A new disturbing report by the James Martin Center for Nonproliferation Studies has found that North Korea has been selling spy technology products overseas largely unnoticed. The research was compiled over months from open source intelligence.
The Center was surprised to discover that Pyongyang was so effective at concealing its identity, through front organizations and aliases, that their large pool of worldwide clients were unaware that they were giving money to a country sanctioned for its nuclear weapons program.
The economically isolated nation successfully sold a wide variety of services including “web and app development, administrative and business management software, IT security software, and biometric identification software for law enforcement applications.”
A growing list of unsuspecting clients
According to the report, the controversial monarchy's many unsuspecting clients included large Chinese companies, Nigerian government agencies, small European firms, possibly US law enforcement agencies and "at least one reputable defense firm in a US-allied country." These successful business activities in the IT sector are a real danger to international efforts to contain the threats posed by North Korea.
Revenue accrued through these hidden transactions disempowers the sanctions imposed by the United Nations (UN) and many other countries and may even be redirected toward entities involved in North Korea’s worrisome nuclear and missile programs. Unfortunately, this problem is not an easy one to resolve and may even be amplified in coming years.
Activities difficult to monitor
“North Korean networks continue to create elaborate guises to fool their interlocutors into thinking they are of another nationality. Intangible forms of revenue generation, like North Korea’s sale of algorithms or any software development offshoring, are also intrinsically harder to stem than tangible ones,” states the report in its conclusion.
These are issues that sanctions simply cannot resolve. The very intangible nature of IT services exports means that even the most security advanced government entities cannot physically intercept and halt them.
“Perhaps the best chance of disrupting this activity rests on disrupting the networks involved. In contemplating the shape of any sanctions that cover North Korean IT, governments should seek to create sector-wide authorities to take aim at major players in North Korea’s IT industry,” advises the report.
The report goes on to recommend that entities outsourcing IT goods and services increase and intensify their due diligence practices, particularly when dealing with organizations based in Asia. The authors also warn against the potential of cybersecurity threats that can plague clients dealing with North Korea by unwittingly giving the dictatorship access to their systems.
North Korea has been the subject of many international sanctions since 2006, successfully curbing most of the country's exports and capping its oil production. Just last March, the UN Security Council blacklisted several ships and shipping companies for attempting to aid the reclusive nation to evade sanctions.