‘Suspect Unknown’... Difficult Investigation of North Korea-Originated Hacking

Major national institutions such as courts, prosecutors, and police, as well as private companies, have suffered hacking damage originating from North Korea, but investigations and punishments are facing difficulties. It is challenging to investigate hacker groups operating overseas in countries like North Korea and China, and even if their bases are identified, there are no appropriate criminal penalties or sanctions. International cooperation is essential to catch hacker groups whose activities span the globe, but discussions on joining relevant agreements are currently at a basic level.

[Image source=Beomryul Newspaper]

According to reporting by Law Times on the 25th, the Cybercrime Investigation Division of the Seoul Eastern District Prosecutors’ Office (Chief Prosecutor Shim Hyung-seok) reviewed the police’s decision to suspend the investigation into the hacking of the court’s computer network by the North Korean hacking group ‘Lazarus’ in mid-month, concluded there was no issue, and returned the case files to the police. The prosecution also suspended investigations on cases it was conducting independently. It is known that both the prosecution and police reached these conclusions citing the unknown whereabouts of the suspects.

According to police investigation regulations, the police may decide to suspend an investigation if the suspect’s whereabouts are unknown during the investigation.

Earlier last month, a joint government investigation revealed that the North Korean hacking group ‘Lazarus’ had infiltrated the judiciary’s computer network for over two years and extracted a massive amount of data totaling 1014GB. Investigators concluded that the incident was the work of the North Korean hacking group based on the type of malware used in the crime, server payment records (virtual assets), IP addresses, and other evidence.

Experts analyze that tracking the whereabouts of overseas hacker groups is not easy, so investigations into hacker groups from North Korea, China, and other countries often result in decisions to suspend investigations. It is pointed out that a recent case involving the hacking of Daejeon Sun Hospital, which led to the leakage of personal information of employees affiliated with the courts, prosecutors’ office, and police agency, would likely reach a similar conclusion if it were the work of a North Korean hacker group.

Currently, the Cyber Terror Response Division of the National Police Agency is conducting a preliminary investigation into this case. The case became known after a user with the account name ‘Warfare’ posted personal information on overseas sites commonly used by hackers. This poster is presumed to be a member of a North Korean hacker group, as they posted a message saying, “Remember, North Korea is better.”

Although attacks by North Korean hacker groups on important national institutions and private companies have continued recently, there are also criticisms that investigations and sanctions by investigative agencies are difficult.

Not only is it difficult to track their bases, but even if their whereabouts are identified, requests for cooperation to secure suspects are complicated. Since hacker groups mainly use cryptocurrency as a channel for money laundering, investigative agencies also struggle with asset freezing and recovering criminal proceeds.

They use computer networks of multiple countries during the hacking process. By accessing networks in Europe, China, and other regions, they create confusion in tracing where the hacking occurred and which organization is responsible. Investigative agencies must track them with cooperation from each country where access traces remain.

However, discussions to establish such cooperation systems are also sluggish. Sixty-seven countries including the United States, Japan, and Australia have joined the ‘Budapest Convention’ to cooperate in international investigations in the field of cybercrime, but South Korea’s discussions on joining have not progressed. Previously, the Ministry of Foreign Affairs submitted a letter of intent to join the Budapest Convention to the Council of Europe in 2022, but it is understood that the government has not even designated the responsible department for two years.

Lim Hyun-kyung, Law Times Reporter

※This article is based on content supplied by Law Times.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.