If North Korea is confirmed as the culprit behind the massive ransomware attack known as WannaCry, it raises a question: Why would a country so unpopular around the world risk alienating its few remaining friends?
Among the hardest hit of the 150 countries where the virus spread were China and Russia, North Korea's traditional allies and its only defenders on the U.N. Security Council. Was Pyongyang trying to send them a message, strutting its technical prowess by holding their computers hostage? Or were the motives purely mercenary rather than strategic?
"There's an obvious reason why the North would get into the ransomware business, and it's the same reason that Willie Sutton robbed banks — because that's where the money is," suggested Sue Mi Terry, a former CIA analyst on North Korea.
One of the world's poorest countries, North Korea trolls for hard currency through a multitude of criminal schemes that range from drugs to counterfeit currency to smuggling rhinoceros horns. Its missile program is also a money-making operation, but its ability to sell weapons abroad is hampered by U.N. sanctions.
"Just as North Korea proliferates almost everything under the sun for hard currency, it wouldn't surprise me if they see their hacking skills as another money-making opportunity," Terry said.
In the past, North Korea’s army of hackers has taken aim at more obvious targets. The 2014 hacking of Sony Pictures was apparently in retaliation for the film “The Interview,” a comedy in which a television journalist was recruited to assassinate North Korean leader
North Korea might now be shifting the focus of its cyberunits to making money rather than simply mischief. The North Koreans were implicated in last year's $81 million heist of the Bangladesh central bank account at the Federal Reserve. So far, this attack has been far less lucrative; as of Tuesday morning, less than $70,000 had been paid out in bitcoin.
This time, the victims included about 30,000 organizations in China, universities, hospitals, traffic police, shopping malls, gas stations and railroad stations. China is North Korea's chief protector and the source of most of its imports, including fuel oil, so it would seem an unlikely target. Some analysts have suggested that the virus spread accidentally to computer users in China and Russia, which were poorly protected because of the prevalence of pirated software, which lacked the necessary security upgrades.
"I don't have a good answer to why the North Koreans would target China or Russia," said Gi-Wook Shin, director of the Shorenstein Asia-Pacific Research Center at Stanford University.
Shin notes that North Korea's missile test on Sunday came at an embarrassing time for Chinese President Xi Jinping, who was inaugurating his signature trade policy, the Belt and Road Forum, on that same day. "They could be sending a message to China that they are going their own way," said Shin.
Despite its image as a backwater with smoke-belching vintage trucks and 1960s fashion, and despite the fact that few of its people are connected to the Internet, North Korea has nurtured an army of highly skilled hackers made up of top math students picked as young as elementary school.
Kim Heung Kwang, a North Korean computer science professor who defected to South Korea in 2004, has claimed that North Korea has 6,000 military hackers. They report to the Reconnaissance General Bureau, the elite organization that was blamed for the recent assassination of Kim Jong Un’s half brother,
"It sees the Internet as inherently weak and thus an easy target, and cyberwarfare is asymmetrically advantageous for [North Korea]," wrote the Center for Strategic and International Studies in a report last year. "As the country is almost entirely not connected to the Internet, it is much less exposed to such attacks."
"They are among the best in the world and the best organized," Gen. Vincent Brooks, now the head of U.S. forces in South Korea, told a Senate committee last year of North Korean hackers.
Still, North Korean analysts are perplexed by the allegations that the country was behind the unprecedented WannaCry attack.
"It could be counterproductive for the North Koreans. The downside is if they are really fingered and they are stealing a lot of money this way it could mobilize countries to respond against them," said Joel Wit, a former diplomat who has been involved in negotiations with the North Koreans since the 1980s. "They might have seriously miscalculated, thinking they would get a lot more money."