Modern field guide to security and privacy

Opinion: Why China needs to rein in North Korea's hackers

If China blunts North Korea's increasingly aggressive hackers, and keep them from operating on its side of the border, that would go a long way toward improving security on the Korean Peninsula.

North Korean leader Kim Jong Un attends a joint meeting of the Central Committee of the Workers' Party of Korea in Pyongyang in this undated photo released by North Korea's Korean Central News Agency (KCNA) on Feb. 4.

During Secretary of State John Kerry's visit to Beijing last week, China's Foreign Minister Wang Yi made clear that his country would not support increasing sanctions on North Korea after its recent nuclear test.

Yet Secretary Kerry remained determined to find some sort of response that is "nonpunitive to the people of North Korea but nevertheless effective." While both sides have discussed a number of options, one that needs much more attention is what China can do to blunt North Korea's advancing cyberwarriors.

North Korea’s cyber capabilities have developed unchecked and its hackers have found safe haven in China, leaving Beijing in a unique position to rein in the Hermit Kingdom's digital attacks aimed at disrupting the status quo. 

In recent years, North Korea's increasingly sophisticated cybercapabilities have become favored tools for advancing its agenda and are worth a closer look. Kim Jong-Un reportedly views cyberoperations as his "magic weapon" giving the North a low-risk, low-intensity means of disrupting the status quo. 

North Korea's cybertargets have varied widely. They've taken aim at South Korean banks, broadcasting companies, US government networks, and famously, Sony Pictures Entertainment. Analysts attribute much of North Korea's cyberoffense to its clandestine Reconnaissance General Bureau (RGB) Bureau 121. 

The RGB's responsibilities have grown in recent years as the North Korean leadership continues to place greater value on cybercapabilities. Many recent activities have evolved from low-level disruptions of government networks to higher intensity attacks that have much more extensive security implications. In December 2014, an intrusion into the networks of a South Korean nuclear power plant was traced back to an IP address located in the northeastern Chinese province of Liaoning, which borders North Korea. Later, social media accounts associated with North Korea threatened to release sensitive communications and data stolen from the hack, and even to shut down the reactors themselves.

North Korea also uses its cybercapabilities to raise foreign currency to support the cash-strapped Kim regime. North Koreans operate illegal gambling websites and sell malware-laden software to foreigners that surreptitiously reroutes money into North Korea. In 2014, Cambodian police arrested 15 North Koreans for transferring $8.5 million to Pyongyang through illegal gambling websites based in Phnom Penh.

Later that year, police arrested three men in South Korea for buying illegal gambling software from China-based North Korean operatives. Instead of cheating gamblers, it installed the same malware used to conduct denial-of-service attacks on South Korean banks the year before. 

One roadblock to North Korea's plan is its limited Internet infrastructure. With only one physical connection point to the global internet and a limited set of assigned IP addresses, North Korean activities are fairly easy for foreign governments to monitor, and its Internet access may even be susceptible to hostile blackouts. To overcome these limitations, North Korea has sent its cyber experts to conduct offensive operations and theft from more advanced and connected networks around the world, particularly in China

This raises a number of thorny questions. Is China not aware of the scope of the problem? If it is, why is it tolerating this behavior? Perhaps China is aware but unable to stop the activities. The reports detailing nefarious North Korean cyberactivities emanating from Chinese networks are widely available so the Chinese government surely knows that these activities are occurring. The ability of these cyber experts to operate in China allows North Korea to pursue its strategy of funding the regime while degrading security on the Korean peninsula. China has a responsibility to address this issue. 

One promising sign is the acceleration in the development of global norms and principles of responsible state behavior in cyberspace during the past year. China itself has played a leading role in this development, beginning with its involvement in the fourth United Nations Group of Governmental Experts on Information Security (GGE) report. Since then, a number of developments in China's cyberpolicy suggest that it may be ready to move away from its policy of tolerance toward North Korea’s hackers.

China has endorsed an emerging consensus that states should not allow hackers to use its territory to harm other nations' critical infrastructure and important networks. It has affirmed this principle on multiple occasions with the US, Britain, Germany, and at the G20. Then at the World Internet Conference in December, President Xi took a hard line on "cyberspace sovereignty," demanding that governments retain legal and political control over the networks, data, and information located within their sovereign territory. 

Despite these developments, China appears to be ignoring North Korean hackers. In doing so, China is at best failing to meet its commendable public commitments. Taking steps to ensure its actions match the commitments it has made would be a benefit to China in light of the increasingly prominent role it hopes to play in the region and beyond.

A tougher Chinese posture would bolster its position as a global leader in the development of cybernorms, and give credence to its assertions of sovereignty in cyberspace. 

Taylor P. Brooks is a Herbert Scoville Jr. Peace Fellow at the Carnegie Endowment for International Peace. Follow him on Twitter @TaylorPBrooks.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to