North Korea is a “determined and sophisticated cyber actor in need of financial resources,” claims a newly published security report, that could significantly step up its efforts to target Southeast Asia’s “nascent but burgeoning cryptocurrency industry” as it continues “to find ways of obtaining and exploiting cryptocurrencies.”
The report, entitled “Closing the Gap: Guidance for Countering North Korean Cryptocurrency Activity in Southeast Asia” was published today by the London-based defense think tank, the Royal United Services Institute (RUSI). It argues that, as North Korea is subject to extensive international sanctions, it has employed numerous techniques to raise and move funds, and to access prohibited goods and services. This, says the RUSI, could present a “sustained security challenge” to the region.
In March, another report – published by the UN Security Council’s North Korea sanctions committee – claimed Pyongyang had amassed more than US$670 million in crypto and foreign currencies, via cybercrime and hacking. The UN report said a specialist North Korean military division has been “actively waging war online” against foreign financial institutions for the past four years, so it can both circumvent the international sanctions and give it access to hard currency.
The RUSI now says these methods are sophisticated and allow North Korea to finance its weapons of mass destruction (WMD ) programmes “directly,” and to raise funds for its ongoing operations, “such as procuring luxury goods and other prohibited items.”
Written by David Carlisle, a former US Treasury terrorism and financial intelligence official, and Kayla Izenman, a financial crime and terrorist finance expert, the RUSI report says that Southeast Asia “has long been vulnerable to North Korea’s WMD proliferation financing and sanctions-evasion activities.”
In Southeast Asia, “North Korean networks have engaged in fundraising and have evaded trade and financial restrictions through the use of front companies, agents and deceptive financial techniques at banks.”
In terms of cryptocurrencies, this is because the region has an uneven approach to regulation with many of its countries lacking comprehensive Anti-Money Laundering (AML) & Counter-Terrorist Financing (CTF) frameworks. “Because Southeast Asia is also host to a growing number of cryptocurrency businesses and users, countries in the region could prove vulnerable to North Korea’s cryptocurrency-related activity as well.”
The answers – to mitigate against these risks and reduce the resultant vulnerabilities, the report argues, are to create better sector knowledge by governments, stronger regional cooperation structures, more robust enforcement capabilities and push for faster and more comprehensive implementation of enhanced regulation.
While key gaps in local regulatory frameworks will allow North Korea “to exploit cryptocurrency exchanges and other related platforms,” if local law enforcement agencies can gain further knowledge and resources”, they should, says the report, be able to “successfully respond to any crypto-based criminal activity.”
By developing effective regulatory frameworks and leveraging what are described as security-focused “public-private partnership initiatives,” Carlisle and Izenman conclude that SouthEast Asian countries can “mitigate North Korea’s cryptocurrency activity successfully.”