Despite most North Koreans having no access to a computer, let alone the internet, the isolated nation has developed a formidable team of hackers.
Author and investigative journalist Geoff White has been tracking the exploits of North Korean cyber criminals the Lazarus Group.
The group’s targets include the 2014 hack of Sony Pictures, in retaliation for the movie The Interview - which depicted the assassination of North Korea's leader Kim Jong-Un and an attempt to get a billion dollars out of Bangladesh Bank.
The WannaCry ransomware attack in 2017 which caused chaos in companies and institutions around the globe, was also the work of Lazarus.
Photo: Supplied
White has documented all this in a book called The Lazarus Heist, which is also the title of his BBC podcast with co-host Jean Lee.
If you are in North Korea, and you have a computer and access the internet, you've got it because the government has given it to you, he told Kathryn Ryan.
“North Koreans are very skilled people, they have a great deal of self-reliance. There's a great deal of emphasis placed on technical skill in North Korea as well.
“So as these kids come up through school, they're very gifted mathematicians, they're spotted, they're groomed by the regime to go and learn computers and get access to computers at that stage, probably not access the internet. But they're given access to a computer. And if they show prowess, they're taken to specialist universities and trained and a lot of those very, very skilled computer scientists in North Korea will end up either working for the regime's nuclear programme or becoming government hackers.”
The target for most of these hackers is cash, he says, and once they are ready the hackers are posted overseas.
“One of the perks that you get if you're a government hacker for North Korea occasionally is a foreign assignment, the vast majority of North Korea's people never get to see outside the country's borders.
“But if you're in the top tiers of government, or in the military, or if you're a hacker, you get a foreign assignment. And North Korea does this with its hackers, it sends them overseas for a number of reasons.”
This is largely practical, he says.
“If you're going to try and hack from inside North Korea, that's a really bad idea because North Korea has got a very narrow window to the internet.
“Whereas places like New Zealand will have thousands of connections, millions of connections to the internet, North Korea has just a few thousand and those are some of the most surveilled internet connections in the world.”
The Lazarus Group has had success outside of North Korea’s borders with phishing emails, he says.
“To craft those phishing emails you need to have a really good grasp of people's psychology, you need to know how to draft that email to make it really juicy so the person's going to click on it.
“And to do that, you need to understand how the outside world and the Internet users work, how we think, how we shop, how we bank, how we communicate, you can't do that from inside North Korea.”
Getting cold hard cash into North Korea is the prime motivation, White says.
“For a very long time, North Korea’s been broke.
“It's been cut off from the international financial community. And so, it's tasked its diplomats, and increasingly its computer hackers, to go out to the outside world and get hold of money and bring it back to North Korea or at least put it in North Korea's disposal.”
However, North Korea’s most famous hack was for revenge, not money, he says.
“In 2014, Sony Pictures decides it's going to make this film The Interview, which is sort of slapstick movie, really about a couple of bumbling journalists who go to North Korea to interview Kim Jong Un, and get involved in a CIA assassination plot and the assassination plot does work out, Kim Jong Un does get assassinated in the film. It's shown in quite graphic detail.
“And it is, I think I'm right in saying, one of the only if not one of a very, very, very small number of films that shows a sitting world leader, a real-world leader, killed in a film. So, it's quite striking.”
North Korea did not take kindly to this at all, he says.
“They wrote at one stage to the United Nations, saying that this was a terror being perpetrated against North Korea.”
The North Koreans also started bombarding Sony with phishing emails, he says.
“And it seems around September 2014, a few months before the film was due to come out, they succeeded. They sent a phishing email to somebody saying here's some files, please download them.
“The Sony employee fell for the ruse and got infected.
“And from there, the hackers really just wreaked digital chaos on Sony, it was an astonishing takedown, not just taking its computers offline, thousands of Sony computers had to be switched off [and] disconnected from the internet.
“But they can't even pay people, they were writing people cheques in the carpark because they couldn't make the payroll work.”
The hackers didn’t stop there however, White says.
“The hackers took information stolen from Sony, deeply, deeply damaging confidential private emails from Sony's top people, and leaked them on the internet in a very strategic way to create maximum pain for Sony.
“Sony really were reeling from this.”
It was a very sophisticated operation, he says.
“With the Sony hack, the hackers staged eight releases of information. And what was really interesting was how they staged what they released.
“They were working up to a point where they were going to release the most damaging stuff at the summer culmination of this set of leaks, they were going to release information on the top people at Sony.”
The raid on the Bank of Bangladesh was equally sophisticated but driven purely by money, White says.
Again, through a phishing email the hackers got hold of the bank's SWIFT codes allowing them to transfer money out of the bank and then established a series of recipient accounts in the Philippines, he says.
They also realised that the Bank of Bangladesh had a New York branch holding millions of dollars.
“What was useful about this is you're suddenly playing across three time zones. So, Bangladesh, New York, and the Philippines. And even better, the day that they transferred the money into the bank in the Philippines was actually a national holiday, it was Lunar New Year, so nobody was in the bank in the Philippines.
“The day they started the hack on Bangladesh, was the start of the Bangladeshi weekend, which is actually Friday, not Saturday, as in most countries. And of course, in New York it's the weekend.”
This effectively gave the hackers a five-day window, he says.
“In each bank, on every single day, somebody was off, somebody was away. And so, the banks couldn't keep up with the hackers who were incredibly well staged to make the whole thing work.
“And it's almost a work of genius, if it wasn't for the criminal nature behind it.”
North Korea’s cybercrime activities, and cybercrime in general, are unlikely to go away, White says.
“I think the idea that we can kill off cybercrime is as naive as thinking we can kill off crime, we haven't managed that in, well, probably the entirety of human history.
“So, the idea we're going to kill off cybercrime is a bit naive, but things do happen and forces of good, if you like, do have successes.”
The FBI investigation of the Sony hack exposed a whole North Korean infrastructure, he says.
“It is an arms race, but you have to keep the arms race going. It's like a contact of mine says, look, it's like a good gardener, a good gardener is always keeping the weeds down.
“They know there'll always be weeds. But if you don't do something, you just end up with a garden full of weeds.”
