The bills are called supernotes. Their composition is three-quarters cotton and one-quarter linen paper, a challenging combination to produce. Tucked within each note are the requisite red and blue security fibers. The security stripe is exactly where it should be and, upon close inspection, so is the watermark. Ben Franklin’s apprehensive look is perfect, and betrays no indication that the currency, supposedly worth $100, is fake.

Most systems designed to catch forgeries fail to detect the supernotes. The massive counterfeiting effort that produced these bills appears to have lasted decades. Many observers tie the fake bills to North Korea, and some even hold former leader Kim Jong-Il personally responsible, citing a supposed order he gave in the 1970s, early in his rise to power. Fake hundreds, he reasoned, would simultaneously give the regime much-needed hard currency and undermine the integrity of the US economy. The self-serving fraud was also an attempt at destabilization.

At its peak, the counterfeiting effort apparently yielded at least $15 million per year for the North Korean government, according to the Congressional Research Service. The bills ended up all over the world, allegedly distributed by an aging Irish man and laundered through a small bank in Macau. The North Koreans are believed to have supplemented the forging program with other illicit efforts. These ranged from trafficking opiates and methamphetamines to selling knockoff Viagra and even smuggling parts of endangered animals in secure diplomatic pouches. All told, the Congressional Research Service estimates that the regime at one point netted more than $500 million per year from its criminal activities.

Excerpted from The Hacker and the State, by Ben Buchanan. Buy on Amazon. Courtesy of Harvard University Press

During the first decade of the 2000s, the US made great progress in thwarting North Korea’s illicit behavior, especially its counterfeiting operation. A law enforcement campaign stretching to 130 countries infiltrated the secret trafficking circles and turned up millions of dollars in bogus bills. In one dramatic scene, authorities staged a wedding off the coast of Atlantic City, New Jersey, to lure suspects and arrest them when they showed up. The US Treasury Department also deployed its expanded Patriot Act powers, levying financial sanctions on the suspect bank in Macau and freezing $25 million in assets.

The wide-reaching American operation seemed to work. By 2008, the prevalence of supernotes had declined dramatically. One FBI agent involved in the US effort offered an explanation to Vice: “If the supernotes have stopped showing up, I’d venture to say that North Korea quit counterfeiting them. Perhaps they’ve found something else that’s easier to counterfeit after they lost the distribution network for the supernote.” Under pressure from American investigators, and challenged by a 2013 redesign of the $100 bill, the North Koreans moved on to newer tricks for illicitly filling their coffers.

It should be no surprise that hacking would be one of these. As The New York Times has reported, North Korean leadership has taken care to identify promising young people and get them computer science training in China or even—undercover as diplomats to the United Nations—in the States. Once trained, the North Koreans often live abroad, frequently in China, as they carry out their cyber operations. This gives them better internet connectivity and more plausible deniability of North Korean government ties, while still keeping them out of the reach of US law enforcement.

These North Korean hackers have carried out a systematic effort to target financial institutions all over the world. Their methods are bold, though not always successful. In their most profitable operations, they have manipulated how major financial institutions connect to the international banking system. By duping components of this system into thinking their hackers are legitimate users, they have enabled the transfer of tens of millions of dollars into accounts they control. They have tampered with log files and bank transaction records, prompting a flurry of security alerts and upgrades in international financial institutions. Most publicly, and perhaps by accident, the hackers have disrupted hundreds of thousands of computers around the world in a ham-fisted effort to hold valuable data for ransom. Through their successes and failures, they learned to modify and combine their tricks, evolving their operations to be more effective.