Counter-Terrorism: Bounties For Code Bandits

Archives

May 25, 2020: The United States has offered a $5 million reward for useful information on North Korean hackers and the North Korea hacking program in general. The North Korean hackers have been concentrating on raising cash for the North Korean ballistic missile and nuclear weapons program. Their favorite targets are banks and other financial organizations, including those that handle cryptocurrency. It is estimated that the program has taken about $2 billion so far. In the process North Korean hackers take control of PCs and local networks by infecting individual computers and having the infected machine mine new cryptocurrency when idle. Similar intrusion methods are used to encrypt hard drives and demand ransom to regain access to the data. For users without adequate backups they must either pay or remain unable to use their data.

This is not the first time bounties have been offered to catch hackers. In late 2019 the U.S. imposed sanctions on Lazarus, Andariel, and Bluenoroff, three known North Korean hacker groups. The problem with catching these hackers is the lack of information on where these groups operate from and who the key personnel are. Thus the new bounties program. Some individuals are known but these are non-North Koreans who have provided support services for the North Korean. These support individuals were often unable to identify North Korean hackers. To further complicate matters, most of the North Korean hackers operate from locations in China, where the Internet infrastructure is better suited to hacking targets around the world. The North Koreans pay Chinese police for protection and are not bothered by the secret police because the North Koreans supply the Chinese with useful information they have stolen from South Korea, Japan and other Asian and European nations. Sometimes North Korean hackers operate outside of China and information on where and who these hackers are wound be very valuable. North Korea is aware of the danger, and the temptation for some of these hackers to flee. Each hacker group is assigned a security team, whose main job is to keep the hackers from misbehaving or fleeing.

The U.S. has experience in successfully using rewards to obtain key information on bad actors. The American rewards program has been in operation since 1984, and after 2001 the rewards for key Islamic terrorists got larger and larger. Since the 1980s the program has paid out nearly $150 million to over a hundred informants. These rewards were often accompanied by the relocation of the informant and family to safer locations, sometimes the United States.

The larger rewards created a lot of new problems making the program work. The key problems were getting information about the rewards to potential informers and developing methods for making contact with potential informers, get the information and make arrangements for payment.

While it is difficult to reach known North Korean hackers in China, the U.S. has gained experience in this sort of thing while using the rewards program for known Islamic terrorists in Pakistan, or Afghan areas heavily guarded by the Taliban. More Pakistanis and Afghans began taking advantage of the reward program and living to spend the money because the Americans found ways to overcome the obstacles. That made the Taliban leadership, on both sides of the border, very uneasy. For example the U.S. has given Pakistan's main intelligence agency; ISI (Inter Service Intelligence agency), tens of millions of dollars for rewards, since September 11, 2001. The money was a reward for the capture or killing of wanted Islamic terrorists. The live ones were turned over to the United States. Pakistan says it captured over 600 of these terrorists, but the actual number is believed to be greater. The U.S. did not look closely at exactly who got the reward money.

By the late 1980s the United States was offering rewards of one to seven million dollars for information leading to the capture of terrorists, and lesser amounts to those who provided evidence against a terrorist or provided good information about a planned terrorist act. By September 11, 2001, five major terrorists had been captured because of this program. Over $6 million was been paid out in over 20 cases. Some 42 percent of the informants requested security protection and another 42 percent sought relocation for themselves and family members to another country or region to avoid retaliation.

Since then, the number of high-value people captured with this program has more than tripled and the amount of money paid out has increased even more. However, one problem with the reward program is that it does not pay attention to the realities of international terrorism. Most major terrorists, like Osama bin Laden, are well protected and hidden. Sure, there are people who know where they are and can get in contact with people around the bad guy. But an operation to nab one of these men requires a getting the message out to those who have the information, and providing informants with a realistic way to call in, and then collect.

Getting the word out is not as easy as it sounds. The FBI has undertaken several advertising campaigns in Pakistan, using matchbook covers, posters and other media to remind people in the tribal territories that rewards of up to twenty-five million dollars are being offered for prominent al Qaeda members. In addition to the cash rewards, "relocation (to another country, for the tipster and immediate family) is available". Over a dozen al Qaeda big shots have been caught this way, and rewards paid. This time around, an American al Qaeda member (Adam Yahiye Gadahn), who often appears in English language al Qaeda videos, is also sought. The proliferation of cell phone use in the tribal areas (on both sides of the border) is expected to make it easier for tipsters to make contact.

Collecting the reward is difficult. The wanted men are surrounded by bodyguards and aides. They hide out in neighborhoods or villages full of people who share their beliefs. There are also cultural problems. Most of the al Qaeda big shots who have not yet been captured or killed are known to be (or believed to be) taking refuge among pro-Taliban Pushtun tribes along the Afghan border. The people there are generally poor, illiterate and not very well informed. Many have never seen anyone outside their village or valley. Most of the people with modern gadgets (like cell phones) are working for the terrorists. The people with some education and wealth, like local tribal leaders, have to worry about their large families. Anyone who turns in a high status Islamic terrorist leader would be marked for murder if they suddenly displayed signs of wealth.

The fact is, there are lots of spies in the tribal areas. Selling information to outsiders has long been a recognized (if not entirely approved) way for a poor tribesman to make some money, or earn some valuable favors. But getting stuff out is difficult for these people, who have little privacy in their lives, and are constantly under the control of family and tribal elders. You can't just walk out, either. Wandering through the territory of another tribe or clan, as in the next valley over, can get you killed. Strangers are seen as enemies and treated accordingly.

Meanwhile, U.S. troops have learned to forget about the big payoffs, and concentrate on the small ones. As U.S. Army Special Forces operators have long known, and constantly teach the regular army troops they work with, that little favors that won't be noticed by the Taliban enforcers get you little bits of information. These bits add up, and some have led to nailing whales (guys with big prices on their heads). One of the more popular favors in the backcountry is medical care. Out there, not much is to be had. For this reason, the two medics in each Special Forces Alpha Detachment ("A-Team") have been taught to treat common maladies encountered in poor, isolated, areas. An astute diagnosis, and prompt application of some antibiotics, can save the life of someone dear to the heart of somebody else with the information you need. Sometimes the troops will bring a surgeon in, to perform a lifesaving (or life-altering) procedure. This yields much goodwill, and loosens tongues.

The big thing about medical care is that it's not as visible as a pile of cash (which usually results in something flashy being bought, and dangerous queries from the local Taliban), but it means a lot more than mere things. Pakistani or Afghan doctors don't like traveling to the tribal territories. Too dangerous. Those who can afford medical care, travel to a town or city that has it. But the U.S. and NATO soldiers have access to drugs and medical care wherever they are. Sharing it is often more valuable, or at least more practical, than a $25 million reward.

North Korea hackers and hackers, in general, belong to a different culture, or many different cultures. To make a rewards program work, you must adapt to the culture potential informants live in.