US wary of North Korean cyber prowess ahead of Kim-Trump summit
Posted May 21, 2018 3:47 p.m. EDT
WASHINGTON (CNN) — The US intelligence community is exploring acquiring or developing new technological means of protecting its communication channels prior to the planned meeting between President Donald Trump and North Korean leader Kim Jong Un in June in Singapore, one intelligence source with knowledge of the matter told CNN.
Wary of North Korea's technical skills and the regime's desire to understand US thinking prior to the summit, the US doesn't want to take any chances that North Korean hackers might get into their systems.
In any negotiations, the two parties will need to establish communication channels to share documents, opening up both sides to being vulnerable to potential hacking attempts. The intelligence community prioritizes security in its communications and is more regularly working with the private sector to increase its security.
The summit has been subject to some uncertainty in recent weeks, following a North Korean threat to cancel in response to routine military exercises between the US and South Korea. Trump and South Korean President Moon Jae-In spoke on the phone over the weekend and will meet at the White House on Tuesday to "continue their close coordination ahead of President Trump's June 12 meeting" with Kim, according to a White House news release.
The US has long been aware of North Korea's prowess in cyberspace. North Korean hackers are believed to be behind or have played a part in major debilitating cyberattacks including the WannaCry ransomware, which infected hundreds of thousands of computers in 2017, as well as the hack of Sony Pictures Entertainment in 2014.
Additionally, private cybersecurity companies have said hacking groups with ties to North Korea have ramped up efforts to pilfer military, technological, political, economic and strategic secrets from companies around the world.
Dmitri Alperovitch, the founder of the company that played a key role in illustrating Russia's hacking of the Democratic National Committee, Crowdstrike, told the Guardian in February he believed North Korea is an even bigger threat than Russia in cyberspace. However, since the summit was announced, Alperovitch has told CNN he expects that they would not launch an open destructive attack as they're trying to get the best possible outcome from the talks. Instead, there's been a return to "traditional espionage" as both sides try to gather intelligence.
"What we are seeing is an increase in targeting of North Korean researchers and defectors, malicious emails pretending to come from the South Koreans," he told CNN. "It's not actually an operation by the South Koreans, just an email pretending to come from them." He described it as "an attempt to collect intelligence from those individuals in preparation of the summit." He didn't attribute those attacks to a certain nation or criminal actor.
The US has its own interests in monitoring North Korean behavior in cyberspace. Foreign Policy magazine reported in February that the US intelligence community had been setting up infrastructure all over the peninsula in order to be prepared to carry out cyberattacks or conduct espionage.
If the talks between Trump and Kim go badly, the possibility certainly remains that the regime would respond to protect itself in other ways.
North Korea's hacking skills will be an important consideration in the upcoming summit. If North Korea were to give up any elements of its weapons programs, "they're likely to invest in another" and "one place the US is vulnerable is cyberspace," said one former US government official who worked on cybersecurity. According to that official, the Obama administration had been working on campaigns to confront the four big aggressors in cyberspace -- China, Russia, Iran and North Korea -- but handed off those plans to the Trump administration. It's unclear what will happen to them now that the White House National Security Council has eliminated the role of cyber coordinator under national security adviser John Bolton.
"North Korea's cyber operations should be a part of the conversation," said Priscilla Moriuchi, the former head of the National Security Agency's enduring threats division for East Asia and the Pacific and a current researcher at Recorded Future. Moriuchi has done extensive open source research on the regime's ongoing cyber crime operation, which includes stealing bitcoins and other forms of cryptocurrency in order to evade sanctions. North Korea has been "effective" in "possibly generating or stealing hundreds of millions of dollars in value," Moriuchi told CNN.
"We are not going to get ahead of the President with regards to topics that will be part of the summit," NSC spokesman Marc Raimondi wrote in response to questions about how North Korea's cyber aggression would factor into the summit.
The Office of the Director of National Intelligence declined to comment.