Opinion: Why China needs to rein in North Korea's hackers
If China blunts North Korea's increasingly aggressive hackers, and keep them from operating on its side of the border, that would go a long way toward improving security on the Korean Peninsula.
During Secretary of State John Kerry's visit to Beijing last week, China's Foreign Minister Wang Yi made clear that his country would not support increasing sanctions on North Korea after its recent nuclear test.
Yet Secretary Kerry remained determined to find some sort of response that is "nonpunitive to the people of North Korea but nevertheless effective." While both sides have discussed a number of options, one that needs much more attention is what China can do to blunt North Korea's advancing cyberwarriors.
North Korea’s cyber capabilities have developed unchecked and its hackers have found safe haven in China, leaving Beijing in a unique position to rein in the Hermit Kingdom's digital attacks aimed at disrupting the status quo.
In recent years, North Korea's increasingly sophisticated cybercapabilities have become favored tools for advancing its agenda and are worth a closer look. Kim Jong-Un reportedly views cyberoperations as his "magic weapon" giving the North a low-risk, low-intensity means of disrupting the status quo.
North Korea's cybertargets have varied widely. They've taken aim at South Korean banks, broadcasting companies, US government networks, and famously, Sony Pictures Entertainment. Analysts attribute much of North Korea's cyberoffense to its clandestine Reconnaissance General Bureau (RGB) Bureau 121.
The RGB's responsibilities have grown in recent years as the North Korean leadership continues to place greater value on cybercapabilities. Many recent activities have evolved from low-level disruptions of government networks to higher intensity attacks that have much more extensive security implications. In December 2014, an intrusion into the networks of a South Korean nuclear power plant was traced back to an IP address located in the northeastern Chinese province of Liaoning, which borders North Korea. Later, social media accounts associated with North Korea threatened to release sensitive communications and data stolen from the hack, and even to shut down the reactors themselves.
North Korea also uses its cybercapabilities to raise foreign currency to support the cash-strapped Kim regime. North Koreans operate illegal gambling websites and sell malware-laden software to foreigners that surreptitiously reroutes money into North Korea. In 2014, Cambodian police arrested 15 North Koreans for transferring $8.5 million to Pyongyang through illegal gambling websites based in Phnom Penh.
Later that year, police arrested three men in South Korea for buying illegal gambling software from China-based North Korean operatives. Instead of cheating gamblers, it installed the same malware used to conduct denial-of-service attacks on South Korean banks the year before.
One roadblock to North Korea's plan is its limited Internet infrastructure. With only one physical connection point to the global internet and a limited set of assigned IP addresses, North Korean activities are fairly easy for foreign governments to monitor, and its Internet access may even be susceptible to hostile blackouts. To overcome these limitations, North Korea has sent its cyber experts to conduct offensive operations and theft from more advanced and connected networks around the world, particularly in China.
This raises a number of thorny questions. Is China not aware of the scope of the problem? If it is, why is it tolerating this behavior? Perhaps China is aware but unable to stop the activities. The reports detailing nefarious North Korean cyberactivities emanating from Chinese networks are widely available so the Chinese government surely knows that these activities are occurring. The ability of these cyber experts to operate in China allows North Korea to pursue its strategy of funding the regime while degrading security on the Korean peninsula. China has a responsibility to address this issue.
One promising sign is the acceleration in the development of global norms and principles of responsible state behavior in cyberspace during the past year. China itself has played a leading role in this development, beginning with its involvement in the fourth United Nations Group of Governmental Experts on Information Security (GGE) report. Since then, a number of developments in China's cyberpolicy suggest that it may be ready to move away from its policy of tolerance toward North Korea’s hackers.
China has endorsed an emerging consensus that states should not allow hackers to use its territory to harm other nations' critical infrastructure and important networks. It has affirmed this principle on multiple occasions with the US, Britain, Germany, and at the G20. Then at the World Internet Conference in December, President Xi took a hard line on "cyberspace sovereignty," demanding that governments retain legal and political control over the networks, data, and information located within their sovereign territory.
Despite these developments, China appears to be ignoring North Korean hackers. In doing so, China is at best failing to meet its commendable public commitments. Taking steps to ensure its actions match the commitments it has made would be a benefit to China in light of the increasingly prominent role it hopes to play in the region and beyond.
A tougher Chinese posture would bolster its position as a global leader in the development of cybernorms, and give credence to its assertions of sovereignty in cyberspace.
Taylor P. Brooks is a Herbert Scoville Jr. Peace Fellow at the Carnegie Endowment for International Peace. Follow him on Twitter @TaylorPBrooks.