Flashpoints | Security | East Asia
There’s more to bilateral cyber cooperation than keeping tabs on North Korean hackers.
While addressing the North Korean nuclear threat will remain a major focus of the South Korea-U.S. alliance, the addition of cybersecurity-specific language in the 2021 Biden-Moon summit suggests new collaborative measures between Washington and Seoul to diversify the alliance beyond its traditional role of deterring a second Korean War. Notably, the White House fact sheet outlining key commitments of the summit mentioned the word “cyber” a total of nine times and “nuclear” only five. But what exactly would enhancing joint cybersecurity efforts look like?
Any collaboration on cybersecurity will definitely involve mitigating the North Korean cyber threat, as Pyongyang seeks to evade U.S. economic sanctions through cyber-enabled financial crime such as distributing ransomware and hacking cryptocurrency exchanges. However, the Biden-Moon summit signaled that Pyongyang will not continue to dominate all political aspects of the South Korea-U.S. alliance.
For example, the fact sheet described establishing a Cyber-Exploitation Working Group dedicated to “ending the abuse of women online and offline” in the United States and South Korea. This builds upon preexisting efforts to expand joint cybersecurity initiatives beyond responding to North Korean cyberattacks to combat the financing of online sexual exploitation. In 2018, U.S. and South Korean law enforcement agencies successfully seized the infamous Welcome to Video darknet website, which sold hundreds of thousands of sexually exploitative videos involving children and minors from across the globe. The U.S. Internal Revenue Service (IRS) first detected suspicious Bitcoin transactions in 2017, which led to an international investigation with South Korean counterparts to track the location of the darknet server and ultimately arrest its main operator, South Korean national Jong Woo Son, in 2019. While void of specific details, the White House fact sheet mentioned how Washington and Seoul aim to “learn from past cybercrime events,” which suggests that the Welcome to Video case may serve as a model for future South Korea-U.S. collaboration on cybersecurity.
The inclusion of enhanced cybersecurity efforts within the alliance comes at a crucial time as the yearly revenue for Child Sexual Abuse Material (CSAM) continues to rise. A Chainalysis study reported that roughly $930,000 worth of cryptocurrency transactions were sent to addresses associated with CSAM providers in 2019.
The proposed South Korea-U.S. cyber working group will likely seek to enhance cooperation between the two countries’ law enforcement and national security agencies through greater capacity building and information sharing. The Korean National Policy Agency, in particular, will likely play a major role in collaborating with U.S. counterparts as it has demonstrated a vested interest in combating cyber-enabled financial crime through its involvement in the Welcome to Video case and previous commitments to financially support INTERPOL’s global law enforcement efforts against online child exploitation.
While seemingly rudimentary, establishing official and specific channels to notify and train relevant international counterparts regarding suspicious online transactions, addresses, and potential obfuscation techniques, is crucial in limiting the growth and reach of cyber-enabled transnational crime like online sexual exploitation. For the entirety of the almost 70 year-long South Korea-U.S. alliance, the North Korean security threat has dominated diplomatic discourse between Washington and Seoul. But perhaps the proposed cyber working group could provide a way for the alliance to grow outside of Pyongyang’s grasp while still keeping a watchful eye on its hackers.