This is the first commentary of a three-part series based on key findings derived from a year-long research project investigating ways to enhance South Korea-U.S. cooperation on combating cyber-enabled financial crime. This project is conducted by the Center for a New American Security (CNAS) with the generous support of the Korea Foundation.
Key logistical and structural differences between U.S. and South Korean intelligence and law enforcement agencies restrict enhanced coordination on crucial cybersecurity vulnerabilities.
Although Washington and Seoul have previously cooperated on cyber-enabled financial crime cases, these joint efforts are often only in response to ongoing incidents and not preventative in nature. This significantly reduces their ability to predict and prevent future crimes as information sharing often occurs already after the initial hack and/or illicit cyberactivity has succeeded.
In likely response to rising levels of cyber-enabled financial crime, Washington and Seoul included specific language on creating a joint cyber working group to combat the spread of ransomware and online sexual exploitation in a May 2021 summit between U.S. President Joe Biden and South Korean President Moon Jae-in. However, the document outlining the summit failed to include coordination on issues related to the misuse of cryptocurrency and other financial technology – despite cybercriminals using crypto as a major source of financing for their illicit activity.
Dating back to roughly 2017, North Korean operatives have continuously employed ransomware to extort cryptocurrency from their victims and South Korea-based child pornography websites also request payments in cryptocurrency to view their illicit content. Including joint research and investigations on the exploitation of cryptocurrency and new financial technology is crucial to strengthening both U.S. and South Korean national security.
The United States and South Korea each possess unique strengths in combating the rise of cyber-enabled financial crime, but their true joint potential is largely untapped. For the United States, the long reach of its economic sanctions and trade restrictions can stymie the transfer of financial assets and technology needed to conduct, develop, and improve cybercrime operations. For example, in 2021, the U.S. Treasury Department sanctioned several cryptocurrency exchanges and their operators for facilitating transactions related to ransomware attacks and the Commerce Department issued a new rule barring the export and resale of “cyber intrusion software” to China and Russia, two major trading partners of North Korea, without a proper license from the U.S. Bureau of Industry and Security. These actions restrict targets from accessing the U.S. financial system, including transactions conducted in U.S. dollars, as well as their access to key technologies that can help facilitate the spread and use of malicious software.
While South Korea does not enjoy the same level of economic influence and global reach as the United States, Seoul does benefit from a greater overall understanding and exposure to cryptocurrency-related security risks. Compared to the United States, South Korean policymakers, law enforcement, and the general public possess a higher level of understanding around evolving financial technology, like cryptocurrency, and potential risks to national security. For almost a decade, North Korea has used ransomware and other malicious software to extract financial assets from the South Korean government, financial institutions, the private sector, and the average population. As such, South Korean policymakers and law enforcement have years of experience to responding to cyber-enabled financial crime. In contrast, the watershed moment for most average Americans on their awareness of ransomware happened in early May 2021 after the Colonial Pipelines hack.
On a governmental level, Seoul began to monitor the growth of cryptocurrency and virtual assets starting around 2017 with several incremental legal actions leading to a government restriction on the use of anonymous accounts in cryptocurrency trading. A year later, South Korea passed a law requiring cryptocurrency exchanges to obtain a certificate from the Korea Internet & Security Agency to continue financial operations, leading to a 2021 legislation requiring all virtual asset service provides (VASPs) to register with the Korea Financial Intelligence Unit (KFIU) to operate in South Korea.
In recent years, the United States has ramped up efforts to bring cryptocurrency and other financial technology under stricter financial regulations and legal guidelines. Most recently, Democratic Senator Elizabeth Warren and several colleagues announced a new bill entitled the “Digital Asset Sanctions Compliance Enhancement Act of 2022” to authorize the Treasury Department to sanction non-U.S.-based cryptocurrency exchanges engaging with sanctioned entities and persons. If codified into law, this bill would significantly increase U.S. capability to target illicit cyber-enabled financial activity abroad, such as cryptocurrency exchanges facilitating transactions linked to Russian, North Korean, and other sanctioned actors. Just weeks before, Biden signed an executive order outlining the first U.S. whole-of-government strategy to protect consumers, financial stability, national security, and address climate risks related to the further development of digital assets.
While there is great opportunity in enhancing cooperation between the United States and South Korea, several obstacles may delay rapid developments in the proposed South Korea-U.S. joint cyber working group.
First, new South Korean President-elect Yoon Suk-yeol vowed during his campaign to “deregulate the virtual asset industry” to allegedly promote further growth of the industry, while offering to raise the current crypto tax threshold from around $2,000 to roughly $40,000. Yoon also promised to establish a new government agency to monitor new areas of digital industry, such as cryptocurrency and non-fungible tokens (NFTs), and also allow local initial coin offerings (ICOs), the crypto equivalent to an initial public offering (IPO). This varies significantly from the current U.S. government approach, which recently named the first director of the National Cryptocurrency Enforcement Team to meet “the challenges posed by the criminal misuse of cryptocurrencies and digital assets” in close collaboration with the FBI’s new Virtual Asset Exploitation Unit. As Yoon will assume office in South Korea in May, the future level of executive support in curbing cryptocurrency-backed cybercrime remains unclear.
Second, there are major structural difference between U.S. and South Korean institutions addressing cyber-enabled financial crime that could limit enhanced coordination. In the U.S. context, typically the FBI and the Department of Justice collaborate on financial crime cases involving ransomware payments and online sexual exploitation, whereas South Korean agencies are typically siloed into tighter perimeters of engagement. For example, while the Korean National Policy Agency (KNPA) is the main domestic law enforcement agency dealing with financial crime, any illicit activity with a nexus to North Korea falls under the jurisdiction of the South Korean National Intelligence Service (NIS). The KNPA and NIS are often described as South Korean counterparts to the U.S. FBI and CIA, but these key structural differences restrict potential information sharing and logistical operations addressing real-time hacks and illicit cyber activity. Understanding these structural differences is key in ensuring that a joint South Korea-U.S. cyber working group utilizes the appropriate government agencies, expertise, and resources to maximize collaborative efforts to combat cyber-enabled financial crime.
Cyber-enabled financial crime will likely continue to rise as the global economy and its consumers become more engaged with cryptocurrency and its growing digital industry. As the United States and South Korea contemplate ways to strengthen their own national defenses against ransomware and other illicit cyber activity, the two countries can work together to cover each other’s deficiencies and expand efforts to include more cyber and crypto-related collaboration within their alliance.