Beyond the Wire and Into the Cyberspace: The DPRK’s Funding of Weapons of Mass Destruction

Written by: Cormac O’Harrow

The United States has a material military force more powerful than any other in the world. We are equipped with more aircraft carriers, more tanks and more resources than any other state. But the nature of today’s evolving landscape has left us unprepared to defend tomorrow’s next great theater of combat. This new battlefield of tomorrow,  known as the cyberspace, is silent and its soldiers are often unknown.

That is not to say that the boots-on-the-ground style of war has gone out of style yet– it has not. But some bad actors have found ways to boost their traditional fighting capabilities  through the web.

Since the Nuclear Non-Proliferation Treaty of 1968, states have been routinely condemned and sanctioned for attempting to arm themselves with weapons of mass destruction. The Democratic People’s Republic of Korea is no different.

Since 2006, the exiled state has been under heavy sanctions in regard to their nuclear refinement attempts. The restrictions include stipulations about weapons trade and nuclear proliferation. In particular, the state is banned from buying or selling military assets; members of its nuclear program have had their foreign assets frozen and the state is actively excluded from scientific cooperation.

Yet, these shows of force by the UN Security Council has done little to stop the Republic’s attempts. Since 2006, the state has conducted at least five nuclear weapons tests.  This begs the question: how is an impoverished state under the strictest sanctions in the world able to afford to manufacture nuclear weapons?

North Korea’s shocking ability to afford such capabilities comes from one place: Bureau 121. A branch of the Reconnaissance General Bureau of the North Korean Military, Bureau 121 is tasked with carrying out malicious cyber operations meant to generate income for the state. Much of that income is then spent on the state’s Weapons of Mass Destruction (WMD) programs. Estimated to be around 6000 members, the department operates remotely from around the world and they’ve proven themselves to be highly effective.

Subsects of the group have been behind multiple recent, high profile attacks. These include those against Sony Pictures after the release of The Interview, as well as the WannaCry cryptocurrency scams. Most importantly, subsidiaries of Bureau 121 have been able to steal more than $2 billion dollars, funding up to 70% of North Korea’s aforementioned WMD programs.

North Korea is taking an atypical approach to their hard-military power. What they have been able to achieve through their financial attacks goes to show just how powerful successful cyber-attacks can be.

Scarier than financial schemes are the capabilities a team such as Bureau 121 has in affecting infrastructure globally, a threat that American  firms and agencies are woefully unprepared to guard against. Massive amounts of classified data are being released and sold online, much of it gathered through smaller scale attacks against various government agencies and contractors. Such a standard is unacceptable and demonstrates a key American shortcoming in cybersecurity. 

To keep it brief: The United States Military is wasting money. Every new dollar being put towards new tanks rather than upgrading current cyber defenses is a wasted dollar. The 2021 military spending budget is more than $740 billion dollars, only $9.8 billion of which is being put towards progress in cybersecurity, less of which is being directed towards defensive cyber capabilities. Funding is tricky, but it’s hard to imagine a valid argument against earmarking more federal funds for the advancement of the US cyberspace defensive capabilities.

 As enumerated in the constitution, the government has an obligation to common defense. Furthering our defensive capabilities in accordance to this principal is a necessity. Investing more into cybersecurity is our best and most logical next step to safeguard America in the 21st century.