Donald Trump hails successful summit with Kim but North Korean cyberattacks went unaddressed
North Korea has slowly joined the small group of nations, along with China and Russia, with both the hacking know-how and a proven willingness to attack US interests
Among the subjects President Donald Trump apparently didn’t discuss with North Korean leader Kim Jong-un in Singapore – the regime’s human rights abuses, its exports of missile technology and its mistreatment of US prisoners – there’s one more: its long record of dangerous cyberattacks against sensitive targets in the US and allied nations.
Experts warn that the country’s hacking skills have become increasingly sophisticated and dangerous in recent years. North Korean exploits have included the damaging 2017 WannaCry ransomware attacks, intrusions into banks in more than a dozen countries to heist millions of dollars over the last few years, and continually brazen cyberattacks on South Korean computer networks.
The historic Singapore meeting focused on “denuclearisation” of the Korean peninsula, although it didn’t yield a detailed agreement for accomplishing that goal.
In the run-up to the June 12 meeting, the Department of Homeland Security warned of an ongoing threat by North Korean government hackers, who have attacked critical infrastructure and media, aerospace and financial companies since at least 2009, infecting networks in at least 17 countries and the United States. Days after the summit, DHS sent a fresh notice describing malware variants used by North Korea.
But there is no indication that the two leaders discussed cybersecurity, worrying experts who warn that North Korea’s cyberwarfare capabilities pose an immediate threat to US interests that warrants high-level attention.
Few know the impact of a North Korean cyberattack like former Sony Pictures CEO Michael Lynton. More than three years ago, the American movie studio owned of Sony suffered a crippling hack prior to its release of The Interview, a film centred on a screwball satire of Kim.
The unprecedented corporate cyberattack cost Sony more than US$100 million – destroying more than 70 per cent of the computers at the then-7,000-person studio, Lynton said in an interview on Wednesday. It took the company roughly a year to recover. Lynton left Sony in 2017 to become chairman of Snap.
“Denuclearisation is great, but we also have to concern ourselves with what the cyber capabilities are, so we can make sure that doesn’t happen to our businesses and other assets in the United States,” Lynton said.
The subject wasn’t mentioned in official statements out of the summit or by the president in his post-summit press conference.
Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, said North Korea’s recent cyberactivities have focused on “traditional espionage” aimed at gathering intelligence from nations involved in the summit, as well as destructive attacks and cybercrime to raise money for the regime.
North Korea has slowly joined the small group of nations, along with China and Russia, with both the hacking mojo and a proven willingness to attack US interests. Following the attack on Sony, the FBI publicly blamed North Korea, the first time it had done so. The Obama administration imposed sanctions as a result.
An Obama-era agreement with China aimed at curbing economic cyberespionage was reaffirmed by the Trump Administration last year. But earlier this year, Trump accused China of continuing to conduct and support cyber intrusions into US computer networks “to gain access to valuable business information so Chinese companies can copy products”, costing the economy “hundreds of billions of dollars” annually.
DHS officials have carried on with their cybersecurity mission outside the main focus of the Trump-related political sphere, often out of public view. But the results of that China-US pact have left many a little jaded about the efficacy of diplomacy on this issue.
Trump’s cybersecurity efforts have been largely overshadowed by immigration, health care and ongoing investigations. Still, last year the Justice Department announced sanctions and criminal indictments against an Iranian state-sponsored hacker network that had targeted hundreds of US and foreign universities, US companies and government agencies, and the United Nations.
The Trump presidential campaign has also benefited from embarrassing disclosures in hacked emails stolen from the Democratic National Committee, Hillary Clinton’s campaign staff and others. Trump also openly invited Russian hackers to find and release tens of thousands of personal emails that Clinton had deleted from the private server she had used to conduct government business as secretary of state.