Revealed: North Korea Is Secretly Selling Face Scanning Tech


    Top officials in the North Korean regime, including Kim Jong Un himself, have invested weeks in the world spotlight, participating in important discussions over how to reduce tensions on the Korean Peninsula. Yet despite the following steps onto the world stage, North Koreans elsewhere are working hard to remain unseen.

    In an era of intense sanctions, the country’s overseas business networks are well aware that the most visible Pyongyang’s links are to their overseas trade and finance networks, the more external scrutiny they are able to invite. To avoid this, they have honed techniques that allow them–at first glance–to appear Chinese, Southeast Asian, or Russian. They leverage relations with foreign facilitators and middlemen, utilize opaque offshore jurisdictions, and create elaborate corporate arrangements. As a ensue, they have successfully managed to extend their networks around the world, and remain active in sectors where few even realize North Korea is a player.

    The world information technologies( IT) sector is one. Over the last several months, the James Martin Center for Nonproliferation Studies carried out detailed investigations into North Korean IT networks active overseas, including in China, Russia, Southeast Asia, and Africa( PDF ). We uncovered firms links between Pyongyang that are developing and selling encryption technologies, virtual private networks, and software for fingerprint scan or facial acknowledgment. North Korea-linked IT firms are offering comprehensive IT packages for companies and developing apps or websites for customers who range from small firms in Europe to a U.S. primary school.

    Take a drive in Turkey, and your license plate could be read by North Korea-developed vehicle recognition software. Set your finger on a scanner when entering some parts of the civil service in one Nigerian government, and it could be captured by North Korean technology. The same possibility exists for fingerprint scanners in Asia, where there are indications that Northern korean algorithms may have been incorporated into the furnish chains of major producers of that hardware.

    North Korea’s activity in the global IT sector is a significantly underappreciated problem with several dimensions. It represents another source of continued revenue for North Korea. At present, Pyongyang is not prohibited from providing these sorts of services per se; U.N. sanctions have focused mainly on banning the export of Northern korean material goods, including electronics.

    While sanctions prohibit North Korea from sending migrant laborers overseas, it is unclear to what extent North Korea actually relies upon this practice for its IT business. Several of the Pyongyang-linked individuals and firms we identified purported to have hundreds of employees or large numbers of developers at their disposal, despite other indications that they are small operations. This suggests that all staff members carrying out the job may be based elsewhere, potentially in North Korea itself; networks overseas may simply be the vehicle by which to generate new contracts for North Korean developers back home.

    Sanctions would be relevant if specific designated individuals or entities are involved. During our investigations, we received several IT firms within networks directly linked to North Korea’s sanctioned intelligence agency, the Reconnaissance General Bureau. But these ties are extremely well hidden. Few countries are likely to perform the sort of in-depth investigations that will help them confirm that a particular IT company is linked to a sanctioned entity. An IT company in Malaysia remains an active entity despite the fact that one of its shareholders was publicly uncovered as a Northern korean intelligence agent over a year ago.

    Adopting imposing sanctions on North Korean IT services generally would furnish a much simpler basis for investigation and action, and there are indications that the sanctions conversation could move in this direction if ongoing diplomatic efforts fail to bring about a change in North Korean behavior at home and abroad.

    The U.S. Treasury sanctioned the Korea Computer Center last year, and President Donald Trump’s September 2017 Executive Order explicitly mentions the authority to sanction individuals and entities linked to North Korean IT operations.

    Even with these steps, restricting North Korea’s activity in the global IT sector may be difficult to operationalize for the simple reason that intangible forms of revenue generation are harder to tackle than tangible ones. No opportunities for the physical interdiction of domestic exports exist, and even countries experiencing the most sophisticated export control arrangements still struggle to address the issue of intangible technology transfers.

    As in other parts of their overseas activity, North Korean IT networks are spectacularly good at obscuring overt links to Pyongyang. One corporation website advertising IT services, for instance, disclosed only a few clues that it was Northern korean: ad for Korean speech translation software, a mention of mushroom developing engineering( North Korea loves its mushroom farms ), and the use of a North Korean girl band’s version of the Rocky theme tune as the trail for the marketing video. An untrained eye( or ear) will not notice those details.

    In most cases, North Korea’s clients are likely unwitting, a dynamic reaffirmed by Pyongyang’s apparent use of freelancing websites to generate new IT work. Throughout our research, we constantly detected related profiles for developers on and, which parties that appear to have links to North Korea are applying to identify potential clients. It is very easy to mask identities on these sorts of sites, and interaction is impersonal, reducing the possibility that a prospective client will detect anything amiss.

    Finally, and perhaps of most fear, North Korea’s activity could pose a cyber security risk to the public or private sector entities that outsource their IT work to the country, knowingly or unknowingly. The degree of access the IT providers would have to their clients’ information materials and systems ultimately depends upon the services provided, but in some cases it could be substantial.

    North Korea, after all, has been credited with the attempted crime of nearly one billion dollars from Bangladesh’s account at the Reserve bank of New York and the worldwide WannaCry malware attacks. It have undoubtedly shown that whether the government has the possibility of being exploit its prowess in cyberspace to its own advantage, it will.

    Awareness of these issues specifically, and North Korea’s activities in the IT sector generally, needs to improve rapidly. Multilateral and unilateral sanctions on some of the main nodes in North Korea’s IT networks would be a start and would simultaneously help address both the cyber threats posed by North Korea and the continued revenue that IT exportations produce. Counseling to parts of the private sector organizations that are particularly at risk–such as those operating in the market for biometric identification software–is also worthwhile. Without such attention, North Korea’s networks will likely remain out of vision, and out of mind.

    Andrea Berger is a Senior Research Associate at the Middlebury Institute of International Studies at Monterey, where Cameron Trainer is a Research Associate. Their new report, “The Shadow Sector: North Korea &# x27; s Information Technology Networks, ” is available here .

    Read more: https :// revealed-north-korea-is-secretly-selling-face-scanning-tech