t sounds like the set-up to a joke: what do a Nigerian Instagram influencer and North Korean military hackers have in common? Unfortunately, there is no punchline. As Geoff White describes in his thrilling new podcast-turned-book “The Lazarus Heist,” this connection has real-world criminal and geopolitical implications. Ramon ‘Hushpuppi’ Abbas is an “influencer” who paraded his luxurious lifestyle on Instagram and funded his habits not through brand promotion, but through scams and frauds that netted him hundreds of millions of dollars according to the U.S. Department of Justice. So far, not so uncommon—just watch “The Tinder Swindler” on Netflix. Yet, Abbas crossed paths with the North Koreans when Pyongyang sought to use him to launder funds electronically stolen from a Maltese bank—part of Pyongyang’s global cyber-crime empire—with apologies to Steve McQueen and Faye Dunaway, a sort of “Kim John Un Affair,” to borrow the title of the 1968 film (remade in 1999).
But, like all good podcasts, first a word from our sponsors. I jest. The BBC podcast was turned into a thoroughly enjoyable book. It retains that podcast charm of punchy episodes—in this case chapters—with cliffhangers that beg you to click “next episode” or continue reading, references to the listener or reader, and throwbacks to previous chapters or conversations keep the story flowing. Not that this book needs any help.
The story of North Korea’s emergence as a cybercrime powerhouse is the story of North Korea itself. In a swiftly told history, White explores how North Korea became an isolated authoritarian state dominated by successive cults of personality from Kim Il Sung through to millennial Kim Jong Un. He explores how the decisions made by the regime, its pursuit of self-reliance or juche, and its need for hard currency drove the isolated country to turn to criminal pursuits and embrace the Internet. Pyongyang embraced criminality as policy—from the forging of “superdollars” to the manufacture of crystal meth—and saw the Internet as merely another tool to support the regime’s needs, this despite it being banned within the country for everyone except elites.
White and his team travelled the world, tracking how North Korea launched attacks against Seoul. North Korea took television stations and banks offline before turning its sights on Sony Pictures to protest the release of a Seth Rogan and James Franco film, “The Interview,” in which Kim Jong Un was assassinated. Pyongyang then appeared to take a page from Sony’s playbook (undoubtedly a script they absconded with) and steal $1 billion from Bangladesh’s central bank. In a scheme that sounds like the plot from an “Ocean’s 11” sequel, North Korean hackers spoofed messages to the Federal Reserve Bank of New York requesting the transfer of funds to accounts in the Philippines, blocked the Dhaka-based bank from printing New York’s requests for confirmation, and used overlapping weekends and holidays to prevent a swift response. Were it not for a spelling mistake and the use of a bank on “Jupiter” street—which happened to share the name of a sanctioned Iranian vessel—Pyongyang would have stolen all of the funds. As it happened, they stole $101 million, transferring some to Manila and some to Sri Lanka. From there it was sent to other accounts, gambled in Macau, and physically flown out of the country.
North Korea’s next act was the release of the WannaCry ransomware, which infected over 200,000 computers—including the UK’s National Health Service—and demanded payment, in Bitcoin, to release the encrypted files. Here again, it was a bit of luck more than anything else that stopped the attack from succeeding or being much worse. The ransomware pinged a website that, if online, would halt the spread of the malicious code. A UK-based hacker found the website in question, registered it for $10, and halted the attack. The North Koreans were believed to have made only $130,000—a curiously small amount, which led many to believe it was a premature release rather than an actual attack. In a bit of irony, the hacker who stopped the attack was later arrested for prior criminal activity.
Like many men of a certain age, it appears that Kim Jong Un (or at least those under him) became fascinated—or perhaps obsessed—with cryptocurrency. The regime began targeting Bitcoin and blockchain wallets, stealing currency from hapless miners and holders, using the anonymity of the technology to move their ill-gotten gains around the world. In a truly fascinating account, White details how the regime produced app after app hoping to cash in on the crypto craze, steal users’ information, and empty their wallets. As one app was discovered, they merely crafted another and released it to the public. The regime went so far as to attempt to create its own crypto-currency.
Little is known about the hackers themselves, though White does present a fascinating picture of what is known. North Koreans with mathematical aptitude are selected and trained to serve the regime’s parallel priorities—its nuclear program and hacking enterprise. A pathway to elite status, these hackers are afforded extra privileges that include international travel. Once abroad they better learn how to operate in and manipulate western society—often operating out of “hacker hotels” in places like China.
There is an underlying theme that White does not expand upon, but one cannot help but pick up—the risks of underestimating an adversary and relying on what one thinks they know about a target. Arguably, much of the Washington policy space sees North Korea as a backward, isolated, disconnected, and volatile country. While there are elements of truth in that assessment, it is not the whole story. Despite decades of sanctions, Pyongyang has steadily advanced its nuclear and ballistic missile program, including detonating a thermonuclear device and launching submarine-based missiles.
As White shows, North Korea is by design and consequence surprisingly adept at online hacking and criminal activity. It is unexpectedly agile—shifting tactics and techniques while adapting to new technologies. If one were to look at North Korea only through the preexisting lens, it would be near impossible to consider that Pyongyang would leverage cryptocurrency for its illicit activities. There is also the risk of assuming that which is seen is all there is, something White dismantles. Pyongyang’s criminal network is truly global—tapping into the Dark Web, transnational organizations like the Yakuza, and capitalizing on both witting and unwitting individuals driven by greed.
Not all policymakers suffer from this myopia. There are resident experts within the government, of course. The challenge is getting that expertise to the executive levels and, in turn, acting on that expertise. This is an issue not just with North Korea but, arguably, all policy issues. Assuming that we know everything or that our models are the right models across time is a surefire way to make bad policy and underestimate adversaries.
It is no secret that I hold a special disdain for most “thrillers” out there today: books with utterly preposterous plots, ridiculous characters, and oh-so-convenient narrative developments that save the day. Readers would be far better skipping that section of their local bookshop and head straight to the new non-fiction area to pick up White’s “The Lazarus Heist.” While I do wish there was more detail in the narratives behind the hacks, this is very much a book meant for broader audiences and here, it succeeds. It is the perfect read to close out the summer. It is a globe-trotting, criminal thriller, with geopolitical implications, glitz and glamour, high tech, life and death stakes, and, what’s more—it is all true.
a global affairs media network
The Kim Jong Un Affair
Pyongyang, North Korea. Photo by Thomas Evans via Unsplash.
September 5, 2022
The story of North Korea’s emergence as a cybercrime powerhouse is the story of North Korea itself. Joshua Huminski reviews Geoff White’s “The Lazarus Heist,” which explores how North Korea is surprisingly adept at online hacking and criminal activity.
I
t sounds like the set-up to a joke: what do a Nigerian Instagram influencer and North Korean military hackers have in common? Unfortunately, there is no punchline. As Geoff White describes in his thrilling new podcast-turned-book “The Lazarus Heist,” this connection has real-world criminal and geopolitical implications. Ramon ‘Hushpuppi’ Abbas is an “influencer” who paraded his luxurious lifestyle on Instagram and funded his habits not through brand promotion, but through scams and frauds that netted him hundreds of millions of dollars according to the U.S. Department of Justice. So far, not so uncommon—just watch “The Tinder Swindler” on Netflix. Yet, Abbas crossed paths with the North Koreans when Pyongyang sought to use him to launder funds electronically stolen from a Maltese bank—part of Pyongyang’s global cyber-crime empire—with apologies to Steve McQueen and Faye Dunaway, a sort of “Kim John Un Affair,” to borrow the title of the 1968 film (remade in 1999).
But, like all good podcasts, first a word from our sponsors. I jest. The BBC podcast was turned into a thoroughly enjoyable book. It retains that podcast charm of punchy episodes—in this case chapters—with cliffhangers that beg you to click “next episode” or continue reading, references to the listener or reader, and throwbacks to previous chapters or conversations keep the story flowing. Not that this book needs any help.
The story of North Korea’s emergence as a cybercrime powerhouse is the story of North Korea itself. In a swiftly told history, White explores how North Korea became an isolated authoritarian state dominated by successive cults of personality from Kim Il Sung through to millennial Kim Jong Un. He explores how the decisions made by the regime, its pursuit of self-reliance or juche, and its need for hard currency drove the isolated country to turn to criminal pursuits and embrace the Internet. Pyongyang embraced criminality as policy—from the forging of “superdollars” to the manufacture of crystal meth—and saw the Internet as merely another tool to support the regime’s needs, this despite it being banned within the country for everyone except elites.
White and his team travelled the world, tracking how North Korea launched attacks against Seoul. North Korea took television stations and banks offline before turning its sights on Sony Pictures to protest the release of a Seth Rogan and James Franco film, “The Interview,” in which Kim Jong Un was assassinated. Pyongyang then appeared to take a page from Sony’s playbook (undoubtedly a script they absconded with) and steal $1 billion from Bangladesh’s central bank. In a scheme that sounds like the plot from an “Ocean’s 11” sequel, North Korean hackers spoofed messages to the Federal Reserve Bank of New York requesting the transfer of funds to accounts in the Philippines, blocked the Dhaka-based bank from printing New York’s requests for confirmation, and used overlapping weekends and holidays to prevent a swift response. Were it not for a spelling mistake and the use of a bank on “Jupiter” street—which happened to share the name of a sanctioned Iranian vessel—Pyongyang would have stolen all of the funds. As it happened, they stole $101 million, transferring some to Manila and some to Sri Lanka. From there it was sent to other accounts, gambled in Macau, and physically flown out of the country.
North Korea’s next act was the release of the WannaCry ransomware, which infected over 200,000 computers—including the UK’s National Health Service—and demanded payment, in Bitcoin, to release the encrypted files. Here again, it was a bit of luck more than anything else that stopped the attack from succeeding or being much worse. The ransomware pinged a website that, if online, would halt the spread of the malicious code. A UK-based hacker found the website in question, registered it for $10, and halted the attack. The North Koreans were believed to have made only $130,000—a curiously small amount, which led many to believe it was a premature release rather than an actual attack. In a bit of irony, the hacker who stopped the attack was later arrested for prior criminal activity.
Like many men of a certain age, it appears that Kim Jong Un (or at least those under him) became fascinated—or perhaps obsessed—with cryptocurrency. The regime began targeting Bitcoin and blockchain wallets, stealing currency from hapless miners and holders, using the anonymity of the technology to move their ill-gotten gains around the world. In a truly fascinating account, White details how the regime produced app after app hoping to cash in on the crypto craze, steal users’ information, and empty their wallets. As one app was discovered, they merely crafted another and released it to the public. The regime went so far as to attempt to create its own crypto-currency.
Little is known about the hackers themselves, though White does present a fascinating picture of what is known. North Koreans with mathematical aptitude are selected and trained to serve the regime’s parallel priorities—its nuclear program and hacking enterprise. A pathway to elite status, these hackers are afforded extra privileges that include international travel. Once abroad they better learn how to operate in and manipulate western society—often operating out of “hacker hotels” in places like China.
There is an underlying theme that White does not expand upon, but one cannot help but pick up—the risks of underestimating an adversary and relying on what one thinks they know about a target. Arguably, much of the Washington policy space sees North Korea as a backward, isolated, disconnected, and volatile country. While there are elements of truth in that assessment, it is not the whole story. Despite decades of sanctions, Pyongyang has steadily advanced its nuclear and ballistic missile program, including detonating a thermonuclear device and launching submarine-based missiles.
As White shows, North Korea is by design and consequence surprisingly adept at online hacking and criminal activity. It is unexpectedly agile—shifting tactics and techniques while adapting to new technologies. If one were to look at North Korea only through the preexisting lens, it would be near impossible to consider that Pyongyang would leverage cryptocurrency for its illicit activities. There is also the risk of assuming that which is seen is all there is, something White dismantles. Pyongyang’s criminal network is truly global—tapping into the Dark Web, transnational organizations like the Yakuza, and capitalizing on both witting and unwitting individuals driven by greed.
Not all policymakers suffer from this myopia. There are resident experts within the government, of course. The challenge is getting that expertise to the executive levels and, in turn, acting on that expertise. This is an issue not just with North Korea but, arguably, all policy issues. Assuming that we know everything or that our models are the right models across time is a surefire way to make bad policy and underestimate adversaries.
It is no secret that I hold a special disdain for most “thrillers” out there today: books with utterly preposterous plots, ridiculous characters, and oh-so-convenient narrative developments that save the day. Readers would be far better skipping that section of their local bookshop and head straight to the new non-fiction area to pick up White’s “The Lazarus Heist.” While I do wish there was more detail in the narratives behind the hacks, this is very much a book meant for broader audiences and here, it succeeds. It is the perfect read to close out the summer. It is a globe-trotting, criminal thriller, with geopolitical implications, glitz and glamour, high tech, life and death stakes, and, what’s more—it is all true.
