No Future for the North Korea Fixer

An indictment by US authorities against two crypto diplomats — now added to the US Most-Wanted list — sparked an open-data investigation into how it was possible to ignore the importance of the founder of a cultural exchange organisation for so long. Alejandro Cao de Benós, a Spanish kingpin hired young and motivated people to perform sanction-breaking work. It was to aid North Korea’s sanctioned-crippled regime but also for his personal gain.

Alejandro Cao de Benós (Illustration: TJ, Photo: Zach Campbell) profited from high-end travel tours he organized. In return, he arranged crypto experts to come to NK, including those that are now investigated and accused by US authorities for sanction-breaking behavior.

All he wanted was serving North Korea, as the official spokesperson. He wanted to tell the country’s story differently. He wrote a whole book about it, his autobiographical book. But next to serving the people of North Korea (NK), the character of his story helped, above all, himself, critics say. In supplying information and technology, Alejandro Cao de Benós may have been successful in creating a mess for others while severing his own relationships with North Korea’s leaders. Benós efforts, among other things, includes organizing and publicizing a conference on cryptocurrency in Pyongyang, NK, in 2019. UN experts confirmed that he recommended obfuscation techniques to those planning to attend the conference.

Controversial crypto conference in NK, 2019, announced on Facebook, created by the Korean Friendship Association US Chapter, and announced by its Chapter in the Netherlands

Critics of the conference say it could have helped North Korean hackers and to succeed in their heist for an alleged 400 million USD. Cyber assault campaigns extracted cash from crypto currency platforms. Cryptocurrenc y hacking schemes hit western crypto markets after.

Attendees of the conference have stepped forward, to defend Virgil Griffith, a cryptocurrency expert and influencer. The US citizen was prosecuted after attending the conference, and refusing to heed advice by his country and social media commentators not to attend. Those who defend Griffith case also see little guilt on Chris Emms´s side, another non-US person next to Benos, now pursued by US authorities.

Fabio Pietrosanti attended the controversial conference, too. He has been cited by other journalists and spoke out publically that the accusations by the US are weak when it comes to the transfer of western secrets to the regime.

The Italian says the information presented was not highly secretive intelligence on technology, rather “basic knowledge of Google level”. The defense mentioned this, too. There were only a handful of technical savvy people in the audience. The topic of flouting sanctions didn’t feature much as a topic in the seminars. It is not how the US authorities make the conference look like. Another important attendee, a journalist, also defend this notion:

Ethan Lou: “His (Griffith´s) presentations were mostly speculative, farfetched and based on publicly available information. It’s unclear how serious he was — he certainly had not taken the U.S. government’s opposition to his trip seriously.

Partial Transcript of Virgil Griffith’s Remarks in North Korea

On social media, Pietrosanti vented his dissatisfaction about the Griffith case, He felt the case “has been mis-used and mis-interpreted for the arrest warrant”.

Twitter post by Fabio, who also attended the crypto conference in 2019

With open data we can confirm photos that Ethan Lou took during his trip to North Korea when he attended the conference.

Canadian journalist Ethan Lou, who took photos of where the eight foreigners were asked to take a seat during the trip to North Korea.

Image verification that Lou´s photos match those taken that feature as evidence in the files of the US Justice Department, showing that on the whiteboard, a drawn smiley and a “no sanctions” features.

Analysis by TJ

When announcing that Virgil would attend the conference, a small group of people liked his post. It is possible that some attended. Some pledged their interest to attend (names redacted).

Analyzed who liked Virgil’s Facebook post, which might suggest who else went to the conference.

Interesting also here, how Benos came into play setting up meetings. Pietrosanti efforts to build a medical software, is deemed legal under sanction law. But others advised him to lie low because he might become the next target of US authorities. An invoice, found in a UN Security Council report, can be matched to the information he offered himself to journalists (below).

Verified SC analysis: Left the UN Security Council note, a contract of 7,000Euros for IT software for medical use. Right: Interview with Pietrosanti, who confirmed his activities in NK, “looking for cheap technical talent to build an open-source medical-software tool”.

Benos, the fixer, helped to Pietrosanti to meet developers and business partners, according to a Bloomberg article from 2020.

Commentators write on Twitter, US prosecutors might also come after Pietrosanti, the Italian citizen who attended the conference and for whom Benos set up business meetings to build medical software, exempted from sanctions

Accused now by US authorities, Benós scheming is dangerous for people who get involved with his mission. For at least two other individuals it meant major trouble. In Griffith´s case, one has already been prosecuted and sentenced.

This is the story about Cao de Benós. He seemed, until recently, untouchable. Now his powers appear to be waning. Once celebrated as an expert on North Korean understanding, with his charm, he managed to dandle the demands of North Korea and to satisfy the curiosity of western parties, who wanted to peek behind NKs iron curtains. For decades, he executed his role smoothly. Now, as pressure increases, diplomatic relationships are at a low and NK´s propaganda approach experiences a tidal shift, his empire crumbles.

Why did it take so long for authorities to take him seriously? How was it possible for him to get others involved and in trouble? He got young and optimistic people engaged.

Act 1

U

Understandably, organizing the “transfer of knowledge on crypto technology” from the West to North Korea dismayed someone. At the top of the list of irritated parties sits the US, which tries to sanction North Korea for years — for issues such as trading weapons to other sanctioned regimes.

The United States built their case against Benos long before they launched their indictment and MostWanted entry, it seems. Benos activities and eel-like behavior irritated US sanction experts for years. The crypto conference may have finally given them something tangible they could get him for, so it appears. Experts at the UN security council found the cryptocurrency conference less interesting. The problematic notion US authorities preceived in the event, UN experts may not share. It was barely mentioned in the Security Council reports. They did warn people not to attend another of such conferences (that were cancelled for 2020, later anyway).

The first who felt it coming was Virgil Griffith, who participated in the 2019 crypto conference as a speaker and trainer. Griffith is an American citizen. The US authorities didn’t wait long to make their case public. In their case files, they did not specifically mention Benos and the third person, now included in Most Wanted List. It took another two years until the FBI launched their second legal campaign. Its attempt: Clamping down on the crypto tech transfer case against Benos and his crypto sidekick, a Brit by the name of Chris Emms — who remained in detention in Saudi Arabia under an Interpol red notice (however, at the times of writing, I could find neither Emms nor Benos on the Interpol Red Notice database).

Emms, now faces accusations from US prosecutors for doing Benos dirty work. The pattern on how Emms and Griffith were engaged in Benos mission reminds one of how Benos organization, the Korean Friendship Association (KFA), worked with other new recruits and other helpers — notably the young Alex Meads, who supported KFA UK until he was excommunicated. We know Emms side of the story. How he was “approached” by Benos before the conference. At least this is what he says himself (via a SkyNews interview and a YouTube clip) and what his human right lawyer Radha Stirling writes, who runs Founder & CEO at Detained in Dubai.

Interview with lawyer Emms and Stirling (link to the website)

The mix of pressure campaigns and luring matches the pattern of how other young individuals were treated, who joined the KFA. Under the UK chapter of the KFA, the Chairman Dermot Hudson enlisted Meads and fostered him to become an integral tool for the protection of Hudson and his organisation.

Meads later exited the organisation he described as a “cult”. KFA claims he made racist remarks and that Journalism outfit NKNews would be affiliated with the CIA (later repeated by disinformation publication SputnikNews), and responded to by the NKNews online publication, clarifying things (behind a paywall).

Interesting: Meads spilled the beans on Benos funding. He said that the UK chapter would have never received money from Benós nor from KFA International, the umbrella organization Benós founded.

On Facebook, KFA UK is touting North Korea's weapon development and testing

Pressure campaign against journalists

The investigative journalism outlet The Ferret reported on Hudson and the alleged environment witnessed by Meads, who was instructed to spy on journalists and their intentions to investigate KFA´s dealings. Open data shows that Hudson issued an official complaint to the IMPRESS Regulatory Committee, who dismissed it. This and Meads statements paints a dire picture on what lengths KFA members are willing to go to enforce their radical approach to defending their values and their organization.

It raises questions why Benos and his KFA colleagues were able to continue for so long, including enlisting and brainwashing new recruits.

Persona: Alejandro Cao de Benós

According to his Linkedin and other fan pages, Benós works as the “director of Business Development at M.R. Technologies”. There is a company entry that matches the bill, a company in French Guiana. called M.R. Technologies listed in Cayenne, Guyanaen, and incorporated in 2017. Cached entries of websites show the key principal to be a Silas MONNIER, with two other unknown persons.

From Benós point of view, favors paid to the NK regime — such as the organisation of the 2019 crypto conference — were selfless and to serve the NK people. But, what some cite as “special relationship” to the sanctioned dictator regime, had significant advantages for Benós, too, allowing him to profit off his special status.

Benós organized expensive travel tours — and insiders alleged he had overcharged, to pull a profit. The criticism came from within his ranks, from his own network, young diplomats, supporters of comrades in NK and people within the organization he founded: the Korean Friendship Association (KFA) — an international “non-profit organizations”, according to Linkedin, founded in Spain, with chapters in the UK, now Germany, in Switzerland, claiming offices in “Norway and Thailand”, among other locations.

KFA stated mission is “building international ties with the Democratic People’s Republic of Korea” — and moreover, tell a cleaner, neater story of the good that North Korea can offer, while omitting the bad and the ugly. The latter includes UN findings of human right breaches in NK detention camps or heavy arms trafficking to sensitive conflict zones.

And Today?

Cao de Benós has now more pressing concerns on his mind. The US authorities are now after him. He might see himself as a victim of the US sanction schemes. Together with a British citizen, he was placed on the US Most Wanted list. It was not the business activity he pursued via the KFA. But the aforementioned crypto conference where he invited and guided international cryptocurrency experts to North Korea, organized their travel arrangements. All this is in the US indictment, concluding it flouted sanction rules.

Public appearance

Alejandro Cao de Benós de Les y Pérez, with his birth name, is a peculiar character — for starters, because he is seeking the limelight. He maintains several aliases such as “Cho Son-il” or “Jo Seon Il”, and claims a title as an honorary special delegate for North Korea’s committee for cultural relations with foreign countries (which is unlikely still holding up today). He founded of the Korea Friendship Association (KFA) — and keeps running the Spanish chapter from Barcelona — thought more to upstage the KFA and self-present himself than anything else.

A book written by Cao de Benós describes in detail how he gained this special status. Few is verifiable. “Red Soul, Blue Blood: How North Korea Won Me” wants to lift the vail on “the secrets of his unusual promotion as a special delegate of the North Korean regime”, but offers little guarantees that what he writes is true. His critics say that he never really received some of those titles and made himself look bigger than he actually is.

IMDB page of Cao de Benós, appearance in The Mole, 2020

There is more that makes Benós Vitae look peculiar. After being “scammed” by an infiltrator, the well-dressed Spanish businessman did not mind the additional exposure. On his LinkedIn account, he even mentions his part in the North Korea Netflix documentary. His support there: …“to better understand the country and its people”, he writes. Benós maintains an IMDB filmography page, with other appearances on screen, possibly to appear to play with open cards and to always keep fostering his reputation as an essential link to North Korea.

If such film projects were relevant in establishing an involvement in sanction breaching activities, still appears questionable. Though, in 2020, a UN panel of experts found that Cao de Benós raised sincere questions via his appearance in the 2020 documentary “The Mole: Undercover in North Korea”. After the firm came out, the authors of the report checked with various European country authorities and found contracts. Additionally, it quotes posts shared on Facebook, now deleted, that should show that joint ventures with other countries were in the planning.

No matter if the content of the documentary is truthful (one expert told the BBC that the content seems “highly credible”) or if it was a bait played by the North Korean side in response to the bait offered by the fake arms dealer (as KFA representatives maintain), the documentary undoubtably alerted investigators of sanction authorities to ask more awkward questions.

The experts from the UN wrote they witnessed attempts by the Korea Narae Trading Corporation and its representatives — which includes Benos — to establish a joint venture in violation of relevant United Nations resolutions. The movie portrays members affiliated with the KFA and the Korea Narae Trading Corporation (which we delve in later in more detail) attempting to engage in activities related to sanction evasion — including possible arms sales and possible illicit oil sales.

Some of Benós recent activities are documented in the indictment by the US government, rasing claims against him. Conspiracy charges to violate the international economic power act are raised by the US District Court, Southern district of New York in January in an 11-page document. It exposes how Benós, together with another British conspirator, gave the North Korean regime access to “cryptocurrency and blockchain technology services”.

Benos and Korea Narae Trading Corporation

Narae Trading Corporation is an entity that is alleged to have been the vehicle to do business between NK and other non-NK entities. Under Benos control, it is deemed to be used in violatione of relevant United Nations resolutions, according to UN analysts.

UN report, 2020

Benos is the representative for the Narae Trading Corporation, according to sales contracts displayed in the annex of a report by UN security council. The Korea Narae Trading Corporation is the Pyongyang-based entity that facilitates the the acquisition of equipment and technology and there are financial links to the KFA.

Assessment of the invoice involving Korea Narae Trading Co: The ending of the email address, the domain, on the invoice — star-co.net.kp — matches other North Korean regime websites, such as flph@star-co.net.kp, an email on a website where the regime advertises travel and trade opportunities in North Korea. The firm’s phone number shown here “850–2–3815353” is not listed on any other website. The set-up of a third party business entity reminds of the Namchongang Trading Corporation. It was involved in the procurement of Japanese origin vacuum pumps that were identified at a DPRK nuclear facility, as well as nuclear-related procurement, according to information released by the UN.

In the movie The Mole, this organisation is said to work with a fictional entity, TAGA Investment Ltd, to build a factory overseas for manufacturing of the military equipment and medicines.

In an analysis for the The Nonproliferation Review, Daniel Salisbury, a research fellow at King’s College London, writes that North Korean procurement agents often use intermediaries in seemingly unrelated third countries to import high-technology goods for sanctioned programs to avoid raising red flags among exporters based in countries with advanced industrialized economies or among the governments of those countries. Factories, offices, or other locations in these third countries can be used to disassociate products such as weaponry from the sanctioned countries that produced them. Therefore third-country can be locations that are used in proliferation and arms-trafficking networks to deceive customers and vendors and to complicate the implementation and enforcement of sanctions.

Source

An earlier report by the Security Council, investigators found that the Korea Narae Trading Corporation used financial accounts linked to Benos, KFAs President.

Officially, the company is a Pyongyang-headquartered entity that facilitates the the acquisition of equipment and technology in various sectors, such as mining and hydrocarbons, in exchange for offering technical labor or work in the field — farming workers — as well as the export of North Korean food products and rare earths, among other products.

Much of the open source intelligence the Security Council collects came from the social media accounts maintained by the British chapter of the KFA. The now deleted post from November 2020 reveals possible plans on building a hotel via joint venture project “in an African country”.

Evidence used in UN Security Council report (Source: 195/211)

Verification of the open source evidence put forward by UN Security Council:

OSINT verification analysis (TJ)

The organisation lined up joint ventures “in an African country”, so the Facebook page on KFA UK site. It illustrates how the other chapters and their members, especially the one in the UK with Dermot Hudson, were involved in supporting business relationships. The above post was used as evidence in the UN Security Council report against Benos and the KFA. The KFA has claims it maintains offices in the DPRK.

KFA business

Web archive entries of websites can reveal what an organization, once online, wants to hide today. To assess the business offer by KFA International, Webarchive pages from 2018 features the tabs: “Business” and “Shop”. They later (around early 2021, long after the Crypto conference Griffith’s indictment) vanished from the website. On archived pages, under “Business”, interested parties were asked to email “korea@korea-dpr.info”, Benos email, with a subject header “SUBSCRIBE TRADE”. Benos claimed the email address on Facebook (see below).

Email address: Benos was the key figure for attracting and liaising with new business partners

Later deleted from the website, a section explained the importance of the “International Korean Business Centre”, short IKBC — a propaganda and new-business acquisition tool for setting up joint ventures, according to one academic paper from 2010 by the Korean Economics Institute.

Founded by Benos, according to NKeconwatch, IKBC-critics feared early on that with the development of the IKBC, and Benos involvement, various DPRK agencies could be blurring boundaries between the business and diplomacy.

“As access to hard currency comes to play a greater role in the DPRK system, I predict that we will see more of this kind of mission creep on the DPRK side”. — NKeconwatch

Founded by Benós, the KFA website presents an addressed letter to him from NK regime officials. It was signed by Hong Seon-ok, who presided back then as a Chairwoman. Her profile claims various roles as vice-Chairwoman of international North Korean foreign friendship groups. Hong Seon-ok was important to the buildup of the KFA. She helped to give diplomatic power to it, and by doing this, indirectly to Benos. She advocated for the organization and may have helped, at least indirectly, to broker Benos business deals between east and west.

Analysis of the letter sent in January, 2001: “the Korea-Spain Friendship Association sent a letter by post congratulating the registration of the KFA, the inauguration of korea-dpr.com and arranging the next visit to Pyongyang on April”. The number fits to the NK Committee for cultural relations with foreign countries, according to details by North Korean Economy Watch.

Open source domain tool reveal little about the real owner of the website korea-dpr.com, the official website of KFA International. Details are dedacted. The email address stated on the website, korea@korea-dpr.com, according to tool haveibeenpwned.com, has been jeopardized. It is the personal contact address for Cao de Benós, posted on his personal Facebook page.

Domain intelligence on Korea-DPR.com. The website itself has thousands of entries on the Web Archive, 8,197 entries between 2001 and 2022, illustrating the interest in sanction authorities and OSINT investigators documenting changes on the website.

Some KFA chapters, such as the one in the Netherlands, have previously posted that they refuse using, what they called “imperialist owned social media” (instead, only using Signal and email). Yet, Facebook appears to be one of the most important social media instruments, to advertise and communicate NK propaganda to its members. In recent attempts, NK officials opened Twitter accounts (source) in 2020, but which were closed soon after. The KFA International Twitter account was established in 2014, but isn’t in use. The only one who is still using Twitter extensively is Benos.

The approach to grow the KFA internationally

KFAs network is wide. On its website it claims to involve at least 41 individuals leading efforts from around the world — a list ranging from Switzerland to Sweden. The KFA is also growing. One recent addition to the network of chapters was the establishment of Germany’s KFA, including social media presence on Twitter and Facebook.

KFA Germany was founded under the organizational form of an eingetragener Verein (e.V.). Its Facebook page points to an address in Hamm, a city in North Rhine-Westphalia, the address attacked to the Hammer Computer Spende e.V., an entity organizing computers for low-income individuals. Chaired by Michael K. and Dominik P. as 2nd chairman, the duo is running the chapter with the usual tactics, such as trying to dismiss, what they call general misconceptions about life in North Korea.

No surprises there, there is no mentioning of illegal weapons trade or other sanction flouting activities, the building of weapons, and the humanitarian conditions the population sufferers from. On the economic side, the website authors claim North Korea is experiencing economic recovery. This is not the case. The NK economy suffered its biggest contraction in 23 years in 2020 due to sanctions, the pandemic and bad weather, according to Reuters.

We see also some signs that the establishment of chapters such as Germany’s relies on some boilerplate approach. New chapters are instructed on how to host social media presence and website appearance (such as, the need to offer a translation of the general misconception page) and possibly given a logo.

International representatives of KFA, among them Dermot H, Dermot Hudson, a British political activist who runs the KFA chapter in Britain and calls for fellow KFA comrades to stand in front of the American Embassy in London to protest against North Korean sanctions

The KFA in the United States might have attracted attention among authorities for years. Here the ominous person listed is a Tom S. Whether efforts by US authorities made running the US chapter more difficult is not known. However, it could have something to do that Tom chose to conceal his surname.

Any mentioning of Tom´s surname is missing. Compared with other chapter, KFA US maintains one of the strongest social media following, counting 24k followers, perhaps representing a thorn in the eye of US sanction efforts. Who first founded the US chapter is hard to say. One Reddit user based in the US, thepeoplearemygod, claimed in 2014 to have founded one chapter on a University campus.

Reddit post

More digging into Tom S. identity leads to a document on a speech at a KFA US event in 2018. Next to Tom, the chapters General Secretary, Natalie Everhart is mentioned. Everhart seems to be a pivotal person to the organisaiton, yet also stays largely anonymious (no images, no personal profile stuff). Her YouTube Channel reached more than 200,000 views and her Twitter account, counting 35.6K followers, calls “Death To Sanctions!”. She runs Defendkorea.com (called Paektu Solidarity Alliance), a wordpress site that is down at the time of publication.

Claims made by the account of Natalie Everhart that cryptocurrency theft is fake
Counterarguments presented by the UN (Security Council reports), Group IB, a cybercrime analytics outfit, and US authorities (sourced from the NYT, above), show that North Korea carried out several successful attacks against cryptocurrency exchanges, and stole more than half a billion USD. According to information by the KFA and North Korea, those attacks are western propagated disinformation campaigns, and attempts to weaken the country.

Chris Emms

Christopher Emms Twitter profile is still up, but the account deleted posts since April 2018. Emms maintains a link to Emms.ventures in his profile, an Andorra based project and connected to Decentralised Ventures, a collaboration between Malta-based Initial Coin Offering specialist TokenKey, where Emms was also involved as CEO and 2017 founded Blockchain consultancy Strategic Coin Inc (by Norman Rothstein).

Emms worked for the Korean Friendship Association, as a technical sidekick for Cao de Benós, US prosecutor documents claim. He denies that he organized anything, such as speakers as archived websites suggests. His story says the alleged engagement Benos posted without his consent.

His lawyer, founder of Detained-in-dubai, Radha Stirling writes that he denies organizing the conference with Benos. The essay is an attempt to free him from the detention in Saudi Arabia.

“Emms did not act in any way that could be construed as organising the event. The event was organised by DPRK and their Spanish representative.” — Detained-in-dubai.prowly.com

KFA USA advertised for the 2019 crypto conference. To apply for lecturing, interested parties were asked to send a picture of the passport and CV to Chris Emms Protonmail address. The website HaveIbeenpwned.com shows that this email address was found in a databreach

Where did they first meet? Emms and Cao de Benós have met before or shortly after Emms presentation on the main stage of the World Blockchain Forum in Dubai, powered by the @keynote_ae (which is now suspended). Emms talked about Maltas legal system, as back he serves as a sort of conference country representative. As managing partner at Decentralized Ventures (Dubai) but also as CEO of TokenKey. He was a trained speaker, and spoke at cryptocurrency conference at venue all across the world. In his presentations he should have spelled out highly secret instructions on how to flout sanctions. But seems rather unlikely. Emms also maintains that anything he presented was available on Google.

In an interview on Jan 22, 2018, Benos told Hardwaresfera that NK is working on (blockchain technology as an alternative solution to government or industry problems) and “not only with national engineers”. But unless the US can provide evidence that Emms provided secret intelligence to attendees, the accusations are weak, say critics.

Benos told journalists: “We are preparing exchanges and collaboration with world experts in this field. … (it) is attracting minds that want to develop safe and off-the-radar projects”. We can’t say for certain who Benos were referring to, but fact is, his lead on the organization, that was preparing and organizing such exchanges. Without him, there would have not taken place in this format. The publication date of 22 of Jan, 2018, matches roughly the time the US indictment speaks of Benos meeting Emms (see below):

Exert from the US indictment — On 25 April 2022, the documents were unsealed in the US District Court for the Southern District of New York charging Spanish citizen Benos and UK citizen Chris Emms with one count of conspiring to violate and evade US sanctions on North Korea, in violation of the International Emergency Economic Powers Act (IEEPA)

Emms holds British citizenship, and is from Surrey. He was arrested in February in Saudi Arabia and remained in detention. Open data reveals that he was director of the now-dissolved firm PAYMENT GUYS LTD (12027226) based in Malta, according to the Britain’s Companies House data. Emms Most Wanted entry reveals his birth month (October 1991), which matches company registration data.

2018, the shop of Emms relative

The question remains: Why are US prosecutors so keen to bring charges against Emms, seemingly small fish in the sanction-flouting story? After all, he is British. Why jeopardising international legal standards, effectively wasting it on such a case? Or do US prosecutors know more? There are no obvious connections to the US, except his company´s partnership with that of Rothstein, who claims is based in New York.

Emms professional Vitae is all over the place, a true global citizen: One entry on database RocketReach, mentions his Twitter profile bio entry, VP at Coinstreet Partners. Other ventures he might have been part of is Coral Defi, an Alternative Investment Platform focused on Digital Assets and Decentralized Finance Applications: based in San Juan, Puerto Rico, Moonscapecapital: Cayman-based. SkyCoin: based in Beijing, China. Bitgaming: Armenia. Coinstreet Partners in Hong Kong. Emms is also the founder of the Catholic Blockchain Association

His human right laywer maintains that her client has no explicit relationship with the US. She writes that Emms explained that he was not associated with Griffith, was not an organizer, “co-conspirator” or advisor.

Archived page, Marketing for the first crypto conference that did not take place: Open data suggests, online marketing material for the crypto conference states Emms as an organizer all over the place. It's possible that Benos, who looked after the website and email accounts, put Emms´s name on the material. Whether Emms asked for it or not is not known.

Is Emms guilty of the crimes raised in the US indictment? Was the Red Notice on Interpol justified, and complied with international laws? From open data, we know surprisingly little. In part, this may be down to Benos efforts, telling conference attendees and speakers to take down information from the internet, intelligence that might spark suspicion.

There might have been a video of some presentations at the conference, filmed by an attendee. We could not find it. Emms seemed to have been very carefully deleting some posts and social media accounts. He maintained a LinkedIn profile that is now unavailable. From archived sources, we find little indication that Emms announced his conference attendance in the same way that Virgil Griffith did.

Virgil Griffith, with his later hacked Twitter account “virgilgr” and his Facebook account (FB ID 6803277),was much more outspoken on social media. Before he travelled to NK, he addressed his followers, asking if others were keen to join him for the conference.

Daniel Chin asked in the comment section Griffith (to the post below) in which fields Griffith was looking for people to jump on board. Griffith answered: “Anything computer science, agriculture, or blockchain are easy to get in. For others, I can ask”.

Post on Facebook, inviting others to join

Nick Levay, also nicknamed Rattle, a hacker who later became Chief Security Officer at the Council on Foreign Relations, based in the US, jumps in on the comments. On Friday, April 26 (the conference ran from 18–25th, so one day after), tried to warn Griffith of the problems he might be in, writing: “…Virgil, they are using cryptocurrency. It would have been best if you didn’t go”. Griffith reasons and says “I counsel moderation in what is shared with the DPRK. If you’re a nuclear scientist, it’s best you don’t come”. Further, Griffith says that Blockchain “is not high on their priority queue”. Instead, they would be looking for people “academia skilled in applied science”.

Facebook conversation between Levay and Griffith

Griffith says he does not believe that “there is significant Bitcoin activity in North Korea. Further, he may be acknowledging that various citizens are barred from going to North Korea, based on his comment — “depending on your nationality, indeed “ — in response to a comment by Cameron Colby Thomson, a board of director member at the Human Rights Foundation, who said “this (going to NK for the conference) may be an awful or risky idea even if not a federal crime”.

Evidence from Facebook, exposing Griffith's views right after the crypto conference in 2019

The indictment claims Emms conspired with Virgil Griffith, who was arrested in 2019. But Emms claims he met Griffith only for the first time on the first day of the conference.

The US prosecutors claim that Emms “recruited” Griffith for the conference and “arranged for his travel”. Given that Benos is the North Koreas travel fixer, at least the latter — the arrangement of travel documents — seems unlikely.

Posts now deleted on Twitter: Archived screenshot provided by Jeffrey Hancock/medium article

According to Emms lawyer, Stirling, the US has no legal authority to prosecute Chris. She recommended specifically against surrendering to a foreign jurisdiction. When he was taken into custody, Emms was given legal choices. He opted for staying in Saudi Arabia.

Stirling writes in another post that the IEEPA only applies to US citizens. However, the FBI claims that since Virgil Griffith is an American citizen, Emms could be pursued “on the grounds of conspiracy because they both spoke in front of a whiteboard one afternoon in a Pyongyang conference room”.

The lawyer explaines that the whiteboard drawing that displayed a smiley face with “no sanctions” written on it, was not by Emms, but was drawn by Griffith. This can be verified, from screenshots taken from a video recorded at the conference.

Image source: US Department of Justice. In the image above, Virgil Griffith in North Korea, talking about cryptocurrency at the conference.

The US prosecution also commended on Griffith´s attire, claiming it was a military uniform. This is not correct, says Ethan Lou on Twitter, the Toronto-based journalist who attended too and took photos. Lou explainsed.

Ethan Lou, a journalist and author.

Lou says the prosecution has included it in its sentencing submission, describing it as a “military uniform” — that’s not accurate. It’s simply “an Asian-style suit” or a “Mao-style suit” as he writes later. Virgil got it after North Korea’s insular culture fascinated him so much.

Types of “Mao-style suits”, not a North Korean military uniform — a misjudgment on the side of the FBI

It is rather unlikely that Griffith would wear a North Korean military uniform. The other participants have not publicly mentioned this either.

Ethan Lou presents a valuable source for insight. He was attending and took and observed like a journalist, although journalists weren’t allowed to attend. We fact-checked his images (see below). One satellite image from April 2019 matches an image Lou took on day 4 of the conference sightseeing trip.

He characterized Griffith’s presentation as only including information that is publicly available.

There was nothing new discussed at the conference, no information presented that could not be found on page one of a Google search. The presentation materials, which had to be preapproved by the Koreans, were just publicly available research papers. I never got to hear from a single North Korean about the country’s alleged work or plans with respect to cryptocurrency — Journalist Ethan Lou

We verifiy some of the images shared in Lou`s photo thread on the trip in North Korea for the crypto conference.

OSINT geo-verification of the venue shared by Lou. It confirms the images were indeed taken in April 2019, when the conference took place (Tj)
Another photo taken by Lou: At the Grand People’s Study House, verified with images on TripAdvisor

Other social media commentators said Griffith had no scruples teaching members of the DPRK about blockchain technology. As we have seen from his Twitter and FB posts, he did invite others to come along to the conference in 2019. But does this prove that Griffith knowingly schemed to transfer know-how to the regime? One says that it was misjudgment on Griffith side. It makes the case against him look “rather weak”, says Larry Cermak in his Twitter thread, after Griffith gets arrested in 2019.

Facebook's post by Griffith, now deleted
Conversation before the 2019 crypto conference, between Nick Levay and Virgil Griffith on Facebook, shared by Cermak on Twitter

Griffith’s indictment does not mention any connection between Griffith and Emms. Emms isn’t mentioned, a strategic move by US prosecutors who were still busy building their case against Emms and Benos, that launched 2 years later.

Evidence that Griffith presented near the whiteboard that featured the smiley face and “no sanctions”. But attendees say that sanctions didnt feature in the presentations all that much. In Emms indictment he was accused of making a reference to OTC cryptocurrency exchanges. But this kind of information is publically available and it is hard to see how this could be classified as secret intelligence handed over to North Koreans.

It is worth noting that the indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law, experts point out. But until lifted, Emms remained in custody in Saudi Arabia, where we were taking in since February 4, 2022, as he travelled for the LEAP tech conference.

Turning young people into propaganda tools for the North Korea´s regime

Benos and Hudson may only dream about what some YouTubers have achieved in a few years, who propagate propaganda for North Korea. Hundreds of thousands of views on video content on social media. The success of TikTok and YouTube influencer Zoe S speaks for a different approach how to address wester viewers and retell the story of North Korea — again omitting anything bad that the totoaltarian regime perpetrated. For Benos and Hudson, and the KFA, the train has left to replicate this kind of success. Their marketing and aggressive approach is out of date.

In a Twitter thread, KareemRifai shows how young TikTokers such as Zoe are being instrumentalized for the regime’s propaganda mission. British and with an extensive resume of freelance content work, Zoe was involved in tour guide and translation work. Zoe works for Dongcheng District, Beijing — based Koryo Tours, appointed by the NK government. Her LinkedIn page shows she began work for Kyryo in 2019.

Zoe may not see any use to associate with the scandal-ridden KFA and his members. Unsurprisingly, we have not found any connection to Benos and the KFA. With more than 350.5K likes on TikTok, it appears a new era of how North Korea markets itself to the west (with the help of China) has begun. Benos, the KFA and its blog posts on 1990s style websites, won’t be a part of it.

Also, the KFA is now closely monitored by sanction authorities and the FBI. This is no secret. With Koryo Tours, China offers a competition to Benos´s travel tours offering, criticized as overpriced.

Zoe’s LinkedIn profile reveals involvement in the propaganda work for North Korea
Koryogroup offers to bring people to North Korea, rivaling travel tours offering by the KFA

Conclusion

Whether a few days of conference and some whiteboard presentations could possibly transfer exentive knowhow on crypto currency hacking and arms funding, is hard to judge. Nonetheless, sharing stuff, even intangible assets, by US citicens is a crime under US law. Surely Griffith but also perhaps also Emms should have known.

However, it is rather far fetched that North Korean hackers learned something they did not know, already. Cyber security experts accue North Korea to have stolen funds from crypto exchanges (between Jan 2017 and Sept 2018, more than 500m USD) even before the event was hosted (in 2019). Others point out that 2021 has been a very profitable year for North Korean hackers and some make a connection between the tranfer of knowledge lead by Griffith two years earlier.

In August 2019, records show that Griffith told a friend he wanted to go back to North Korea, with the plant to break sanctions. Such intentions have not been raised by Emms, at least not according to accusations shared by the FBI (Source)

Sidenote: That western hackers keep finding vulnerabilites in NKs system infrastructure shows that its North Koreas engineers might still benefit from learning one or two things.

Besides, the attendees, Emms and Griffith knew they where closely observed. FBI´s description claims that Emms is guilty of “working with an American citizen”. So far, the authorities have produced little evidence that Emms and Griffith were working closely together — other than meeting at the conference for the first time or watching their presentations. There is also little open source evidence that Emms and Griffith were talking on public forums, something one would assume prior to such a conference, if they had closely collaborated.

Virgil's Facebook post, Jan, 2019, before the conference

Despite his self-incriminating honesty, Griffith behaved rather naivly, Lou writes. He openly scouted for other to join him and adviced other US citicens to “apply for permission from the State Department”. If the US State department knew that Griffith travelled to North Korea, why didnt they intervene? Because they had no clue. Only when he came to them later with all that informaiton and “souvenirs” (whatever that means), they became alert and used all of it against him, thinks Lou.

That the authority did deny him and he deemed it nessesary to travel anyway was naive. But who encouraged him? Benos who knew how dangerous it was for US citizens to travel to NK and arranged countless NK trips before? Or Emms, who had little experience with travelling to that country himself, but who is accused of getting others to speak at the venue that Benos arranged?

Except from Lou`s account, what happened to Griffith, and that the case against him initially at least, stood on shaky grounds

Sidenote: North Korea-focused journalist Martyn William critizised ways on how US investigators got hold of Griffith´s data. Default setting in the hacking monitoring software of Palantir “allows all FBI agents access to everything from all cases”.

There is enough evidence that Benos was the Kingpin of setting up sanction breaching activities, according to information by the UN, open data as well as information stated in the indictment by the State of New York.

However, Benos empire and close ties with the regime he fostered for years might be being severed in the process. His power as kingpin might be waning. Some years ago he might have been still sitting rows behind the regimes leader Kim Jong-un (as the image he posted on Facebook some years ago depicted), but those days might be over.

After The Mole movie came out, in which the what seemed successful infiltration of Benos organisation, the KFA,was portryed, North Koreas interest to use it as a propaganda vehicle and business tool might have waned, too.

Movie “The Mole”: Whether completly truthful or just a bait, it must have been painful for NK leaders to watch it. The damage was still severe. It mirrored many of the assumptions arms dealers had, on how the regime flouts sanctions and organises its arms trade with third countries.

Less clear is the role of Emms, who had, before the 2019 Cryptocurrency conference little noticeable relationship and interest in North Korea (at least not like Griffith). His statements and that of his lawyers point to the fact that he became the punching ball between US authorities and the regime. The UN Security Council did not deem it important enough to include him on their documentation.

If the US wants to make an example out of Emms´s case, to effectively warning other crypto nerds, it seems ill-positioned. But Benos and his KFA, will undoubtably keep scoping new recruits. But with so much information out there, it might be much harder to find a replacement for an Emms, Griffith or Meads.

The US might shoot itself in the foot when pursuing to get Emms prosecuted. As non-US citicen he could to set an international example for being pusuied by a foreign country. With Emms otherwise no other direct relationship with the US, it makes a mockery of international justice and country boundary standards. At least this is what his defendants believe.

He maintains he never organized the conference. Open data suggests that he was advertised and perhaps somewhat involved by speaking, being at the scene and hosting presentations, all helping to make the conference successful.

By being the contact person for speakers who arrived etc, he played his role. But his role and involvment was deemed nessesary first and foremost by Benos and his connections to NK leaders. In this, at worst, he becomes an accomplice.

In a 2020 Bloomberg article Benos is interviewed. He mocks the reaction by the American crypto specialist Virgil Griffith and his attempt to reach out to the federal authorities, after he returned from the conference. He may have realised that he was played. Perhaps in the same way than Emms was used.

Griffith flew home to Singapore with official state souvenirs — patriotic posters and knickknacks — and “went straight to the [U.S.] embassy to say, ‘I have been to North Korea, and I give you some gifts…” Cao de Benós tells the journalist, “…breaking into a grin. The decision was unwise, in his opinion” (Interview).

It was Benos who organized for Griffith to come to the conference. He may have worked his charm to convince him to join in, despite the warning by the US authorities that did not approve his trip. Benos reaction in the interview (what sounds like sneering) tells much about his personality. Griffith later signed a plea deal, admitting to the crimes the US accused him of. But from what we know about Benos motivating character, he and Emms might falled a victim to the North Korea fixer.

Early on in the pandemic Benos posted in 2020 on Facebook, claiming the regime would continue without Covid-19. He was wrong. The country now finds itself in one of the worst states, ridden by Covid and bad economic metrics. Now with the FBI on Bens heels and a new era of North Korean influencers, the North Korea fixer my soon lose all his powers.

Appendix

Where is Benos now?

Benos is mocking observers online. On Social media he is first pretending to be in Jerusalem. Open records show recent whereabouts in Barcelona, Spain. According to Linkedin its in the greater Tarragona area, a port city located in northeast Spain on the Costa Daurada. Benos is vocal on Twitter, gives updates almost on a weekly basis. On June 4, he gave a talk in Barcelona “on the future of Korean socialism”. He also accused journalists to have “assaulted” him.

link

With a withheld passport, which he announced in May, travelling is hard. The General Council of the Judiciary in Spain is working his case, he says.

The Spanish court prevents Benos to leave the country, KFA Facebook post in 2019
Source: Twitter
Benos justifying giving critical journalist an interview
More investigators are asking questions about Benos. Benos only mocks them.
Back home in his uniform. Without travel documents, he will be stuck there for a while.

--

--

Investigative journalist with a technical edge, interested in open source investigations, satellite imgs, R, python, AI, data journalism and injustice

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Techjournalist

Techjournalist

882 Followers

Investigative journalist with a technical edge, interested in open source investigations, satellite imgs, R, python, AI, data journalism and injustice