N. Korea’s 4Cs: Crypto-Currency-Cyber-Crime

Despite recent diplomatic progress with the US, North Korea remains the world’s most significant weapons of mass destruction (WMD) proliferation threat. Now North Korea has gone to extremes to raise funds and evade international sanctions, recently expanding these efforts to include the exploitation of crypto-currencies such as Bitcoin. 
 
Crypto-currencies likely play only a peripheral role in North Korea’s overall fundraising and sanctions-evasion activity. 
 
However, the sophistication of North Korea’s broader cybercrime operations and its general demand for ongoing financial resources present the risk that its crypto-currency activity could become a sustained security challenge, particularly as international sanctions lead North Korea to seek financial lifelines outside the mainstream sector. 
 
The UN Security Council’s Panel of Experts on North Korea has suggested that crypto-currencies offer North Korea ‘more ways to evade sanctions given that they are harder to trace, can be laundered many times and are independent from government regulation’.
 
In general, North Korea could seek to use crypto-currencies as part of its proliferation financing efforts through:
 
  • Fundraising: To sustain its ongoing needs for cash, North Korea may obtain crypto-currencies with the aim of converting them to fiat currencies in the short term.
  • Stockpiling: North Korea could accumulate reserves of crypto-currencies with the objective of eventually spending them or converting them into fiat currency at some point in the future.
  • Circumvention: North Korea could use crypto-currencies to pay directly for goods, services and resources that are explicitly prohibited by international sanctions.
Southeast Asia has long been vulnerable to North Korea’s WMD proliferation financing and sanctions-evasion activities, given its proximity to North Korean proliferation networks and the availability of sophisticated trade and finance infrastructure. 
The region is now vulnerable to North Korea’s crypto-currency-enabled activity as well, and important gaps remain.
For example, gaps in local regulatory frameworks could allow North Korea, or other actors, to exploit crypto-currency exchanges and other related platforms. 
 
Since Southeast Asia also features a nascent but burgeoning cryptocurrency industry, local law enforcement agencies will likely require further knowledge and resources to ensure that they can successfully respond to crypto-currency-related criminal activity over time should the local crypto-currency industry continue to grow in scale. 
 
By taking steps such as developing effective regulatory frameworks and leveraging public–private partnership initiatives, countries in the region can mitigate North Korea’s crypto-currency activity successfully.
 
RUSI
 
You Might Also Read
 
The Mysteries Of Crypotocurrencies:
 
 
 
« Cognitive Science Can Explain Why Fake News Works
Deep Learning & Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Conceptivity

Conceptivity

Conceptivity provide risk management solutions in the areas of Supply Chain Security, Cyber Security and Critical Infrastructure Protection.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Tata Consultancy Services

Tata Consultancy Services

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

Pivot Point Security

Pivot Point Security

Pivot Point Security is a trusted leader in information security consulting. We help clients master their information security management systems.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

VinCSS

VinCSS

VinCSS Internet Security Services JSC is a leading organization working in the field of researching, developing, producing products as well as providing cyber security services.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.