• World

The World Can Expect More Cybercrime From North Korea Now That China Has Banned Its Coal

5 minute read

On Sunday, China suspended imports of North Korean coal for the rest of the year, in a move widely seen as a punitive response to the assassination of North Korean Supreme Leader Kim Jong Un’s older half-brother, Kim Jong Nam, who was close to the Chinese leadership.

The 45-year-old was poisoned at Kuala Lumpur airport and died on his way to hospital. Two women — one Vietnamese and one Indonesian — and two men — one Malaysian and one North Korean — have been detained in connection with his death. Malaysian police also want to talk to four other North Koreans who apparently fled the country soon after the attack.

Kim Jong Nam was estranged from his homeland and mostly lived in the semiautonomous Chinese territory of Macau. That he was essentially under Chinese protection makes his death especially galling for Beijing, which has grown increasingly wary of Pyongyang’s erratic behavior and pursuit of nuclear weapons.

The moratorium brings Beijing into compliance with February’s U.N. Security Council resolutions over North Korea’s nuclear program. (China had signed up to the unprecedented economic measures, though implementation had been spotty owing to a clause that allowed trade deemed essential for the “livelihoods” of the North Korean people.)

That loophole has now narrowed, and the suspension of coal imports will hurt Pyongyang’s pockets — coal is responsible for around half of North Korea’s foreign-currency acquisitions — and increase pressure on the regime. It will also be welcomed in Washington; President Donald Trump has long argued that Beijing has not been strict enough on its secretive eastern neighbor.

However, one likely consequence will be a spike in illicit methods of currency generation — especially cybercrime. North Korea already has an elite squad of 6,800 state hackers who are engaged in global fraud, blackmail and online gambling, together generating an estimated annual revenue of $860 million, according to the Korea Institute of Liberal Democracy in Seoul.

“Their illicit activities have always been highly adaptable,” says Professor Sheena Greitens, an East Asia specialist at the University of Missouri. “Cybercrime would likely become a higher priority in the regime’s eyes if other avenues of revenue generation are closed off.”

Pyongyang’s hacking prowess first garnered global attention following the 2014 attack on Sony Entertainment Pictures, in apparent revenge for the satirical movie The Interview, which ridiculed the Kim clan. However, North Korea’s ability to wage online warfare has been under development for decades. “In the 21st century, war will be [waged as] information warfare,” late North Korean leader Kim Jong Il, the father of both Kim Jong Un and Kim Jong Nam, said in 1995.

North Korea has hacked more than 140,000 computers at 160 South Korean firms and government agencies, South Korean police told Reuters in July, reportedly planting malicious code in preparation for a massive cyberattack in the future. North Korea is also the chief suspect in the attempted heist of $1 billion (it netted $81 million) from Bangladesh Bank, the country’s central bank, last February. Before this came raids on a bank in the Philippines in October 2015, and Tien Phong Bank in Vietnam two months later.

According to analysts at Internet security firm Symantec, all three raids used code identical to the Sony hack. “We’ve never seen an attack where a nation-state has gone in and stolen money,” Eric Chien, a security researcher at Symantec, told the New York Times. “This is a first.”

Attacks have already increased in size, frequency and boldness since the imposition of last February’s U.N. sanctions. In May, North Korean agents stole the personal details of 10.3 million users of the Interpark e-commerce firm in South Korea. They then attempted to blackmail of the firm’s board for 3 billion won ($2.6 million) of untraceable bitcoin.

Generally, North Korean hackers operate from cities in northeastern China — most often Shenyang and Dandong — where they are sent by their government to work for Chinese IT firms. (Their below-market wages are collected directly by the North Korean state.) At night, however, they engage in all manner of illicit activities. Hacks typically fall into three categories: revenue generation, information gathering or the planting of malicious code to undermine enemy states — principally South Korea and the U.S.

On Aug. 7 last year, North Korean hackers in Shenyang accessed South Korea’s cybercommand intranet through a server in the Defense Ministry’s main information center, according to Yonhap news agency. South Korea’s Defense Ministry said some 3,200 computers were contaminated with malware, though denied that sensitive information was stolen. “As one of the military’s two integration servers was jointly linked to the Internet and the intranet, it allowed the hackers to gain access to the intranet,” a ministry official told Yonhap.

Hacks are especially likely to ramp up as Pyongyang searches for ways to fund the final stage of its quest for a nuclear-armed ballistic missile capable of hitting the U.S. mainland. Although North Korea remains one of the world’s most impoverished regimes — its official economy was worth just $28.4 billion in 2014, according to South Korea’s central bank — the Kim regime has still invested an estimated $1.1 billion to $3.2 billion toward developing a nuclear deterrent. An atomic bomb is considered a trump card by Pyongyang that will guarantee the regime’s survival, and Kim Jong Un will pull out all the stops to get over the final hurdle.

With reporting by Stephen Kim / Seoul

More Must-Reads From TIME

Write to Charlie Campbell / Beijing at charlie.campbell@time.com