictment of a state actor would be a big deal, for a lot of reasons.

So far, I don’t see enough in the open sources to support that, but it’s good news that the white hats are working diligently on this. If they can attribute this to senior officials in the North Korean government — most likely, within the Reconnaissance General Bureau — then it would be our legal basis to go after the RGB’s assets, which we’ve recently learned include some sophisticated and global commercial operations. This story bears close watching.

~   ~   ~

Update:

Reuters is reporting that SWIFT will disconnect the remaining North Korean banks:

SWIFT, the inter-bank messaging network which is the backbone of international finance, said it planned to cut off the remaining North Korean banks still connected to its system, as concerns about the country’s nuclear program and missile tests grow. SWIFT said the four remaining banks on the network would be disconnected for failing to meet its operating criteria.

The bank-owned co-operative declined to specify what the banks’ shortcomings were or if it had received representations from any governments. Experts said the decision to cut off banks which were not subject to European Union sanctions was unusual and a possible sign of diplomatic pressure on SWIFT. [Reuters]

Now that SWIFT has gotten itself right with Jesus, I would like to implore everyone, everywhere to lay off SWIFT. It’s absolutely true that if we turn SWIFT into a political surrogate for our sundry political conflicts, the world’s dirtiest banks will just take their business elsewhere. That’s not a trend we want to encourage. SWIFT has usually been a responsible member of the financial community, sometimes at great cost to itself.

My argument all along has been that (1) North Korea deserves to be an exception to that rule because (2) North Korea is a unique threat to the financial system — not to mention, to all of humanity — as documented in (3) seven U.N. Security Council Resolutions, a Patriot Act 311 determination, and a call for “countermeasures” by the Financial Action Task Force. You can’t say that about any other country on earth right now — not even Iran. I can’t reconcile messaging for North Korean banks with any of those authorities. And if any competitor tries messaging for the FTB, it’s especially important that the Treasury Department should have the authority to obliterate them (which is why Congress should still proceed with something like the BANK Act).

Having said all that, I wouldn’t be too quick to assume that diplomatic pressure was the main reason for this most welcome decision. “Operating criteria” could mean a lot of things, but it’s a slightly better fit with “massive global bank fraud” than it is with “diplomatic pressure.” If there are more developments in the Lazarus investigation than the Reuters report makes apparent, and if those developments convinced SWIFT that it had unwittingly helped the North Koreans defraud its more reputable clients by sharing its software with them — and their hackers — that would be a perfectly good (and equally plausible) reason for SWIFT to have cut the North Koreans off.

Yet again, the North Koreans are tactically brilliant criminals. And yet again, they’re strategically moronic. It’s a rare and happy day when someone finally holds them to account for it.

Continue Reading

The Commerce Department should review PUST’s export licenses for North Korea

Last week, several news outlets reported that representatives of PUST, the Pyongyang University of Science and Technology, are in the United States, seeking support to expand their curriculum in North Korea. PUST didn’t say what kind of support it seeks, but recent reports suggest that PUST has lost donors and had to slash its budget. PUST is probably looking for money. Donors, however, would be wise to keep their checkbooks closed until the Commerce Department and a U.N. Panel of Experts review precisely what PUST is teaching the North Koreans.

1. PUST needs to give better answers to charges it’s training North Korean hackers.

PUST teaches its mostly male, entirely elite students what their government wants them to learn. PUST trains doctors and nurses, and without knowing more, that’s probably unobjectionable. But PUST also teaches information technology subjects that could be a baseline for training hackers, such as those who hacked Sony Pictures and made terrorist threats against theaters showing “The Interview.” (North Korea both denied and applauded the attacks.) Subsequently, two defectors claimed that PUST is indeed training North Korean hackers. PUST denies the claim, but without the ability to track its alumni through some of the most secretive parts of North Korea’s government, it’s hard to see how PUST could possibly know this, one way or another.

If PUST is training North Korean hackers, it’s probably doing it pursuant to a license from a the U.S. Commerce Department. Without knowing exactly what PUST is exporting to North Korea, it’s impossible for me to say which of those exports are controlled by the Commerce Department, but the list of items that may require export licenses includes software, information security, telecommunications, and computers, and PUST has admitted that it operates pursuant to Commerce Department licenses. It’s past time for the Commerce Department to review those licenses, and (at a minimum) revoke those related to information technology. The continuation of some of those programs may well violate both U.S. law and U.N. Security Council resolutions.

2. U.S. law imposes mandatory sanctions for cyber-related activities.

Ethan Epstein’s post at The Weekly Standard raises another potential legal issue for PUST: the new sanctions law, and the executive order, section 104(a)(7) of which imposes mandatory sanctions on any person who facilitates North Korean hackers, and section 104(a)(8), which bans the export of software for the use of North Korea’s ruling party.  What I can’t say is exactly what North Korean entities PUST is dealing with and how those entities are linked to North Korea’s hacking operations. The government should investigate, and until it gets satisfactory answers, it should suspend PUST’s IT-related licenses.

3. The latest U.N. resolution requires the suspension of scientific and technical cooperation with North Korea, pending U.N. or U.S. government review.

If North Korea is using PUST to train hackers, it wouldn’t be the first time a scientific or academic engagement program came under suspicion of misuse for nefarious purposes. There was the time that North Korea’s aerospace agency tried to join the International Astronautical Federation, until the U.N. Panel of Experts pointed out that Federation might have given Pyongyang access to sensitive missile-related technology. Or the Indian institute that trained North Korean rocket scientists. Or the Russian institute that hosted North Korean nuclear scientists to conduct joint research, including one who is sanctioned by name. Or the program sponsored by Syracuse University that may well have taught the North Korean security forces how to digitally watermark and trace documents smuggled into North Korea on USB drives. But surely, an exchange program to help North Korea grow food couldn’t have sinister purposes? But yes, even a Swiss-funded project, ostensibly to teach North Korea how to make bioinsecticide, turns out to be perfectly suited to produce biological agents. All of which may explain why the U.N. Security Council adopted this provision late last year:

“11.  Decides that all Member States shall suspend scientific and technical cooperation involving persons or groups officially sponsored by or representing the DPRK except for medical exchanges unless:

(a) In the case of scientific or technical cooperation in the fields of nuclear science and technology, aerospace and aeronautical engineering and technology, or advanced manufacturing production techniques and methods, the Committee has determined on a case-by-case basis that a particular activity will not contribute to the DPRK’s proliferation sensitive nuclear activities or ballistic missile-related programmes; or

(b) In the case of all other scientific or technical cooperation, the State engaging in scientific or technical cooperation determines that the particular activity will not contribute to the DPRK’s proliferation sensitive nuclear activities or ballistic missile-related programmes and notifies the Committee in advance of such determination; [UNSCR 2321]

I read this language to require the U.S. government to suspend PUST’s scientific and technical cooperation with North Korea pending a full review. Whether you agree that that’s required by the letter of the resolution, that position is certainly consistent with the resolution’s spirit. Suspending PUST’s Commerce Department export licenses, and any licenses it has been granted by the Treasury Department’s Office of Foreign Assets Control, are the most obvious ways to effect that suspension.*

PUST wanted to “open a door to the outside world for the future leaders,” but as this blog has chronicled for more than a decade, this theory hasn’t worked so well in practice. Sixteen years after its founding, PUST admits that its staff “avoids talking about politics and religion in the classroom.” (Update: According to this report, PUST actually started teaching students in 2010.) For those who’ve read Suki Kim’s memoir of her experiences at PUST, that’s an understatement. She describes a suffocating, Orwellian environment where the air is thick with fear for one’s self, and for the others one might incriminate with a careless expression of free thought. PUST’s furious reaction to Ms. Kim’s book — revealing its own efforts to vicariously censor her on Pyongyang’s behalf — lent further credibility to her account.

So it always goes with those who engage Pyongyang, thinking they’ll change North Korea; it always works the other way around — there are no exceptions. Invariably, they must enlist as Pyongyang’s propagandists, censors, or financiers, or they must leave. Every wide-eyed engager predicts a Pyongyang Spring, but in Pyongyang, it’s always Groundhog Day.

~   ~   ~

* I edited this paragraph after publication.

~   ~   ~

Update, 2/9: Two readers forwarded me links to Korean press reports that PUST spent donated funds on building a Juche research center and a Kim Il-sung monument on campus.

Continue Reading

Why North Korea will go back on the list of state sponsors of terrorism this year

As I write, Yonhap is reporting that North Korea may be fueling up two ICBMs for a test. Meanwhile, in Washington, Texas Republican Ted Poe has already shaped one part of the likely response to that. Poe isn’t one to back down from a fight — not with leukemia, and not with North Korea. He’s back at the helm of the House Subcommittee on Terrorism, Nonproliferation, and Trade, where one of his first acts this year was to reintroduce a bill that would call for the State Department to re-list North Korea as a state sponsor of terrorism. (The text still isn’t published at post time, but here’s a previous version.)

Specifically, the bill puts a series of North Korean acts before the State Department and asks it whether (1) North Korea did that thing, and (2) whether that thing meets the legal definition of terrorism. Because federal courts have already said “yes” to both of those questions for several of those things, there’s really only one right answer to the question of whether North Korea has, as section 6(j) of the Export Administration Act puts it, “repeatedly provided support for acts of international terrorism.”

For reasons I’ll explain in the rant that follows, North Korea’s exclusion from the list of state sponsors of terrorism has long irritated me. My guess is that I’ll soon have one less thing to rant about, because I’d assess the chances of North Korea going back on the list this year as above 90 percent — most likely, sometime between Groundhog Day and Memorial Day. I’m not revealing any insider knowledge, mind you, but you don’t need to be a weather man to know enough to bring your parka to Fargo in February. Kim Jong-un is going to do a lot of provocative things this year, and putting North Korea back on the list is not only an obvious response, it’s legally well-justified. Let’s start with the obvious.

1. North Korea sponsors terrorism.

Three years ago, I decided I’d had my fill of “experts” writing that North Korea doesn’t sponsor terrorism without having made any apparent inquiry into the evidence or the law, so I sacrificed my Christmas leave to write a hundred-page, peer-reviewed report laying that evidence out, analyzing the legal standards for listing a government as a state sponsor of terrorism, and applying North Korea’s recent conduct to that standard. I’m not going to repeat that entire report here, but I should probably at least give you a taste of it: in the last ten years alone, North Korea has armed terrorists, sent hit teams to murder defectors and dissidents, held the kidnapped citizens of other countries as prisoners, harbored hijackers, launched cyber attacks against newspapers and nuclear power plants, and threatened movie theaters across the United States with terrorist attacks if they showed a film parodying Kim Jong-un. For which, Barack Obama did approximately nothing.

Pause, for a moment, on that last point. Never in U.S. history has a foreign dictatorship so successfully chilled Americans’ freedom of expression in their own country, although Muslim supremacists also managed to get a public apology, an arrest, and de facto censorship of “blasphemous” speech that’s also at the very core of what the First Amendment protects. So, have you seen any good movies about North Korea lately? Neither have I, and it’s not for lack of suitable material. That should scare you, because as Obama himself said before doing approximately nothing:

“We cannot have a society in which some dictators someplace can start imposing censorship here in the United States because if somebody is able to intimidate us out of releasing a satirical movie, imagine what they start doing once they see a documentary that they don’t like or news reports that they don’t like.” [CNN]

That’s pretty typical Obama: a good, decent, and intelligent man articulating important principles eloquently and then failing completely in their defense and implementation.

Of course, no amount of evidence of North Korea’s sponsorship of terrorism will be enough to persuade people who oppose re-listing North Korea for policy reasons. Doug Bandow, for example, pretty obviously saw the report, and just as obviously didn’t read it. But then, Bandow’s policy views on North Korea — he favors immediate bilateral negotiations with Kim Jong-un, the lifting of sanctions, and a total U.S. withdrawal from South Korea — aren’t likely to have much support on Capitol Hill, or (from the looks of the confirmation hearings) in the new administration. As far as the strength of the evidence against North Korea goes, if it’s good enough for multiple federal district court judges and one federal court of appeals, it’s good enough for Doug Bandow, or would be if the evidence mattered to him at all.

2. North Korea never really renounced terrorism.

President George W. Bush announced the decision to remove North Korea from the list of state sponsors of terrorism on June 26, 2008, in exchange for Kim Jong-il’s promises to dismantle his nuclear weapons programs (by law, the decision became effective on October 11th of that year). The results of that bargain speak for themselves, but let’s not get ahead of ourselves.

By law, there are two conditions to remove a state from the list of state sponsors of terrorism, both of them ridiculously easy to beat. First, the Secretary of State has to certify that the state has not “provided any support for international terrorism during the preceding 6-month period.” That’s six whole months of good behavior! Second, he has to certify that the government has “provided assurances that it will not support acts of international terrorism in the future.” Presumably, then, North Korea gave the State Department another one of its pro-forma statements that it opposes terrorism, a term it defines in an extraordinarily strange way.

What North Korea never actually did to get George W. Bush to rescind the designation, of course, was renounce terrorism in a minimally convincing way. It never sent the Japanese Red Army hijackers back to Japan to face trial. It never returned any foreign abductees, including the dozens of Japanese or South Koreans it kidnapped from the soil of their own home countries. It never accounted for its kidnapping of the late Rev. Kim Dong-shik, despite then-Senator Barack Obama’s written, signed promise that he’d oppose North Korea’s rescission from the list until it did. Which you can read for yourself right here.

Not only has North Korea never admitted, acknowledged, or apologized for its past acts of terrorism, within a year after being removed from the list, it was caught red-handed on at least three occasions shipping arms to Iran, probably for the use of Hezbollah, Hamas, and/or the Quds Force.

At this point, it’s tempting to get into a semantic discussion about what “sponsorship” and “terrorism” even mean, except that I’ve already done that in my long report. I’ve even suggested new definitions to clarify the law (which actually contains multiple definitions, all of them mutually inconsistent and imperfect for their own reasons).

Lawyers look to the text of the law first, and then to precedent to help them apply the law when it isn’t clear. As you’ll see in my report, some of North Korea’s conduct clearly fits the legal definitions and some of it doesn’t. When the law itself isn’t clear, we turn to examining what conduct the State Department used to justify the listing of other countries as sponsors of terrorism in previous annual reports. Merely building a nuclear weapons program probably doesn’t meet the legal standard, so logically, dismantling (or promising to dismantle) a nuclear program isn’t a renunciation of terrorism, either. In other words, removing North Korea from the list in 2008 wasn’t really about terrorism. That opened the list itself to charges that it was politicized.

3. North Korea should have gone back on the list when it broke its bargain.

Congress was never happy about President Bush’s rescission of North Korea’s listing in the first place. Legally, it can stop a rescission by passing a resolution within 45 days, but in 2008, the Bush administration announced the rescission just as Congress was leaving for summer recess, which as you’ve guessed by now, is longer than 45 days. Neat trick, right? Except that Congress never forgot that.

At the time President Bush announced that decision, both candidates for the 2008 presidential election, Barack Obama and John McCain, said that if North Korea didn’t follow through on its promises to disarm, they would re-list North Korea (see page 51). Well, guess what? North Korea tested a nuke four months after Barack Obama took the oath of office, and Obama never did re-list North Korea.

In other words, North Korea was put on the list for things that clearly fit the legal definitions of terrorism (the 1983 Rangoon bombing and the 1987 Korean Air Lines bombing), but was taken off the list for promising not to do things that didn’t really fit those definitions. Admittedly, I’ll wince a little when the Trump administration re-lists North Korea for something that, in all probability, won’t exactly fit the definition, but at least I’ll take comfort from the fact that the evidence is otherwise overwhelming, and the error will be harmless. 

Of course, the usual suspects will rend their garments and wail: “No fair! A nuclear test isn’t terrorism!” To which I’ll say, “Where have you been hiding since 2008?” Every year since then, State Department reports have printed the flat-out lie that “North Korea is not known to have sponsored acts of terrorism since … 1987.” At least, I’d think they were lying if I really thought they even knew what the truth was.

4. Both Democrats and Republicans in Congress want North Korea back on the list.

Did I mean to suggest that senior officials in the U.S. Department of State might have been clueless about the evidence of North Korea’s sponsorship of terrorism? Yes, I do. If you doubt me, just watch this hapless State Department official freeze like a deer staring into Judge Poe’s fog lamps at a hearing in 2015, as Poe waved one of those federal court decisions at her that found North Korea liable for sponsoring terrorism. It’s probably the single worst performance I’ve ever seen by a committee witness in all the years I’ve been watching Congress. Pretty clearly, Poe and Sherman weren’t appeased. They had plenty of follow-up questions, and introduced the first version of the current bill shortly thereafter.

Because this is a new Congress with plenty of time to pass legislation, and because North Korea is going to piss Congress off within the next few months — or hours — the new version of Poe’s bill will almost certainly pass on a voice vote. In recent years, calls to re-designate North Korea have become increasingly bipartisan. That’s been especially true since the 2014 Sony cyberterrorist attacks, when Bob Menendez, the New Jersey Democrat who then led the Senate Foreign Relations Committee, added his name to the list of those calling for North Korea to go back on the list. Traditionally, Senate Democrats have been the State Department’s best procedural backstop to prevent bills from becoming law, but on North Korea, today’s Senate Democrats are often just as hawkish as the Republicans. Just watch them in action. They aren’t about to sacrifice themselves for Kim Jong-un.

5. North Korea is about to piss Donald Trump off.

You don’t even have to read the headlines to know this. North Korea always provokes new U.S. or South Korean leaders as they’re forming their governments and policies. Whether this extortionate strategy works is less important than whether North Korea thinks it will. Pyongyang provoked Barack Obama, Lee Myung-bak, and Park Geun-hye, and all signs are pointing to it trying the same with Trump. As Evans Revere paraphrases what they’re thinking in Pyongyang today, “We are willing to risk nuclear war to achieve our goals, are you?”

Personally, I think they’re about to make a grave miscalculation. I don’t give free advice people I despise, but if I’m right about Pyongyang right now, Kim Jong-un will act as much out of impulse as design, and none of the people in Pyongyang who are reading this will dare tell him not to. But if you are reading this from Pyongyang, feel free to try your luck.

6. It’s easy.

There’s no act of Congress necessary to re-list North Korea. All the Secretary of State would have to do is sign a one-page letter invoking section 6(j) of the Export Administration Act. If a pissed-off POTUS is looking for something nasty to do to Kim Jong-un the same day he has the red mist, this is the easiest thing to pull off the shelf.

(A diabolical afterthought: Donald Trump could arguably re-list North Korea in less than 140 characters: “North Korea has repeatedly provided support for acts of international terrorism.” You’re done, and you still have room for the “#MAGA” hashtag! Section 6(j) of the Export Administration Act controls the listing “process” and criteria … such as they are. The law doesn’t require any particular format or an act of Congress, and unlike the rescission process, there are no delays built in. Yeah, yeah, I know 6(j) says the Secretary of State makes that determination. Wanna argue that POTUS lacks the authority the Secretary of State has? If a memo is good enough, why isn’t a tweet? If a tweet is good enough, why not a retweet? If you find that process to be just a bit too … spontaneous, well, maybe now I can convince you (as I argued in my report) that Congress should have a greater say in it. Meanwhile, if you think you can bait the Commander in Chief into retweeting North Korea back onto the list, I’ll hold your beer while you do it. Also, I’ll buy your next one.)

7. There’s no diplomatic reason not to.

If you’ve watched any of the confirmation hearings for Secretary of State, Secretary of Defense, CIA, of U.N. Ambassador, these people don’t sound like they have Joel Wit’s number in their Rolodexes, and they don’t sound terribly interested in Agreed Framework 3.0. Ironically, that makes an agreement more likely, not less. I don’t know if that’s reason for woe or optimism until I see how hard Trump is willing to push Kim, how long we’re willing and how much we’re able to build up our leverage, and what deal we might eventually make. Whatever the answer to those questions, this isn’t the year for it, and neither is next year.

8. It will close some sanctions gaps.

For years, the State Department has told reporters that re-listing North Korea would be “symbolic,” and for years, reporters — the same reporters who uncritically repeated the twaddle about North Korea being under heavy sanctions — printed that without questioning it. A year ago, when our North Korea sanctions were much weaker than that are now, a re-listing of North Korea would have made a bigger difference than it would make now that Congress has passed a law strengthening sanctions.

But that doesn’t mean that a re-listing wouldn’t close some important gaps. First, it would trigger 31 C.F.R. Part 596, meaning that banks would have to apply for a Treasury Department license to process dollar transactions on North Korea’s behalf. That would be extremely powerful by itself. Just ask BNP Paribas, which paid a multi-billion-dollar settlement for violating similar requirements on behalf of Iran, Cuba, and other countries subject to that sort of licensing requirement. Second, it would trigger SEC rules requiring corporations to disclose their investments in North Korea in public filings. That, in turn, could trigger a North Korea divestment movement by NGOs (I know this sounds contradictory, but I expect to be surprised how many companies invest in North Korea and issue securities in the U.S.) Third, it would require U.S. diplomats to oppose benefits (like loans) for North Korea from international financial institutions. Fourth, it would mean that U.S. victims of North Korean terrorism could sue North Korea for its acts of terrorism. None of those sanctions are in effect now, and each would do significant financial damage to North Korea.

Continue Reading

Hacked again

For the last several weeks, North Korea-watchers in Washington have been warning each other about suspicious attachments and spoof messages. I was starting to feel ignored, envious, and unimportant until Friday, when a friend warned me that my site was blocked by his office’s anti-malware software.

I don’t have the sophisticated defenses that big institutions do, but fortunately, I have an excellent hosting service. The last time this happened, they recommended a subscription service that cleans up malware injects. Between the hosting service and the security service, they cleaned out the malware and helped me get everything back to normal with minimal inconvenience and impact on functionality.

I suppose this is an occupational hazard of blogging about North Korea. All of which is a roundabout way of saying, “Be careful out there.”

Continue Reading

N. Korea’s biggest a**hole shoots Vice-Premier, sends second-biggest a**hole to weed the fields

Here at OFK, stories about kremlinology are usually page two material. Too often, we’ll read reports that some official or minor celebrity has been executed, only to read a year later that the target has risen like Lazarus from the KCNA crypt. As a general rule, the closer a story about North Korea is to the center of the power structure, the less I tend to believe it. Which is why I didn’t even tweet the report yesterday that His Porcine Majesty executed the former agriculture minister and a senior education ministry official with an antiaircraft gun. 

Still, I’m marginally more likely to believe reports from the semi-official news agency Yonhap about this particular type of story, where it’s marginally less likely than most sources to run with stories that turn out to be false. 

So, with those caveats dispensed with, Yonhap quotes an anonymous “Seoul official” as saying that His Porcine Majesty sent Vice-Premier Kim Yong-jin to the firing squad last month for being an “anti-party and anti-revolutionary element,” which, in reality, could mean about anything, but probably means he did something very bad. Kim Yong-jin does not make an appearance in the OFK archives, which may mean nothing more than the fact that he never attracted my attention.

But one person who makes many appearances in the OFK archives is Kim Yong-chol, who according to the same Yonhap story, was sent “to a rural farm for one month of reeducation starting in mid-July” for abuse of power and showing a “’heavy-handed’ attitude.”  Far be it for me to defend an a**hole like Kim Yong-chol, but isn’t that written into the job description?

Since January, Yong-chol’s job has been to head the United Front Department. Immediately before that, however, he headed the Reconnaissance General Bureau, North Korea’s external spy agency. As such, Kim Yong-chol was responsible for the 2010 Cheonan and Yeonpyong Island attacks, the 2014 Sony cyberterrorist attack, the 2015 land mine attack, and a whole series of assassination attempts against South Korean human rights activists and North Korean dissidents in exile.

You can read all about it in my report, “Arsenal of Terror,” which is not available in bookstores.

Kim Yong-chol’s d**k moves also come in the more petty variety. A year and a half ago, when DNI Director James Clapper visited Pyongyang on a hostage-fetching mission, Yong-chol invited Clapper to dinner, only to present him with a bill for his meal. For reasons I’m sure are unrelated to this, Kim Yong-chol was designated by the Office of Foreign Assets Control for a second time right about that time (he was first designated in 2010). Not reported is whether Clapper actually paid the bill, or whether the Treasury Department is investigating.

For more rumors about the latest purges in Pyongyang, The Joongang Ilbo has you covered.

All of which leaves me with two questions. First, do you suppose when a pezzonovante like Kim Yong-chol is weeding peas in the hot July sun, he’s thinking about how deeply sorry and humbled he is, and how much he loves and respects his morbidly obese thirtysomething boss who earned his chops in front of a Playstation? Neither do I.

Second, if Andrei Lankov is right, and the fear of purges is the main reason (or more probably, one important reason) why so many North Korean diplomats are rushing for the exits, will this push more diplomats, officials, bankers, and money launderers to reconsider their return travel plans?

Continue Reading

Meet the “Libertarians” who would surrender our liberty & our security to Kim Jong-un’s censors

I doubt that America has fully come to terms with the damage done to its freedom of expression by the Sony cyberterrorist attack of 2014, or by the increasing willingness of Muslim supremacists to extinguish our civil liberties through violence. It is an easy thing to be a civil libertarian when the subject is, say, the limits of a proposed law allowing the FBI or NSA to eavesdrop on suspected terrorists’ communications or monitor their social media posts. Even if we acknowledge the legitimacy of these debates, it is a modern marvel of hypocrisy to watch ardent, self-described civil libertarians quietly slink away from the defense of our civil liberties from greater and less restrained threats, particularly when doing so requires actual courage, whether physical, political, or professional.

Some would cede to the censorship of “Islamophobia” or “hate speech” or blame the targets and victims of terrorism for inciting attacks against themselves. Others still deny North Korea’s responsibility for cyberattacks that the FBI and the NSA watched unfoldNext time you meet one, ask a Sony conspiracy theorist (among whom we may count David Duke) what incentive President Obama had to blame North Korea for an attack on the United States. So that he would have an excuse to do nothing about it, and to face criticism from both political parties for the inadequacy of his response? To corner the market in North Korea’s vast riches of coal, meth, and refugees? In which case, why not secure an endless supply of two of those things by invading Wyoming?

To see a free society yield to its most cowardly impulses is to realize that our liberty will never be taken from us without the help of collaborators among us. Sadly, North Korea’s injury to our freedom to express ourselves in our own country has healed slowly. It may last as long as North Korea does.

The Museum of Modern Art has acknowledged it wrongly canceled the New York debut of “Under the Sun,” a documentary about North Korea that has been criticized by that country and Russia.

A slyly subversive look at the reclusive state by the Russian filmmaker Vitaly Mansky, the film had been scheduled to be shown at the museum’s 2016 Doc Fortnight festival on Feb. 19-29. But an email exchange provided by the film’s German producer to The New York Times shows that a festival organizer, Sally Berger, an assistant curator at MoMA, expressed concern in late January about screening the film after reading an article suggesting that any organization that did so risked retribution from North Korea.

In the emails, Ms. Berger referred to a major hacking attack on Sony Pictures that the United States has described as retaliation by North Korea for a 2014 film satire of the country, “The Interview.”

She followed up a few days later to tell the documentary’s distributor that it would not be included in the festival. “It just simply came in too late to review all the possible ramifications of showing it here at MoMA,” she wrote.

Asked about the decision to withdraw the film, Rajendra Roy, the chief curator of MoMA’s film department, said Thursday in a written statement: “‘Under the Sun’ is a remarkable documentary that was wrongly disinvited.” He added that the decision was “made by the festival’s curator without my knowledge or input.”

The museum said on Friday that Ms. Berger was no longer working there. Margaret Doyle, a spokeswoman for the museum, declined to elaborate, and Ms. Berger, reached by telephone, said she would not comment. [Robert Boynton, New York Times]

Kudos to the MoMA for firing this quisling, although it gives me little comfort to wonder how many other galleries, publishers, and film studios have quietly and vicariously surrendered our freedom. If our choices are to live in a society where North Korea controls what we are allowed to see and read, or to live in a world without North Korea, please record my vote for the latter option. North Korea acknowledges no such concept as freedom of political expression. It does not respect our borders as inviolable. Its censorship knows no limits or boundaries, and to surrender to it is to forfeit our freedom. Judging by the frequency of North Korea’s cyberattacks since then, nothing President Obama has done since 2014 has persuaded Kim Jong-un otherwise.

Which brings us to some of America’s most ostentatious and uncompromising civil libertarians, who are also among the first to slink away from the greatest threats to our security, our liberty, and our rights to speak, live, and love as we choose. Take the case of some fellow called Jacob Hornberger, a lawyer, Fox News contributor, and collaborator of Ron Paul’s racist muse Lew Rockwell:

There are all sorts of suggestions as to how to get North Korea to abandon its nuclear weapons program, but all of them involve one form of interventionism or another. A popular idea of late is for the U.S. government to pressure China to induce North Korea to comply with U.S. wishes. How can the U.S. pressure China? Well, maybe by threatening to impose sanctions on China or maybe by threatening a trade war.

I’ve got a different idea: How about just leaving North Korea alone for the first time in more than 50 years? How about immediately lifting all sanctions against the North Korean people and immediately bringing home all U.S. troops stationed in Korea?

No negotiations.  Just unilateral withdrawal. Just unilaterally lifting all sanctions? How about establishing normal diplomatic relations with North Korea and leaving Americans and the rest of the world to trade with and visit that country?

In other words, how about treating North Korea in much the same way that the U.S. government is now treating the communist regime of Vietnam? . [Jacob G. Hornberger]

Hornberger then proceeds to explain that the tongue bath he would thus give Kim Jong is not a literal one:

No, I’m not suggesting that U.S. officials have to kiss, hug, and make nice with the North Korean communist officials, as they are currently doing with Vietnamese communist officials. And no, I’m not suggesting that the Pentagon plead with the North Korean communist regime to establish U.S. military bases there, as Pentagon officials are doing with the Vietnamese communist regime.

I’m just suggesting that the U.S. government leave North Korea alone. No more U.S. troops in South Korea. No more sanctions. No more B-52 flyovers. No more joint military exercise with South Korea. No more U.S. warships in the area. No more insults. No more provocations. Just come home and leave them alone. [Jacob G. Hornberger]

How Hornberger proposes to get North Korea to leave us alone, he does not specify. Specifically, I want to call your attention to where Hornberger calls for “[n]o more insults.” He manages to get through his entire argument without using the words “cyber” or “Sony,” neatly avoiding denialism and conspiracy theories by conceding that even if one accepts North Korea’s responsibility for the attacks, he’d still shake the hand at the end of the long arm of Kim Jong-un’s censors. I wonder what “insults” he might possibly mean if he doesn’t mean films and books that offend His Porcine Majesty. Would he censor the statements of our leaders and allies that Kim Jong-un should feed North Korea’s children? Votes in the U.N. General Assembly condemning his crimes against humanity, or investigations of those crimes by U.N. field offices? Academic conferences about government policy toward North Korea? Or what if, as a private citizen, I were to simply ask you to picture Kim Jong-un trying to put his own socks on? 

Which of these things does Hornberger suppose to be inviolable rights of citizens in free societies, and why does he suppose that Kim Jong-un would recognize the same fine distinctions? Why does Hornberger suppose that His Corpulency would be more respectful of our rights and boundaries after we cede him an effective nuclear arsenal?

Thankfully, Libertarian presidential candidate Gary Johnson does not appear to share Hornberger’s view of North Korea policy, although I can’t say much for his coherence on the subject, either. Still, it’s concerning that most of the diverse viewpoints that fit inside the “Libertarian” circus tent advocate some form of surrender to Kim Jong-un. Take, for example, noted sanctions not-at-all-expert Doug Bandow, who is ready to pronounce sanctions a failure in the very same month that U.N. member states and banks around world have finally begun to implement them in earnest — something that never happened in the case of Cuba. 

Washington could intervene by maximizing unilateral sanctions. However, such penalties have yet to force political change in any nation. For a half century, Cuba resisted U.S. pressure, even after the U.S. imposed secondary controls. Sudan survived decades of financial isolation. North Korea almost certainly would do the same, especially if the China continued to support its frenemy. [Doug Bandow, The National Interest]

Why, it’s almost as if Bandow enters the discussion with a preconceived conclusion before the evidence comes in! So how, then, does Bandow propose to secure our vital domestic and international interests, such as our freedom of expression and the global nuclear nonproliferation framework? Spoiler: he doesn’t:

One is to initiate both bilateral and multilateral talks, and determine if there is any kind of deal to strike. Forget convincing North Korea to give up its existing arsenal. Instead, consider limits on future production, proliferation activities and conventional threats. At the same time the U.S. and its allies should emphasize steps which would reduce any perceived threat to North Korea. [Bandow]

Bandow never explains how he’d defend our civil liberties from North Korean censorship from afar, although he has previously written that we should do so by — wait for it — canceling annual military exercises in South Korea, and withdrawing from Korea. That would create a sudden power vacuum in a region that has long been stabilized by our alliances and which has, consequently, become an engine of economic growth that employs millions of Americans.

Not that I would deny that the force structure of U.S. Forces Korea should change, by withdrawing more ground forces while raising our stand-off air and naval power in the region, our capacity to supply our allies logistically, and by building a Pacific analog of NATO. Not that it would be a bad thing for South Korea and Japan to spend a greater share of their GDPs on their own defense. Not that it’s a bad thing for South Korea, in particular, so see that America feels taken for granted, or that the anti-American rhetoric of some of its own demagogues has costs. That is a far different thing from abandoning allies that have recently started acting like allies again.

Look — I can see why big-“L” Libertarians and Paulies get the idea that Americans want isolationist foreign policies in the post-Iraq era. Ask Americans a sufficiently simplistic, reductive, and loaded question, and most of them will agree that “we should mind our own business.” From this, some academics and politicians conclude that isolationism is politically profitable, but such abstract agreements almost never survive contact with specific crises.

Jacksonians who want us to mind our own business in the abstract are the first ones to demand that we bomb something when they feel provoked by something concrete. Liberals who take quasi-pacifist positions in the abstract will (if only briefly) support interventions in response to specific humanitarian crises, such as in Bosnia, Libya, Rwanda, or even Mount Sinjar in Iraq. And in the case of North Korea, while almost no one wants war, the strongly negative sentiment Americans harbor toward its government suggests that they don’t favor the Hornberger or Bandow “solutions,” which would effectively recognize it as a nuclear power. 

Americans don’t like paying for alliances, but they like the alliances themselves, and they’re capable of calculating the consequences of letting totalitarianism go unchecked. We’ve just finished eight years of the most non-interventionist foreign policy the American electorate would tolerate. It currently burdens President Obama with an approval rating of minus eight points, although it has usually been between minus ten and minus twenty points. If Obama’s foreign policy has done us a service, however inadvertently, it has been to temporarily dispel the idea that you can solve great and complex international problems by ignoring them (much less by just letting in everyone who arrives at your doorstep, including the terrorists among them). Syria is gone. Maybe Iraq and Jordan can be saved, and maybe they can’t. Now, the question is whether Europe will survive. Who thinks that a similar crisis couldn’t happen in Japan and South Korea five or ten years from now if America withdraws from Asia and leaves Kim Jong-un with an effective nuclear arsenal? Or that the consequent crisis wouldn’t come to our shores, too?

Continue Reading

How much have sanctions affected PUST? Not enough, apparently.

Chan-Mo Park, the Chancellor of the Pyongyang University of Science and Technology, or PUST, and a U.S. citizen, is blaming South Korean bilateral sanctions for his difficulties recruiting new academic talent.

He told VOA on Wednesday, “We want to recruit South Korean professors, but the May 24 measure blocks it.”

He was referring to trade and exchange sanctions South Korea made against North Korea on May 24, 2010. The sanctions came after South Korea accused the North of sinking one of its naval boats and claiming the lives of 46 sailors. [VOA]

But just as another North Korean ballistic missile test has failed, Park’s plea may not draw much sympathy  in Seoul.

North Korea’s nuclear and missile tests earlier this year have further isolated the country. In March, a United Nations Security Council resolution placed further restrictions on North Korea’s financial activity.

The school chancellor says that despite international tensions, the university is growing. It is largely supported by Western-based Evangelical Christians. It currently hosts about 500 enrolled students and 100 professors. Some are U.S. citizens. [VOA]

This isn’t the only recent report that PUST has been having difficulties, although other reports have attributed those difficulties to other reasons. In April, South Korea’s No-Cut News reported that donations to PUST from American and South Korean donors had fallen, reducing its monthly budget from $100,000 to $50,000. The same report also claimed that North Korean authorities were trying to force founder and U.S. citizen Kim Chin-kyung out of the PUST leadership, for unexplained reasons. The North Korean government has also failed to follow through with previous commitments for a loan to PUST, and to build an electrical transformer for the campus.

By contrast, U.N. and U.S. sanctions have largely spared PUST thus far. The newest U.N. sanctions resolution bans the provision of “technical training, advice, services or assistance related to the provision, manufacture, maintenance or use” of nuclear, missile, and other WMD-related technology to North Korea, but not technology that could be used for cyberattacks.

PUST continues to export potentially sensitive technology from the U.S. to North Korea under licenses previously granted by the U.S. Department of Commerce.

But if sanctions have largely spared PUST’s computer and cyber-related training programs, it’s worth asking whether they should have. Last December, two North Korean defectors, including one from North Korea’s electronic warfare command, claimed that Pyongyang was recruiting PUST graduates for cyber warfare, and was sending elite recruits for its military and internal security forces to PUST for scientific and technological training. The claim certainly sounds plausible. Topics taught at PUST include “computer hardware systems, wireless communications, data communications and networks, digital communications, pattern recognition (linked to robotics and industrial automation courses), artificial intelligence, data structures, algorithm design, web programming and object-oriented programming.” 

This isn’t the only occasion on which North Korea has been accused of misusing “engagement” programs that transfer technology to North Korea. In January, I raised the question — still unanswered — about whether Syracuse University’s program (unrelated to PUST) to teach North Korea digital watermarking had been used to trace and identify readers of censored content. Last year, this post at 38 North accused North Korea of using a Swiss-funded bioinsecticide program to build an anthrax factory.

Lately, it seems that each week brings a new story of North Korea being blamed for hacking something. This week, it’s a South Korean cybersecurity firm. Last week, it was accused of hacking SWIFT, the postal system for the entire international financial system, to steal $100 million. The week before that, it was a South Korean defense contractor. And so on. North Korea has been implicated in some of these attacks because of the similarity of the malware to that used to hack Sony Pictures in 2014, an attack that effectively terrorized Hollywood out of making any new films about North Korea and made our own freedom of expression significantly less free. And let’s not forget about Pyongyang’s alleged hackings of the Seoul subway system or a string of nuclear power plants in South Korea, either.

PUST, naturally, denies that it is training North Korean hackers, but does not explain how it could possibly know this. Does PUST keep records of which students go on to join Unit 121, the Reconnaissance General Bureau, the Ministry of People’s Security, or the North Korean military? If PUST’s denials are difficult to credit, then the next-best question may be whether the skills PUST teaches young North Koreans could be used by hackers. NK News asked a technical expert, and this was his answer:

But while none of the courses were “hacking” courses per se, a Seoul-based computer engineering professor said that learning how to hack was an essential part of learning computer engineering. The professor, speaking on condition of anonymity, said that students needed to learn hacking for defensive purposes, but indicated this information could be put to use for other purposes.

“Yes they do, not only for North Korea but in U.S. and in (my university) we teach theory on hacking as a required subject,” he said. “One must learn the theory of hacking to excel in defending data from the attacks of hackers. So to make that possible, any computer engineering would teach the theory of hacking.” [NK News]

Whatever role PUST plays in training North Korean hackers, it’s probably not exclusive. A 2014 report by Hewlett Packard names Kim Il-sung University, Kim Chaek University of Technology, and the Command Automation University (or Mirim University), as places where Pyongyang trains its hackers. HP’s report does not name PUST. (In this regard, HP’s report is more directly damning for the Syracuse University exchange program; Kim Chaek University of Technology is its partner.)

But unless one assumes that HP knows everything about where Pyongyang trains its hackers, it’s likely that it trains them different skills at different schools. Foundational training and more advanced training probably take place in different facilities. Given what PUST is known to teach its students, the defectors’ allegations that PUST is at least one of those facilities makes sense. That means that some Americans may well be teaching North Koreans to hack other Americans (and South Koreans, and Europeans, and everyone else). And if they are, they’re doing it all with a license from our own Commerce Department.

It’s fair to point out that PUST also provides medical training to North Korean students. Although some medical technology is also sensitive for purposes of export controls, training doctors, dentists, and nurses does not carry the obvious risks that IT training does. Commerce need not summarily revoke all of PUST’s licenses to mitigate the risk that it’s training hackers. Instead, it should review those licenses individually. When North Korea’s increasingly brazen hacking poses a rising threat to our freedom, our security, and our economy, PUST’s IT-related training poses an unacceptable risk of misuse.

Of course, weighed against these risks, PUST says it’s advancing U.S. national interests by teaching its students about hip-hop music. So maybe in 40 years, some AP reporter can hail the arrival of the beat box in North Korea’s capital. Which, hopefully, won’t be Seoul.

Continue Reading

Meet the assassin/killer/hacker/terrorist Kim Jong-un just put in charge of relations with S. Korea

With all recent movement on sanctions legislation in the House and Senate, I’ve skimmed over the developments in North Korean Kremlinology, reports about which often read like the dossiers in a lost, bad-acid fueled manuscript for a “High Castle” sequel.

If you believe that personnel is policy, however, Kim Jong-un’s choice of a replacement for Kim Yang-gon, who ran Pyongyang’s so-called United Front Department until he died in a car-maybe-not-accident recently, is a dark omen about Kim Jong-un’s policy instincts. The UFD not only handles diplomatic relations with Seoul, but also Pyongyang’s propaganda and influence operations in South Korea, and its substantial cadre of sympathizers and spies there. 

Despite his job description, some scholars attributed pragmatic views to tScreen Shot 2016-01-26 at 9.05.03 PMhe late Kim Yang-gon. By contrast, the choice of General Kim Yong-chol as his replacement set off alarm bells among Korea watchers, who describe him as a “hard-liner” or a “hawk.”

If you believe that inter-Korean relations are a real thing, that’s bad enough:

“We could interpret Kim’s appointment [to head the UFD] as Pyongyang’s declaration that its business with the Park government is now over,” Lim Eul-chul, a professor of North Korean studies at Kyungnam University, told the Korea JoongAng Daily.

“In the short run, Kim’s appointment, if true, is a very negative sign for inter-Korean ties,” he said. “The General Bureau of Reconnaissance is mainly tasked with plotting and carrying out espionage against the South while the UFD is responsible for seeking communication and cooperation with the South.”

Another North Korea expert agreed on the negative implications of Kim’s appointment. “If Kim Yong-chol is really named to the UFD, it is an indication of North Korean leader Kim Jong-un’s decision to strain ties with Seoul,” said Kim Young-soo, a professor of political science at Sogang University. [Joongang Ilbo]

The blunt truth is much worse. Kim Yong-chol is the prime suspect in North Korea’s 2014 cyberattack on Sony pictures, its cyberterrorist threats against American movie theaters, its 2010 sinking of the ROKS Cheonan, the 2010 shelling of Yeonpyeong Island, the 2015 land mine attack against South Korean soldiers, and a whole series of attempted and perfected assassinations in South Korea and China. 

The blunt truth is, Kim Yong-chol is a straight-up terrorist. That’s why he featured so prominently in “Arsenal of Terror,” my report last year documenting North Korea’s sponsorship of terrorism. There’s even a picture of him on page 62. Here’s one reason why:

In April 2010, South Korean authorities announced that they had arrested two North Korean agents who posed as defectors while plotting to assassinate Hwang Jang-yop. Following his 1997 defection, Hwang had become a fierce critic of the North Korean regime, and received multiple death threats.325

In June of 2010, Major Kim Myong-ho and Major Dong Myong-gwan326 of the RGB pled guilty to the assassination plot in a South Korean court.327 The court sentenced each of the defendants to ten years in prison. The defendants told prosecutors that Lt. Gen. Kim Yong-chol, the head of the RGB, personally assigned them to the assassination mission in November of 2009.

On October 10, 2010, just six months after the failure of the assassination plot, Hwang Jang-yop died, apparently of natural causes, at the age of 87. Ten days later, South Korea announced that it had arrested another North Korean agent, Ri Dong-sam, who was also plotting to murder Hwang. Police denied the existence of any connection between that arrest and Hwang’s death.329 [Arsenal of Terror, pp. 61-62]

Kim Yong-chol now becomes the most important North Korean official to have his assets blocked by the U.S. Treasury Department, which could get interesting if he travels abroad or attempts to make dollar payments to hotels or airlines. You can argue whether O Kuk-Ryol (also blocked) is a semi-retired elder statesman or a guy with real control over North Korea’s nukes and counterfeiting, but Kim Yong-chol has clearly reached the top ranks.

To further complicate matters, Michael Madden’s profile adds the ominous details that Kim Yong-chol used to report to O Kuk-ryol, but that “[A]ccording to several sources, Gen. Kim has been difficult for his superiors to manage.”

Consider not only who has risen under Kim Jong-un’s reign, but also who has fallen. Until his 2013 purge, Jang Song-Thaek was often seen as Kim’s regent and adult supervision. Scholars tended to emphasize his relative pragmatism, and his control over Pyongyang’s trade networks inside China, perhaps in the implicit hope (of which I’m a skeptic) that associates trade with reform and moderation. Less often mentioned was that Jang was also in charge of the North Korea’s most feared internal security service and its gulags.

Defense Minister Hyon Yong-chol, who was reportedly stood before a battery of anti-aircraft guns and vaporized — I use the term in the literal, rather than the Orwellian sense — may not have qualified as a “moderate” in North Korean terms, but he was at least presentable enough to send to Russia to meet with Putin. 

In the process, moderates have totally lost out in factional struggles inside North Korea. The latest victim was Kim Yang-gon, in charge of dealings with South Korea. His death last month in a motor vehicle “accident” was the latest in a series of similar misfortunes that have befallen those whose views did not conform with the hardliners. He had visited Beijing several times and had joined North Korea’s second-ranking leader, Hwang Pyong-so, in talks with the South Koreans in Panmunjom for resolving the August mini-crisis on the DMZ.  [Don Kirk, Korea Times]

Of course, moderates in North Korea are like beachfront property in North Dakota — a category that requires a relativistic and expansive definition. Still, the promotion of a stone-cold terrorist to the top ranks of Kim Jong-un’s inner circle says much about how Kim Jong-un sees the world around him, and whether he’s the Swiss-educated reformer we’ve been waiting for.

~   ~   ~

Photo credit: KCNA, via North Korea Leadership Watch

Continue Reading

North Korea and Sony, one year later: An op-ed in the Wall Street Journal

Just over a year ago, President Obama publicly blamed North Korea for a cyberattack on Sony, and for cyberterrorist threats against American moviegoers. Last January 2nd, he signed an executive order authorizing new sanctions against North Korea, part of a promised “proportional response.”

A year later, we’re still waiting to see what President Obama will do to defend freedom of expression here in America. Professor Lee and I have an op-ed in today’s Wall Street Journal, making the case for a stronger response.

Continue Reading

Defectors: PUST is training North Korean hackers

Not for the first time, the Pyongyang University of Science and Technology, a showpiece for academic engagement between North Korea and the Outer Earth, stands accused of teaching its elite students to work as hackers in Kim Jong-Un’s notorious cyberwarfare units. 

North Korea is reportedly recruiting graduates from Pyongyang University of Science and Technology for cyber warfare.

North Korean defector Jang Se-yul, who worked in the North’s electronic warfare command, and another defector Yi Chol claimed on Wednesday in a news conference in Seoul that graduates from the university are assigned to the military for cyber terrorism.

The defectors also said that training institutions affiliated with the Ministries of People’s Armed Forces and People’s Security send trainees to the university to learn advanced science and technology.

The defectors urged South Korean religious and civic groups to reconsider their aid to the North Korean university, which was jointly established by the two Koreas in 2009 and produced its first graduates last year. [KBS]

It takes some searching to find out just what PUST teaches its students, and that search is ultimately unsatisfying. PUST’s home page leads to a Korean-language page that says it’s being upgraded. A site maintained by the foundation that funds PUST provides only the most general information about PUST’s curriculum. But Martyn Williams publishes more detailed information:

The university hasn’t published a detailed syllabus for its courses, but said the computer science includes elements on computer hardware systems, wireless communications, data communications and networks, digital communications, pattern recognition (linked to robotics and industrial automation courses), artificial intelligence, data structures, algorithm design, web programming and object-oriented programming.

These certainly sound like skills that could, at the very least, be useful foundations for an education as a hacker.

It’s not the first time an engagement program was accused of teaching North Koreans to be hackers. A year ago, The Telegraph claimed that a British university’s exchange program, which brought “two offspring of the regime’s elite,” then studying at PUST, to Westminster University to learn such topics as “understanding cyber attacks and assessing whether networks are vulnerable to malicious hackers.”

The course is designed for would-be IT engineers in large firms, and teaches students how to build large internet and mobile phone networks.

One optional module covers “techniques to secure computer networks, and critically evaluates them in the light of a variety of types of attacks,” according to course literature.

“The topics you will cover include network security concepts, computer and network system attacks, cryptography, web security, wireless security, network security tools, and systems. During the practical sessions, you will use an isolated computer laboratory to explore a range of software tools available to audit vulnerabilities in networks and to configure security.” [The Telegraph]

The report claims no knowledge of how the North Korean students used this training.

Like PUST, North Korea’s principal hacking unit, known as Unit 121, is also populated with young, high-songbun elites. According to The Inquisitr, “the candidates who pass a rigorous series of tests and trials are sent to study at top universities — and then sent to Russia and China for an additional year of specialized training in computer hacking and cyberwar techniques.” According to this detailed report on Unit 121 by Hewlett-Packard, candidates for Unit 121 “are then sent to Kim Il-sung University, Kim Chaek University of Technology.” The report does not mention PUST specifically.

From the beginning, however, there have been concerns that PUST would provide the North Korean regime with sensitive technology useful for its weapons programs, in potential violation of U.N. Security Council resolutions. This has required careful interaction with the U.S. Commerce Department, to obtain export licenses. One PUST supporter claims that “PUST’s curricula have been vetted by government and academic nonproliferation experts,” but concedes that “[t]he School of Biotechnology was renamed the School of Agriculture and Life Sciences because U.S. officials were concerned that biotech studies might be equated to bioweapons studies.”

Concerns about North Korea’s misuse of biotechnology were subsequently validated, when experts claimed that a Swiss-funded engagement program to teach North Korea to make bio-insecticides was likely capable of producing biological weapons. (As early as 1998, your correspondent, while serving with U.S. Forces Korea, was vaccinated for anthrax.)

PUST’s claims that it would become a portal of free thought and the free exchange of ideas have not panned out, and the campus atmosphere sounds like just what you’d expect from any place where North Koreans interact with foreigners — the secrecy of Sea Org, the militancy of the Peoples’ Temple, and the dress code of a Mormon mission school.

For example, “PUST has been promised academic freedom, the likes of which has been virtually unknown in North Korea, including campus-wide internet access.” Suki Kim’s memoir of her time teaching at PUST refutes this. Indeed, Kim claims that she was “under strict orders not to reveal anything about the Internet,” a claim that is somewhat at odds with the more troubling claims that PUST and foreign exchange programs taught PUST students how to exploit its vulnerabilities as hackers. According to PUST’s Wikipedia page, “[g]raduate students and professors have internet access, but it is filtered and monitored.”

The very reaction by PUST’s founders to Kim’s book also helps answer our litmus question for engagement projects with North Korea: “Who changed who?” Despite its promises of academic freedom, PUST makes its faculty agree not to discuss what they saw at PUST. Then, after Suki Kim’s departure and the publication of her book, co-founder James Kim criticized her bitterly for telling a global audience about the smothering censorship she saw there. In other words, instead of opening minds, PUST ends up acting as Pyongyang’s extraterritorial censor.

Amid the secrecy of North Korea’s political system, it’s probably impossible for anyone but the North Korean government — and a lucky few who escape from its grip — to know which PUST students, if any, eventually join Unit 121. All that we can say for now is that the reports call for further investigation, and for more transparency by PUST about exactly what it’s teaching North Korea’s young elites, and where its students go after they graduate.

Continue Reading

House Subcommittee Chair calls for re-listing North Korea as a terror sponsor

poeLast month, I posted video of a hearing before the House Subcommittee on Terrorism, Non-proliferation and Trade, where Chairman Ted Poe of Texas and Ranking Member Brad Sherman of California grilled a hapless State Department official about North Korea’s sponsorship of terrorism, and why North Korea wasn’t listed. State’s performance at the hearing wasn’t just bad, but exceptionally so. Poe and Sherman were both visibly exasperated with State’s stonewalling, and seemed convinced that State was ignoring the law. Now, Poe has put his views in writing, listing the justifications for a re-listing at length:

Pyongyang has known links to the tyrannical regimes in Tehran and Damascus, and there have been several instances in the past decade in which North Korea’s two Middle Eastern clients transferred North Korean arms to Hezbollah and Hamas. In 2009 alone, three North Korean arms shipments were seized by UAE, Israeli, and Thai authorities.

In all three cases, press reports indicated that the arms were bound for terrorist groups. In July 2014, Western security sources told media outlets that Hamas brokered an agreement to purchase communications equipment and artillery rockets from the Kim regime. Sure enough, North Korean anti-tank guided missiles surfaced in Gaza that same year.

But weapons sales are not the whole picture of North Korea’s ties to terrorist groups – there is growing evidence of Pyongyang’s advisory role to these violent organizations. Press reports in 2014 suggested that North Koreans advised Hezbollah in the construction of tunnels in Southern Lebanon in 2003-2004. Israeli military commanders believe that North Korea also provided logistical advice on Hamas’ tunnel network which it infamously used to attack Israeli civilian populations.

North Korea is also still a major proliferator of weapons of mass destruction. Its ongoing collaboration on ballistic missiles with Iran, the world’s number one state sponsor of terrorism, is well known. According to reports the two countries are presently working on the development of an intercontinental ballistic missile that could allow North Korea to deliver a nuclear warhead far beyond its shores. [Fox News]

If I have one regret, it’s that Poe didn’t raise North Korea’s kidnapping and assassination plots against human rights activists and exiled dissidents in China and South Korea. But when the evidence for a state’s sponsorship of terrorism is extensive enough to fill a 100-page report, you can’t fault a man for not being able to squeeze it all into one op-ed.

Poe’s call adds to other prominent members of Congress of both parties who want North Korea re-listed, including Congresswoman Ileana Ros-Lehtinen and Senator Robert Menendez.

Meanwhile, we’re approaching the first anniversary of North Korea’s cyberterrorist threats that forced a stupid movie called “The Interview” out of theaters all over America. It was the first time in U.S. history that a foreign government successfully used terrorism against the American people, in their own country, to censor our freedom of expression. The Obama Administration’s response so far has been to sanction ten low-level arms dealers and three other entities that the Treasury Department had already sanctioned previously. A year later, I still wonder when our President will keep his oath to preserve, protect, and defend the most important freedom guaranteed to us under our Constitution.

Continue Reading

Arsenal of Terror, 2d Edition: N. Korea accused of hacking into Seoul subway control center

North Korea is suspected of hacking into a Seoul subway operator last year for at least five months, a ruling party lawmaker said Monday citing a report submitted by the country’s intelligence agency.

After hacking into two operating servers of Seoul Metro, which runs Subway Lines 1 through 4, the hackers allegedly broke into more than 210 employee computers and infected 58 with malicious codes, Rep. Ha Tae-kyung of the ruling Saenuri Party said, quoting a report by the National Intelligence Service (NIS). [Yonhap]

Mr. Ha, a former left-wing activist and political prisoner under the Park Chung-Hee dictatorship, is now a Saenuri Party lawmaker and activist for human rights in North Korea. Ha speaks excellent English and is well known to most of the foreign press and activists here in the United States. I’ve known him for a decade, and I’ve never known him to say anything that wasn’t true.

Computers used by those who work at the control center and power supplier were affected, raising safety concerns that the subway lines could have been exposed to potential terror threats. [Yonhap]

The authorities say the computers hacked “were only for office use, which is unrelated to the direct operation of the trains,” and that after the hack was detected, they reformatted all of the affected computers and “reinforced” their cybersecurity. That’s reassuring, I suppose, except that I can’t imagine that Pyongyang’s master plan stopped at changing all of the email fonts to Wingdings.

Nor is this the first time North Korea has targeted the Seoul subway system. In May of 2010, South Korean authorities arrested a 36 year-old woman named Kim Soon-Nyeo, who had entered the South posing as a refugee, and had begun romantic relationships with several well-placed South Korean men, including a 52 year-old executive of the Seoul subway.

The spy collected “confidential” information about the subway system from Oh, information about local universities from the student, and a list of names of high-ranking police and public officials from the travel agents.

Oh maintained extramarital relations with the spy since his first encounter with her in China in May 2006, and transferred nearly 300 million won ($252,000) to “help” her cosmetics business. In June 2007, he became aware that she was a North Korean spy, but continued the relationship.

“What Oh handed over to the spy included contact information of emergency situation responses and other not-so-important internal data,” Kim Jung-hwan, a Seoul Metro spokesman, told The Korea Times, dismissing concerns that it could be used in possible acts of terrorism here by the North. Kim retired from his post in 2008. [Korea Times, May 23, 2010]

Foreigners will again note how selective South Koreans are in panicking about, ahem, certain perceived safety risks, provided they don’t involve North Korea. Meanwhile, here in Washington, we can only rue that the Seoul subway is still safer and more reliable than ours, despite having been hacked by North Korea.

The NIS analyzed the hacking records from March 2014 to August 2014, but the date of the first attack and who carried it out are still unclear. [Yonhap]

Three months after the hack on the subway system, Sony Pictures was hacked, and the hackers also threatened terrorist attacks against movie theaters across the country. President Obama, and the Directors of the FBI and the NSA, all attributed that cyberattack and threat to North Korean hackers, who are believed to operate more-or-less openly from Shenyang, China. Four months later, Korea Hydro and Nuclear Power Company announced that it had been hacked. That hack was also later attributed to North Korean hackers, also most likely operating out of Shenyang.

President Bush removed North Korea from the list of state sponsors of terrorism on October 11, 2008. Despite overwhelming evidence to the contrary, the Obama Administration’s official view is that North Korea is “not known to have sponsored any terrorist acts since the bombing of a Korean Airlines flight in 1987.” Discuss among yourselves.

Continue Reading

60 Minutes on the Sony Cyberattack: There is no defense, only deterrence

CBS has published video of a Sixty Minutes segment on North Korea’s 2014 cyberattack on Sony, hosted by correspondent Steve Kroft.

The conspiracy theories of a few pro-Pyongyang gasbags and assorted cranks notwithstanding, the President, the Directors of the FBI and the NSA, and our country’s best technical experts agree that Pyongyang did it. I’m certainly no technical expert myself, but I don’t have to look back from the moon to believe that the Earth is round. After all, it’s not as if President Obama needed to frame Kim Jong-Un for the Sony cyberattack and threats to have an excuse to do approximately nothing about them. Another point that should not be lost is that the attack was carried out with the material support of the Chinese government, whose dictator will soon be welcomed to the White House.

Kroft says the attack qualified as the use of force against the United States. According to cybersecurity expert James Lewis, “The significance is that a foreign power has reached out and touched an American target. The fact that the North Korean government felt that it could do something in the United States and get away with it — that’s what’s significant.” I agree that that’s very significant, but I’d argue that an even more significant implication arises from the threats that followed the cyberattack: that a foreign power carried out an act of terrorism against the U.S. civilian population — unlike The New York Times, I apply the term according to its legal definition —  to censor free expression. In 2014, Kim Jong-Un extended the long arm of his censorship to our society, a society that treasures free expression as its most important constitutional right. Successfully. And got away with it.

That is a problem, because a failure of deterrence would leave us essentially naked to the next attack. The report points out the sheer impracticality of defending any network, when even a relatively unsophisticated piece of malware, like the one used for the Sony cyberattack, can be so successful.

That leaves us with deterrence. Kroft quotes Lewis, who correctly says that our only real deterrent against this sort of attack is “going after the leadership, going after the revenue streams coming to the leadership.” Kroft then incorrectly says that that’s what the Obama Administration has done. In fact, the Obama Administration promised a proportional response, but delivered a sub-proportional one that former CIA Director Michael Hayden accurately described as “symbolic at best” — blocking the assets of ten low-level arms dealers, and three entities whose assets had already been blocked for years. Almost a year after the Sony attack and threat, the Obama Administration has done little of consequence to deter the next one. And although the U.S. intelligence community is saying that there have been no more North Korean attacks on the United States since then, North Korea is believed to have hacked into South Korean nuclear power plants around the same time as the Sony cyberattack, and was implicated as recently as this week for planting malware in a South Korean word processor used by military officers.

For anyone who’s paying attention, the Sony threats ought to have changed everything. There is a school of thought, after all, that says we should just ignore North Korea and let it go nuclear, which is pretty much what the Obama Administration has spent the last seven years doing. Sony exposed the fallacy of this strategy. No matter how stubbornly our government refuses to be interested in North Korea, North Korea will always be interested in us. It needs conflict with us to justify the very existence of a system that can’t provide for its people, and it shields that system behind isolation and repression. To Pyongyang, the very existence of free thought and free expression that might break through that isolation is a mortal threat to its survival. As long as Americans feel free to make movies about North Korea, to criticize North Korea, or to refuse North Korea’s extortionate demands, North Korea will be interested in us. The closer North Korea comes to credibly threatening the United States with an effective nuclear arsenal, the fewer options we will have to deter its attacks.

~   ~   ~

Update: The South Korean President’s special security advisor in charge of cyber-defense also wonders about the sufficiency of her government’s deterrence.

Continue Reading

60 Minutes on the Sony attacks

Gone were the inside-job theories, except that one expert, when asked, allows the bare possibility that an insider might have made the North Koreans’ work easier. Like the heads of the FBI and the NSA, all the experts 60 Minutes interviewed are convinced that North Korea was behind the attack.

Worse, the attack itself was not all that sophisticated, when compared to what the U.S. and other governments are capable of today. An equally unsophisticated attack would have taken out 80% of corporate networks. All it takes is for one user in the network to click on the wrong attachment or fake update. Only then will most companies realize how dependent they are on their networks.

The IT security experts acknowledge that hacking North Korea is futility itself. The only real deterrent is to go after the leadership and its revenue streams. The Obama administration has only pretended to do that.

Continue Reading