With tightening sanctions, China’s ally, North Korea, is increasingly banking on cryptocurrencies to infuse cash into its economy.
In a development that marks the latest signs of North Korea’s search for ways to infuse its economy with cash, a California-based cybersecurity firm disclosed that it has come across software code that appears to install code for mining cryptocurrency and sends any mined coins to a server at a North Korean university.
This code, hosted in an application created on December 24 2017, uses host computers to mine a cryptocurrency called Monero. Mined coins are then send to Kim Il Sung University in Pyongyang, said AlienVault, the cyber security firm which examined the program.
“Crypto-currencies may provide a financial lifeline to a country hit hard by sanctions, and as a result universities in Pyongyang have shown a clear interest in cryptocurrencies,” said AlienVault in a release while adding that the program “may be the most recent product of their endeavours.”
Incidentally, AlienVault added a caveat that the North Korean server in question does not appear to be connected to the wider internet, this could mean that its inclusion could be designed to trick observers into making a North Korean connection.
Pyongyang-based Kim Il Sung University, plays host to foreign students and lecturers and is not exclusive to just North Koreans.
While Kim Il Sung University did not immediately respond to requests for comment, Government representatives of North Korea at the U.N. were also not immediately available for comment.
AlienVault’s findings add to increasing reports that the North Korean regime is increasingly interested in cryptocurrencies and its underlying blockchain technology.
“With economic sanctions in place, cryptocurrencies are currently the best way to earn foreign currency in North Korea’s situation. It is hard to trace and can be laundered several times,” said Mun Chong-hyun, chief analyst at South Korean cybersecurity firm ESTsecurity.
As per cryptocurrency watchers, the technical details of Monero, the 13th biggest cryptocurrency in the world, according to http://www.coinmarketcap.com, makes it very appealing to those who value secrecy above all other things.
Monero has a total value of $7 billion globally.
Every time a payment is issued, Monero funds go to an unlinkable, one-time address generated with random numbers, this makes it more anonymous than, say bitcoin, where transactions can be linked to a private address, said cyber security experts.
South Korea-based Bithumb is also the largest Monero trading exchange in the world, with the next biggest exchange being Europe-based exchange HitBTC and Hong Kong-based Bitfinex.
As per Marshal Swatt, an expert in blockchain technology and financial exchange, the fact that cryptocurrencies are decentralized and free from government regulation, which translates to sanctions, in the case of North Korea, make them an ideal choice for covert transactions.
“They don’t by themselves discriminate between good and bad actors,” said Swatt. “This makes it extremely compelling for countries like North Korea, Venezuela, Iran, Russia and others to exploit these non-governmental blockchain currencies for their own self-interest.”
In November 2017, FireEye, a cybersecurity firm, had said in a blog post that North Korea had targeted South Korea-based cryptocurrency targets, including exchanges.
Supporting this line of thought is Luke McNamara, an analyst , who wrote that “it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise.”
Incidentally, in November, Federico Tenga, the co-founder of Chainside, a bitcoin startup, had posted on his Twitter account, comments and pictures on his Western-funded visit to Pyongyang University of Science and Technology where he lectured on blockchain technology and bitcoin.
“The lectures were at a quite basic level to give a general understanding of blockchain technologies, which are also very relevant to trade, supply chains and other e-business,” said a spokesman for the university.
“We believe this teaching can give the next generation of North Korean professionals additional concepts that may be valuable as they seek to develop their country,” said a spokesman. “We’re acutely aware of issues around sanctions, which we keep under regular review and take care to avoid any sensitive or proscribed areas.”
Tenga termed his lectures as being geared toward explaining the underlying technology of cryptocurrencies.
“The focus of the lectures was to make the students understand what the blockchain is, how it works (special focus on proof of work) and what are the main use cases. My aim was simply to spread technical knowledge, not suggesting them how to use it,” said Tenga.
AlienVault’s findings that the North Korean IP address, 18.104.22.168, has been active on many bitcoin trading sites is significant.
This is the same IP address that was earlier used in 2014-2015, to compromise web servers through cyberattacks on South Korean financial, energy, traffic, broadcasting and political institutions, according to AhnLab, a security firm.