The Games They’re Sending

The whole North Korea is going to destroy you through online games premise has a perfect kind of absurdity. South Korea’s police caught a businessman trying to smuggle games developed in the North into the country—not for cultural reasons, but as a delivery system for malware. The games would collect IP addresses and player data worldwide, supposedly feeding North Korea’s cyber operations.

I can picture the pitch: Our weapon is… a game. But online games are actually excellent delivery mechanisms. Millions of players, sloppy security assumptions, easy to hide malicious code in something that looks legitimate. A cop quoted in the reporting said games and pornography are easy vectors for hackers, which is a bleak pairing that accidentally tells you everything about what people download without thinking.

The absurdity isn’t that North Korea would try this. It’s that it probably works. We’ve learned to be paranoid about email attachments and official-looking links, but a free game? Feels safe. Download it, install it, leave it running. Nobody thinks about what data a game quietly collects. North Korea’s general incompetence with basically everything—their Photoshop skills are stuck in 1993—doesn’t actually matter if the delivery mechanism works.