— -- As President Trump travels to five Asian nations this week and seeks ways to contain North Korea, the administration should consider a strategy that would hold accountable those countries that are enabling North Korean cyberthievery operations. Cybergangs with code names like Hidden Cobra and the Lazarus Group are widely believed by U.S. cyberexperts to be military units of the North Korean government, hacking from bases in other countries.
They have stolen millions of dollars, which makes it easier for Pyongyang to fund its nuclear and missile programs. They have also reportedly tried to infiltrate the U.S. electrical grid’s controls, possibly gearing up for an attack on American infrastructure.
Yet as tensions mounted between North Korea and the United States this fall, Russia threw the North Koreans a lifeline. A Russian company installed fiber-optic cables running down the rail lines from Vladivostok over the Friendship Bridge and into the Hermit Kingdom. North Korea’s access to the internet previously ran only through China, so this new connection to the internet gives North Korea a second virtual path through which it can wreak mayhem online.
North Korea has reportedly grown a cyber army of some 6,000 specialists, many of whom are stationed in hotels in China, where high bandwidth and computing power are readily available. Moscow and Beijing could easily monitor North Korea action on their fiber-optic cables and block malicious activity, so it’s time we told both capitals that we hold them responsible for facilitating the cybercrimes of North Korea.
This phenomenon of governments turning a blind eye to criminal activity by another group is similar to a problem we have seen before. Before 9/11, Ambassador at Large for Counterterrorism Michael Sheehan delivered a warning to Afghanistan’s foreign secretary. His message was simple: If the Taliban continued to provide a safe haven for al-Qaeda, the United States would hold them accountable for any attacks against the United States.
Sheehan used this analogy: “If you have an arsonist in your basement and every night he goes out and burns down a neighbor’s house and you know this is going on, then you can’t claim you aren’t responsible.” After 9/11, the United States followed through on Sheehan’s warnings and attacked the Taliban.
Today the Chinese government has an arsonist living in its basement. China is providing a safe haven for North Korean cyber actors, and Russia is providing an alternate route for North Korean hacks. If the North Koreans had missile units stationed in Shenyang, China, there would be repercussions for allowing them to be based there. Simply because these attacks are carried out in cyberspace does not change this fundamental premise.
China should recognize that the United States has long maintained the position that a cyberattack need not be answered in kind. Because North Korea has so few digital assets, limiting U.S. response to North Korean cyberspace would be wholly ineffective. Under the Pentagon’s cyberstrategy, that makes North Korean actors stationed in China a legitimate military target.
The Trump administration should publicly reaffirm that we will hold responsible any countries that facilitate North Korean hacking and that our response to significant cyberattacks on us may not be limited to cyberspace. Secretary of State Rex Tillerson should then quickly follow that pronouncement with a dialogue with the Chinese. The goal should be to give the Chinese an opportunity to quietly roll up and push back North Korean operations across the Yalu River.
The State Department must also pressure India and other countries to round up, expel or arrest North Korean hacking units in their countries and formally request that Russia monitor North Korean traffic for malicious activity.
The U.S. should also seek U.N. Security Council debate to expose North Korea’s cybercrimes, stealing from banks and attacking the international SWIFT banking system. If Russia, China, India and others do not cooperate in shutting down these operations on their territory or on their wires, the U.S. should propose a U.N. resolution to sanction countries that facilitate North Korea’s cyberthieves.
Both superpowers have denied any wrongdoing.
Hua Chunying, a spokeswoman for the Chinese Foreign Ministry, said that China is “opposed to any form of hacking and cyberattacks” and “will never allow any persons to engage in the illegal crimes related to cyberattacks or these kinds of crimes in Chinese territory.” She added, “If we have investigated this and confirmed this, we will punish them in accordance to law.”
Maria Zakharova, a spokesperson for the Russian Foreign Ministry, said that Russia “is not violating any relevant [U.N. Security Council] resolutions” and is merely seeking to “develop relations” with North Korea within the bounds permitted by the U.N. sanctions.
Both comments strike us as routine denials by officials who would never know whether their governments were facilitating or turning a blind eye to North Korea hacking for dollars. Perhaps Trump can try to talk China’s President Xi Jinping and Russia's President Vladimir Putin into cracking down on Korean hacking when he meets with them this week.
If, however, diplomacy fails, the U.S. should consider further steps. North Korea can gain access to the internet only through China and now Russia, creating two chokepoints that U.S. Cyber Command can target for disruption. The command has already reportedly disabled some of North Korea’s networks. It should also consider taking out North Korean military cyberunits based in other countries.
We need not wait until North Korea attempts a major cyberattack on the U.S. It has already done enough to provoke a bigger response.
Richard Clarke is an ABC News national security consultant. He served in Bill Clinton’s and George W. Bush’s administrations as an adviser to the president on cybersecurity and counterterrorism. Rob Knake served in Barack Obama’s administration in the cyber office of the National Security Council. ABC News’ Patrick Reevell and Karson Yiu contributed to this report.