Biometrics Firms Linked to North Korean Intelligence: Report

Biometrics Firms Linked to North Korean Intelligence: ReportSome of the biometric identification technologies in play around the world were secretly developed in North Korea, according to a new report from the James Martin Center for Nonproliferation Studies.

Laying out some of the key findings in an article for the Daily Beast, researcher Andrea Berger frames the issue primarily as one of sanctions evasion. North Korean firms are restricted from doing business with much of the rest of the world, and have therefore sought to conceal their national origins; to that end, they “leverage relations with foreign facilitators and middlemen, utilize opaque offshore jurisdictions, and create elaborate corporate structures,” Bergen says.

In so doing, they’ve been able to establish IT businesses spanning across Southeast Asia, Russia, Africa, and of course North Korea’s sponsor state, China. Those businesses include the sale of some pretty sophisticated security technologies: “We uncovered firms linked to Pyongyang that are developing and selling encryption technologies, virtual private networks, and software for fingerprint scanning or facial recognition,” Bergen writes.

While these revelations certainly carry political implications with respect to sanctions, they raise security concerns as well. The researchers found multiple front companies whose executives and staff have ties to Glocom, a company linked to North Korea’s intelligence agency and its nuclear program. At least one of Glocom’s front companies, Adnet, bills itself as a biometrics specialist with expertise in fingerprint, palmprint, and facial recognition, and claims its solutions are on sale in a number of countries including China, Pakistan, the UAE, Germany, France, Russia, and Canada, among others.

In other words, companies affiliated with North Korea’s intelligence apparatus are selling biometric identification products and other security solutions, posing a potentially serious threat to the data they collect. And given that North Korea has been tied to an attempted digital theft of almost a billion dollars from a Bangladesh account at the US Federal Reserve Bank, the good faith of the firms providing these data-collecting solutions cannot be trusted to any great extent.

Source: Daily Beast

May 18, 2018 – by Alex Perala