Countering the Weaponization of Financial Technologies that Threaten Security, Undermine Sanctions
Many companies operate in the cyber sphere without ever connecting with the traditional banking system, making them impervious to government regulators. Instead, they use cryptocurrencies based on blockchain or distributed ledger and other anonymizing technologies, smart contracts and online trading. This emerging virtual but opaque business world is not only cost- and time-effective for legitimate users but also ideal for aspiring cyber criminals and rogue actors and states.
United Nations investigators first saw the potential nefarious applications of digital tools more than 20 years ago during Angola’s civil war, when procurement agents of the National Union for the Total Independence of Angola (UNITA) used email to acquire weapons and arrange the logistics for deliveries to their camp sites. Since then, the threats have only become more sophisticated and severe. For example, Iranians in recent years acquired restricted projectile software and other intellectual property by hacking into defense companies. The Islamic State of Iraq and Syria used cryptocurrencies to raise money for weapons and to coordinate the Easter attacks in Sri Lanka in April 2019. Meanwhile, Venezuela, which is yet to face U.N. sanctions, has been collecting aeronautical taxes using an app that converts foreign currencies to bitcoin.
The cyber sphere continues to produce novel ways for rogue actors to threaten national, regional and international security. In fact, illicit uses of digital technologies are outpacing the advancements of licit technologists, who generally do not prioritize international security in their business models. Bad actors are using their technological prowess to wage an asymmetric war to undermine conventional security measures. The front lines of this war cut through global communications and commerce and enable circumvention of sanctions, with many of the most subversive elements emanating from the Indo-Pacific.
Sanctions violators use cryptocurrencies to obfuscate their online identities and to support proliferation financing and logistics. As applications of this technology have been rapidly evolving, regulatory frameworks and security provisions have lagged behind. Digitally adept sanctions violators prey upon the legal gaps and loopholes to remain unrecognized when they move financial resources, steal intellectual property for proliferation technologies or perpetrate a host of other illegal acts.
The magnitude of the threat posed by the nascent industry of cryptocurrencies is potentially immense, given the total market value for all coins hitting an all-time high of U.S $818.1 billion in 2018 and fluctuating between U.S. $103 billion and U.S. $338 billion in 2019, according to the coinmarketcap.com website.
Threat Actor Advantages
North Korea epitomizes the use of digital tools to engage in organized criminal activities and circumvent sanctions. North Korea has developed digital techniques to generate revenues to fund its illegal proliferation efforts, gain intelligence and technical know-how, and harm the businesses and reputations of its foreign adversaries. Its arsenal includes the capability to disrupt monitoring of U.N. sanctions against the regime.
When he succeeded his father in 2011, Kim Jong Un boasted that “cyber warfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our military’s capability to strike relentlessly,” according to testimony by a South Korean intelligence chief, The New York Times newspaper reported. Kim’s cyber force is viewed as the strongest weapon in his “secret war,” and its members are considered part of North Korea’s elite, among one of few well-paid positions in the nation, a North Korean military defector told Reuters.
North Korean state actors and nonstate proxies are increasingly making use of new anonymizing technologies such as cryptocurrencies, the dark web, encryption and advanced cyber attacks. North Korea has obtained U.S. $571 million from hacking and stealing cryptocurrencies alone, and U.S. $2 billion in total from all cyber-related attacks, U.N. experts estimate.
The North Korean regime has been able to weaponize cryptocurrencies by stealing from cryptocurrency exchanges; cashing out ill-gotten funds by exchanging them into cryptocurrencies; creating a global virus that encrypts victims’ data and demands bitcoins to receive their data; selling and acquiring goods using cryptocurrencies; mining them; hacking into others’ computers to mine them; and creating new cryptocurrencies.
The most lucrative cyber attacks for the North Koreans have been hacking cryptocurrency exchanges, online companies for exchanging different cryptocurrencies and state-backed currencies. Perpetrators target the digital wallets where exchanges store the funds held in between transactions for clients. These wallets yield high payoffs as targets because they contain huge amounts of customers’ funds. Stealing the passwords that control these wallets to redistribute the funds yields significant gains.
North Korea was responsible for 75% of all globally reported cryptocurrency exchange hacks, a total of about U.S. $882 million from late 2016 to fall of 2018. Additionally, cryptocurrency exchange services can offer transfers that turn stolen coins into cash and easily obfuscate a trail of ownership of stolen coins by switching from one cryptocurrency to another. While many cryptocurrency exchanges follow some regulation to check identities of customers, there are many that enable trading without any regulation.
While not currently the most lucrative method, creating new cryptocurrencies is perhaps the most intriguing development in North Korea’s toolbox of tricks. A new cryptocurrency is often created by preselling some portion of its coins, with promises of how buyers will benefit, often with the subtext of a financial return. North Korea created two coins in 2018: MarineChain, a new cryptocurrency that fraudulently claimed to sell ownership of large ships, and another that is marketed online and sold in exchange for other cryptocurrencies or fiat. Its name was changed many times (from Interstellar, Stellar, HOLD and HUZU) to obfuscate its origins.
Over time, North Korean hackers have been moving toward revenue-generating cyber attacks, primed to adopt the latest technological trends and taking advantage of weak regulatory standards surrounding emerging technologies, including cryptocurrencies.
Chinese enterprises and investors are the world’s undisputed leaders of cyber operations. Benefiting from favorable government regulations and seed investments to produce specialized computers for mining cryptocurrencies, the People’s Republic of China (PRC) now dominates the creation of new cyber coins. Between 50% and 74% of cryptocurrency mining happens in China, according to the U.N. conference on trade and development website.
The PRC’s relentless drive into global markets with its One Belt, One Road infrastructure investment scheme presents an ominous cyber sphere corollary, given that China’s communist government is apparently equally determined to dominate the most valuable digital technologies and industries. The PRC’s voracious capacities in cryptocurrency mining could be repurposed to create new private currencies that will enable the operation of closed financial networks, accessible only to trusted Chinese actors or allies. Protected from outside monitors, such networks would be immune to the power of the U.S. dollar-based monetary system, including the force of U.S. sanctions and assets freezes.
The reversal in late 2013 from the dollar to the yuan as the dominant currency buying and selling bitcoin, the most widely used cryptocurrency, reveals even more compelling evidence for the PRC’s desired dominance of cyber commerce. Despite the volatility of the value of bitcoin, the Chinese have been responsible for up to 95% of bitcoin-based trading in recent years, the international news organization Quartz reported in 2017.
Although Chinese mining seems to be slowing, the signals may merely reflect a trend toward new private coins. The pattern would be consistent with previously observed shifts, for example, when Chinese investors backed their own internet platforms and technologies such as Alibaba, WeChat and others.
Gains for Legitimate Actors
Innovators herald the beneficial implications of cryptocurrency technology as having a historic impact on par with the disruptive power of the internet. Actors as diverse as JPMorgan Chase, the PRC and Facebook are all creating their own cryptocurrencies in the belief that they can process transactions faster and more reliably, while drastically cutting transactional costs and expanding to establish new markets and profit centers. Hedge fund leaders are creating equity-and-debt-trading platforms whose operational superiority is incentivizing finance professionals to migrate away from traditional security exchanges. Industry champions such as IBM are implementing blockchain-based tools to provide real-time insight into supply chains of goods, ranging from shipping containers to food stuff or commodities. In countries experiencing high inflation, such as Argentina, citizens resort to cryptocurrencies as an alternative to their unreliable government-backed currency.
These developments in cryptocurrencies could have a greater impact than the internet because they revolutionize the control center of the economy — finance. In 2016 the United Kingdom’s chief scientific advisor’s report defined blockchain as a pinnacle in the information and telecommunications revolution that has been radically reducing costs and replacing “hierarchical systems of organization and governance” with collaborative online networks. In this sense, cryptocurrency could be the greatest catalyst of the fifth technological revolution that is afoot in information and telecommunications, as scholar Carlota Perez detailed in her 2003 book, Technological Revolutions and Financial Capital: The Dynamics of Bubbles and Golden Ages. (See chart, page 27).
Addressing International Threats
To understand the security or insecurity implications of cryptocurrencies, contrast them with today’s financial regulator and supervisory protocols. Traditional money emerged in a world of centralized financial institutions processing transactions, complying with national rules and thereby guaranteeing integrity, stability and liquidity of the monetary system.
In the cryptocurrency/blockchain paradigm, a network of computers, rather than centralized institutions, generate and process transactions. Regulating the networks is challenging because blockchain and encryption technologies guarantee their users high degrees of anonymity. Only highly intrusive forensic investigative tools can penetrate the complex coding sequences of a blockchain to deanonymize transactions. A regulatory framework for cryptocurrencies requires a different and nuanced approach to address security risks.
Security threats from ill use of cryptocurrencies are best addressed holistically by a U.N. response to cyber threats as an equivalent to a threat to international security. Since the early days of the internet, some experts have been cataloguing the weaponization of digital technologies as the industry has evolved and discovered how cyberspace has become integral to strategies of sanctioned entities to circumvent international norms. Such insights can help guide U.N. policy.
National cyber regulatory frameworks have been adopted by 138 countries, but most focus on domestic crime prevention while remaining blissfully detached from the international security implications of a weaponized cyber sphere. The U.N. Security Council has addressed cyber threats only in a spotty and inconsistent manner, despite having 20 years’ worth of reports and evidence about how digital technology has been driving conflicts and benefited sanctioned actors.
The Financial Action Task Force, for one, is gradually amending its 40 recommendations to prevent and protect against digital variations of anti-money laundering, counterterrorism financing and nonproliferation financing. Certain digital technologies should be universally classified as dual-use, as outlined in the 1996 Wassenaar Arrangement, the first global multilateral arrangement on export controls for conventional weapons and sensitive dual-use goods and technologies.
There have been some unilateral steps in the direction of cyber sanctions. For example, the U.S. recently sanctioned three North Korean cyber entities and two cryptocurrency accounts owned by Iranian individuals. The European Union has released some guidance, including a cyber diplomacy toolkit. Yet these steps are far from the comprehensive approach needed. North Korea’s diverse ability to conduct monumental, but barely perceptible and cheap, cyber raids on data or financial assets belonging to governments, companies and individuals has propelled it to adopt offensive digital and information warfare tools.
At the international level, existing U.N. sanctions do not categorize abuses of the international cyber infrastructure as sanctionable acts. Passive government and industry leaders still run the risk of cyber attacks leading to loss of revenue, critical data and operational capacities; compliance failures and reputation loss from enabling sanctions violations; and being left behind in efforts and initiatives to regulate technologies with potentially far-reaching implications for their economies and national security.
Regulation and Emerging Technologies
Technology entrepreneurs exploiting the richly rewarding disruptive and transformative potential of digital technologies were historically incentivized by soft regulatory standards. Recognition of the potentially harmful impact of these new technologies to political, social and security matters is beginning to mobilize European and U.S. regulators to intervene against, and discipline, technology companies that are trespassing national and international standards. Yet a regulatory approach that focuses on the existing threat is not sufficient to deal with emerging ones.
In addition to the threats from cryptocurrencies, the commercialization of data has created a pathway for manipulation of public opinions, and perhaps the subversion of essential democratic processes such as elections. International and national laws are not equipped to counter such threats. The future of international security and national sovereignty will hinge, in part, on establishing best practices for cyber space and enforcing them.
Ashley Taylor is a senior collaborator at Compliance and Capacity Skills International.
Origins of Cryptocurrencies
Cryptocurrencies emerged with a 2008 white paper in which its author, Satoshi Nakamoto (a pseudonym), described the algorithm now in use for bitcoin. It represented a preliminary culmination of computer scientists’ research on digital money programs. That research began in the early days of the internet, mostly driven by libertarians seeking to maximize individual liberties and reduce the role of governments, including its dominance of sovereign currencies.
Over the past 11 years, the successes and failures of bitcoin spurred new developers and financiers to create many other cryptocurrencies. Today, thousands of different cryptocurrencies exist.
Cryptocurrencies group together transactions into “blocks” that are recorded in chronographic order as a chain, thus called the “blockchain.” Once these blocks are recorded, they are difficult and costly to change. Each transaction is forever visible to the entire network, making the technology useful to establish “trusted” data. These blockchain networks and their currencies can be public, such as bitcoin, or private, only accessible to a select group. Each cryptocurrency has rules for how new coins can be earned, called “mining,” which often requires using specialized computers. Mining can require lots of computing power to process data constantly as computers compete to solve difficult math problems to win new coins released periodically.
Cryptocurrencies also use encryption, a technology to make information and transactions only decipherable by people with the right passcodes. This feature makes the coins even harder to counterfeit and provides anonymity to the users, meaning real world identity is not necessary to acquire or trade them.