How North Korean hackers became the world’s greatest bank robbers

Kim isn’t all that easy to find. That’s how he likes it.

After agreeing to meet, Kim sends directions by text. Following them leads my co-producer, Sona Jo, and me into a drab cement structure on the outskirts of Seoul, far from the capital’s glitzy shopping promenades. Outside, it’s snowing softly and a chill pervades the unheated building. Reaching Kim’s chambers requires a steep climb up a freezing stairwell.

He answers the doorbell in a chipper mood — “Come in!” he says, in a sing-song melody — and promptly offers a cup of green tea. On the way here, I was braced for an awkward, slow-to-warm sort of encounter. That vibe has characterized some of my past interviews with North Korean defectors. They were, after all, reared from birth to despise Americans.

“Well, you’re jackals!” Kim says when I ask about his anti-American indoctrination. He’s laughing with his eyes, which crinkle when he smiles. “That’s what they say. Americans are our everlasting enemy. Bosses of a corrupt empire.”

But Kim is welcoming, exuding the demeanor of a gentle professor. I can’t say the same of the other man in the room: a tall guy, clad in a dark coat, who does not introduce himself but eyes us up and down before retreating to a corner in silence. I decide not to ask.

Kim Heung-Kwang, a computer networks specialist who now heads an association of highly educated North Korean defectors. (Credit: Facebook)

Kim has come a long way since he emerged scared, soaking wet and nearly possessionless from the Tumen River in 2003. That was the year he sneaked to the banks of the river, which divides his homeland from China, and bribed a North Korean guard. The soldier looked away as Kim swam through freezing waters toward China. But as he swam, Kim says, he was shot at by a second guard whom he’d neglected to bribe.

Ultimately, he made it to the far shore unscathed and, from China, made his way to South Korea. Today, he heads an alliance of highly educated North Korean defectors.

He keeps busy by running this alliance — called North Korea Intellectuals Solidarity — which comprises escaped North Korean lawyers, doctors, engineers, academics and programmers. The intel he has gathered from these associates suggests to him that North Korea’s hackers are “an absolute treasure to Kim Jong-un,” he says. “Because it is becoming clear that North Korean hackers are the best in the world.”

Related: What it will take to to denuclearize North Korea

Kim is a computer scientist himself. He specializes in digital networks and claims he took part in early modem communication between Pyongyang and Hamhung, North Korea’s second-largest city and Kim’s hometown.

That’s also where he spent years as a university professor, teaching soldiers-to-be about online networks. Many of his students, he says, were swept into the RGB to fulfill their ultimate mission: infiltrating the networks of enemies overseas.

Kim believes this background, plus his access to intel shared among hundreds of highly placed defectors, qualifies him as an authority on North Korean hackers. They are, he says, profoundly underestimated on the world stage.

“They’re the geniuses of North Korea,” Kim says. “Let’s make this simple. You want to rank countries when it comes to government hacking? Well, most people will say America is number one, Russia is number two, China is number three and so on.”

“But tell me, honestly. Is anyone pulling off as many successful hacking operations as North Korea?”

Let’s review some of North Korea’s greatest hacks.

In 2014, North Korean agents crept into the digital infrastructure of Sony Pictures, which was preparing to release “The Interview,” a screwball comedy about assassinating Kim Jong-un. Pyongyang’s agents wiped data and leaked embarrassing emails until Sony caved and canceled the film’s mainstream release.

In 2017, North Korean hackers seized Microsoft computers worldwide with a worm known as WannaCry. Devices were rendered useless unless the owner paid a ransom in Bitcoin — the price of unfreezing the computer. More than 200,000 computers in 150 countries were affected.

And in the last three years alone, North Korean hackers have targeted banks and cryptocurrency exchanges in the following countries: South Korea, Thailand, India, the Philippines, Poland, Peru, Vietnam, Nigeria, Australia, Mexico, Japan and Singapore. In the US, they’ve gone after Wells Fargo, Citibank and, of course, the New York Federal Reserve.

All told, these heists have pulled in an estimated $650 million in just a few years.

“So even just from reading the news,” Kim says, “everyone should start to wonder if maybe North Korean hackers are now the very best in the world.”

This sentiment — laughable just a few years ago — is now shared in unlikely circles.

The $650 million figure comes from Simon Choi, among the more authoritative sources on North Korean hackers. At 34, he has spent much of his young life chasing their digital trail. He is a consultant to South Korea’s National Intelligence Service — formerly titled the Korean CIA — as well as the military’s cyberwarfare division.

“I think we’re only able to uncover about 30 percent of their total hacking,” Choi tells me. “This is just a portion of their activity.” When I asked Choi to rank North Korea’s hackers, he tells me that “their skill has come a long way. They are now No. 1 in the world in terms of hacking.”

This is no fluke, Kim says. Under the reign of Kim Jong-un — the regime’s first millennial dictator — the RGB has continually restructured itself to emphasize cybercrime. It now oversees an estimated 3,000 to 6,000 hackers.

“A nation state robbing banks … that’s a big deal. This is different.”

The bureau was created in 2009, during the last years of Kim Jong-il’s rule. It was comprised of a variety of units devoted to spycraft, overseas killings, psychological warfare and cyberwarfare — all of them pulled under one roof. According to Kim, once Kim Jong-un ascended to the throne, and took over the RGB, he lavished even more resources on its elite hacking units.

Two of those units stand out as exemplary.

One is known as Unit 121 — sometimes called “Lazarus” or “Hidden Cobra” by outside spy agencies — which pulled off both the Sony Pictures and the Federal Reserve hacks, Choi says. (The FBI has actually looked into filing charges against North Korea for the Fed heist.)

The other is Unit 110, which, according to Choi, began as a specialty unit targeting rival nations’ military intelligence. It has since devoted more energy, Choi says, to bilking credit card systems, ATM networks and, more recently, online stores of cryptocurrency.

Such online finesse begs the question: How is this impoverished state launching so many successful attacks from its home soil — especially given its constant power outages and primitive digital infrastructure?

It isn’t, Kim says. The bureau simply deploys hacker cells to live abroad — many of them in China — where online speeds are much faster. There, North Korean agents may feign jobs as traders or importers but run operations at night.

Other digital clues left by North Korean hackers suggest they’re located in India, Malaysia, Nepal, Indonesia and as far away as Mozambique. Recorded Future, a firm monitoring cyberthreats worldwide, claims North Korean agents look at Amazon, Baidu (China’s Google equivalent), a fair amount of porn and, more embarrassing still, their own AOL accounts. They also use iPads and iPhones. (Kim Jong-un himself has been spotted using Apple computers.)

Kim Jong-un and his iMac. (Credit: KCNA)

What can’t be easily discerned from the hackers’ digital breadcrumbs is their ideology. But Kim says that “when they attack a bank, it’s not personal. They know it’s illegal under international law but their first motivation is pleasing their Dear Leader. Don’t imagine them feeling guilty or breaking some moral code. They don’t have the same moral code as you.”

“They just think, well, I have skills that can benefit my country and please the leader,” he says. “It’s a golden opportunity to prove their loyalty.”

Kim tells me, look, if you really want to understand the mentality of cadres inside North Korea’s reconnaissance bureau, you should speak to Mr. Jang, his colleague.

And that is how I ended up, days later, in a hipster-ish co-working cafe on the other side of town — sitting across from a nervous 49-year-old man in a blue jacket.