North Koreans have obtained iPhones, Microsoft operating systems and American-made server software despite increasingly strict U.S. sanctions in recent years and used some of this technology to help launch cyberattacks on other nations, according to a report published Wednesday.
The report, by threat intelligence firm Recorded Future ahead of next week’s planned summit between President Trump and North Korea’s Kim Jong Un, suggests the reclusive nation has been able to build its technology infrastructure largely on U.S. hardware and software, despite trade restrictions.
Though U.S. officials have been tightening sanctions on North Korea for a decade, much of this technology was sold directly from the United States under rules that once permitted trade in technological goods as long as exporters first got required government licenses. Sanctions imposed under President Barack Obama in 2016 blocked trade in technology that could undermine cybersecurity, and President Trump in 2017 broadened restrictions in an executive order that targeted “technology” exports more generally.
These increasingly restrictive sanctions did not stop North Korea from acquiring key technology from U.S. sources. Some arrived before 2016, while other hardware and software was obtained more recently from companies and people evading sanctions, said Recorded Future researcher Priscilla Moriuchi.
“North Korea has professionalized sanctions evasion,” Moriuchi said. “There are gaping holes in U.S. export control regimes that are being exploited by a rogue nation.”
Transfers in recent years, she said, have come from technology middlemen or from North Koreans living abroad who bought iPhones or MacBooks at Apple stores and shipped them home — perhaps through diplomatic channels — the researchers found.
She said the research, which was based on monitoring Internet traffic flowing to and from North Korea, offered “conclusive evidence” that American technology provided at least some of the hardware and software used in cyberattacks, especially against neighboring South Korea. Evidence left in malicious software, for example, made clear it had been created using U.S. technology, she said.
Photographs have long circulated online of North Korean elites — mainly politicians, military officials and their families — appearing to use iPhones or computers running Microsoft’s Windows operating system. But the report by Recorded Future, based in Somerville, Mass., is unusual in that it monitored North Korean online traffic to determine what devices and software were transmitting identifying information to the broader Internet.
The list reads like a tally of popular tech products over the past few years, including multiple generations of iPhones from the 4S to the X, in both regular and Plus sizes. Samsung Galaxy devices — the S5, J5, S7 and S8 Plus — also made the list. Though Samsung is based in South Korea, its devices often use U.S. components and software subject to U.S. sanctions against North Korea.
For software, the research detected Windows 2000, XP, 7, 8.1 and 10, as well as Apple’s operating system for its MacBook and server software from Microsoft, IBM and Conexant.
Despite signs of recent purchases, Recorded Future found much of the American technology dates to 2014, when the United States sold $215,862 in computers and electronic goods to North Korea. That was the single largest amount among approved exports between 2002 and 2017.
More than $430,000 of such exports to North Korea were allowed during those years, the report found, citing Commerce Department data, but the flow shrank dramatically after Obama tightened sanctions in 2016.
Technology journalist Martyn Williams, who runs the North Korea Tech website from his home in Northern California and received an advance copy of the report, said U.S. technology generally is used widely in North Korea because the United States dominates much of the global technology market, and even products built elsewhere use American components or software.
“Everyone uses it because it's really difficult to build a PC that doesn’t use American stuff in it,” he said. “The vast majority of computers that we see in North Korea don’t have brand names on them.”
Moriuchi argued for stricter, more consistent application of U.S. export controls with the goal of gradually diminishing North Korea’s ability to conduct cyberattacks. Though most attacks are launched from computers based outside the country, a significant minority are launched from North Korea itself using technology from the United States, she said.
The report details how sanctions have been imposed unevenly and that several U.S. allies use different definitions in their export laws, making evasion easier.
She also said U.S. officials missed an opportunity to demonstrate the power of its export controls when Trump acted to protect Chinese device make ZTE from failing last month. The company was struggling because U.S. officials banned American companies from selling products to ZTE to penalize it for illegally exporting U.S. technology to North Korea and Iran.
“If ZTE had been allowed to fail for violating U.S. export controls, the message sent to the international community would have been huge,” Moriuchi said.