Money Laundering, Cyber Theft: Where Won't North Korea Go?

 
 

On Wednesday, the U.S. Treasury Department announced new sanctions against North Korea, further isolating the most sanctioned country in the world from the U.S. financial system. The new sanctions designate North Korea a “primary money laundering concern” under Section 311 of the USA PATRIOT Act. The designation gives the U.S. Treasury Department the ability to “require U.S. financial institutions to take appropriate countermeasures.” The U.S. sanctions take effect as North Korea reels from the effects of unusually harsh United Nations sanctions implemented earlier this year, under the rubric of United Nations Security Council resolution 2270.

With the new U.S. Treasury designation in place, U.S. financial institutions would be required to ensure that North Korean persons or entities weren’t using overseas banks to transact with U.S. financial institutions. The U.S. is making the Section 311 determination because “North Korea uses state-controlled financial institutions and front companies to conduct international financial transactions that support the proliferation and development of WMD and ballistic missiles,” and because “North Korea is subject to little or no bank supervision anti-money laundering or combating the financing of terrorism (“AML/CFT”) controls.” The Treasury’s announcement also notes that “North Korea relies on the illicit and corrupt activity of high-level officials to support its government.”

It’s not too surprising that the United States sees North Korea as a primary money-laundering threat. Despite the wide range of international sanctions it faces, Pyongyang has managed to keep its military and nuclear program largely active, financing through a variety of means, many illicit. Most famously, North Korea had at one point managed to counterfeit U.S. hundred-dollar bills so convincingly that the U.S. Federal Reserve designed and circulated a redesign of the note that made counterfeiting much more difficult. Many analysts have made the case (see here and here) that in its endeavor to bypass sanctions against it, the North Korean regime effectively behaves like a sovereign “mafia” state, using practices common to large organized transnational criminal organizations.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

Somewhat bolstering the mafia-state narrative, North Korea may have just become the first sovereign state to have sanctioned an outright bank heist against another sovereign state. Some Diplomat readers may recall reading about the Bangladeshi central bank losing $81 million to hackers who managed to issue orders via the SWIFT network to withdraw money to Sri Lanka and the Philippines. Cybersecurity researchers at Symantec are fairly confident, based on a snippet of code used in the hack, that the attackers were affiliated with the same North Korean group responsible for the 2014 Sony Pictures breach and earlier cyberattacks against South Korean banks and media companies. (The U.S. Federal Bureau of Investigation has said it believes North Korea was behind the Sony Pictures attack.)

North Korean involvement in the Bangladesh Bank heist remains indeterminate, even if Symantec researchers are confident in their assessment. Cyber attacks inherently present problems of attribution; even if a code snippet appears across multiple attacks, that’s far from a guarantee that the attack originated in North Korea. (Indeed, a savvy third-party group hoping to throw investigators off the trail could purposefully leave behind fingerprints.) Regardless, Pyongyang’s illicit financial activities, ranging from money laundering to outright theft, are cause for concern. With newly intensified sanctions this year, there’s no telling what North Korea might resort to next to finance its nuclear program and military activities.

Newsletter
Sign up for our weekly newsletter
The Diplomat Brief