Security researchers have unearthed an elaborate scheme of North Korean front companies secretly suppling advanced biometric recognition and encryption software to countries around the world. In a new report, researchers at the James Martin Center for Nonproliferation Studies say North Korea uses a web of freelancing sites, shell companies, and difficult to trace aliases to circumvent international sanctions and, most troublingly, embed state software into foreign companies, including "at least one reputable defence firm in a US-allied country."
Titled "The Shadow Sector: North Korea's Information Technology Networks," the report was produced by researchers from the Middlebury Institute of International Studies at Monterey. The researchers investigated the Korea Aprokgang Technology Company, a network of North Korean IT companies specializing in fingerprint scanners and facial recognition software. Though the Beijing-based arm of the network was penalised by the UN for violating sanctions, researchers found North Korean shell companies providing tech in Russia, Malaysia and Nigeria.
"Despite the sanctions regime, Korea Aprokgang and its affiliate companies... are able to successfully form diverse corporate partnerships and develop business in the global market for biometric security products and software," the report notes. "Crucially, it appears that a key part of their business is not the sale of physical devices, but of intangible technology transfer. This shift will only make it harder for investigators to uncover the activities of this network and others involved in the North Korean IT sector."
The report continues with a series of case studies tying freelancers and manufacturers worldwide to the Korea Aprokgang Technology Company, most infamous among them Global Communications. Abbreviated as "Glocom," the radio equipment vendor was exposed as a North Korean spy agency operating in Malaysia. Among Glocom's partners was Future Tech Group, another shell company who claims to have sold biometric technology to U.S.-allied Turkey and Switzerland as well as to at least one "US primary school."
The report paints a picture of a sprawling and invisible network, with shell companies claiming to be in operation in "China, Japan, Malaysia, India, Pakistan, Thailand, UAE, UK, Germany, France, Russia, Canada, Argentina, Nigeria and other countries." The report concludes that the online-ness of it all makes the network harder to stop.
"Intangible forms of revenue generation, like North Korea's sale of algorithms or any software development offshoring, are also intrinsically harder to stem than tangible ones," the researchers conclude. "At present, it seems that many affected clients have unwittingly engaged North Koreans. While the level of access Pyongyang may have into their customers' systems and data depends upon the services rendered, there is demonstrated potential for North Korea to exploit these relationships for its cyber activities."