A cybersecurity company says it has found software that appears to install code for mining cryptocurrency and sends any mined coins to a server at a North Korean university, the latest sign that North Korea may be searching for new ways to infuse its economy with cash.
- Cyber security firm says it has found links between cryptocurrency mining software and a North Korean university
- Cryptocurrencies may be a way for North Korea to inject foreign currency into its economy
- Monero, the world’s 13th largest cryptocurrency, is less traceable than bitcoin
The application, which was created on December 24, uses host computers to mine a cryptocurrency called Monero.
It then sends any coins to Kim Il Sung University in Pyongyang, said cybersecurity firm AlienVault, which examined the program.
“Crypto-currencies may provide a financial lifeline to a country hit hard by sanctions, and as a result universities in Pyongyang have shown a clear interest in cryptocurrencies,” the California-based security firm said in a release, adding that the software “may be the most recent product of their endeavours”.
The company added a caveat that a North Korean server used in the code does not appear to be connected to the wider internet, which could mean its inclusion is meant to trick observers into making a North Korean connection.
Kim Il Sung University, however, plays host to foreign students and lecturers, not just North Koreans.
Others have flagged increasing signs of North Korean interest in cryptocurrencies and underlying blockchain technology.
“With economic sanctions in place, cryptocurrencies are currently the best way to earn foreign currency in North Korea’s situation.
“It is hard to trace and can be laundered several times,” said Mun Chong-hyun, chief analyst at South Korean cybersecurity firm ESTsecurity.
Monero an untraceable option
Cryptocurrency watchers say technical details of Monero, the 13th-largest crypto asset in the world with a total value of more than $8.9 billion, make it more appealing than bitcoin to those who value secrecy.
What is Bitcoin?
- A digital cryptocurrency
- It operates on a decentralised peer-to-peer network, with no central authority or government backing
- They can be bought with fiat currencies like Australian dollars from online exchanges or created through mining
Monero funds go to an unlinkable, one-time address generated with random numbers every time a payment is issued.
That makes it less traceable than bitcoin, where transactions can be linked to specific, albeit anonymous, private addresses, cybersecurity experts said.
South Korea-based Bithumb, the world’s busiest cryptocurrency exchange, is also the largest Monero trading exchange in the world, with about 24 per cent of trading volume.
The next largest were Europe-based exchange HitBTC and Hong Kong-based Bitfinex, as of Monday.
A method of avoiding sanctions
Marshal Swatt, an expert in blockchain technology and financial exchange, said cryptocurrencies’ independence from government regulation — and sanctions — made them logical choices for covert transactions.
“They don’t by themselves discriminate between good and bad actors,” he said.
“This makes it extremely compelling for countries like North Korea, Venezuela, Iran, Russia and others to exploit these non-governmental blockchain currencies for their own self-interest.”
Cybersecurity firm FireEye cited in a November blog post a series of North Korean activities against South Korean cryptocurrency targets such as exchanges.
Analyst Luke McNamara wrote that “it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise”.
AlienVault’s report said one North Korean IP address, 220.127.116.11, has been active on bitcoin trading sites.
That is the same address used to control compromised web servers in 2014-15 cyberattacks on South Korean energy, traffic, telecommunications, broadcasting, financial and political institutions, according to security firm AhnLab.