Hotels and Free Wi-Fi Are Sitting Ducks for North Korean Cybercriminals

While often viewed as an expected luxury when traveling, free and/or unprotected Wi-Fi can open the digital door to a world of malicious cyber actors ranging from meddlesome hackers to North Korean cybercriminals. The dangerous combination of weak or nonexistent cybersecurity protocols, relaxed travelers and employees, and increased e-commerce and digital financial activity provide an ideal environment for cybercriminals moonlighting as ordinary guests to hack the world.

North Korea has a track record of conducting sophisticated cyberattacks from unexpected locations through highly creative means. For example, the infamous 2014 cyberattack against Sony Pictures Entertainment was later traced to The St. Regis Bangkok hotel and attributed to a North Korean cyberagent working for the notorious Lazarus Group. In other words, North Korean cybercriminals launched a destructive cyberattack against a world-renowned entertainment company using the Wi-Fi of a hotel in Thailand. Over the years, North Korean cyberattacks have been immensely successful in compromising and stealing millions of dollars from individuals, financial institutions, and cryptocurrency exchanges.

While some argue that North Korean cybercriminals still lag behind their Russian or Chinese counterparts, the fact that Pyongyang has been this successful against tech giants like the United States exposes the misconceptions surrounding their cyber capabilities. A main distinction is that while Chinese and Russian cybercriminals have greater access to advanced technologies and the global web, North Korean cybercriminals must venture outside of their country to jurisdictions with lax sanctions enforcement and cybersecurity protocols to conduct cyberattacks. And this includes hotels and commercial establishments.

Chinese-owned companies have repeatedly provided avenues for North Korean agents to operate freely under the guise of legitimate employment or joint ventures. For example, the U.S. Treasury Department designated the Dandong Hongxiang Industrial Development Company in 2016 as a major facilitator of sanctions evasions on behalf of North Korea through industrial trading, consultant services, and joint hotel management. One of the most famous ventures was the Chilbosan Hotel in Shenyang, China, which allegedly housed North Korean cyberagents for years, providing a safe haven for these cybercriminals to teach, practice, and conduct malicious cyberattacks. According to media reports, the Chilbosan Hotel was later closed within the 2017-2018 timeframe due to international pressure and regulations from the United Nations Security Council. However, this hotel in Shenyang is most likely just a drop in the ocean of numerous foreign outposts hosting North Korean cyber agents searching for ways to hone their skills and conduct additional cyberattacks.

Read the full article from The Diplomat.