Ms. Moriuchi, who left the National Security Agency in 2017, began tracking the internet use of the North Korean elite two and a half years ago, a period that encompassed Mr. Trump’s confrontational approach to the North, the country’s missile launches and then the stalled diplomacy that has followed the president’s three meetings with Mr. Kim.
In 2017, Ms. Moriuchi could easily see the content of the North Korean elite’s searches, most of which appeared to be for leisure: While ordinary North Koreans have access only to a restricted, in-country version of the internet, the country’s leaders and their families downloaded movies, shopped and browsed the web on nights and weekends.
But that has changed. Internet use has surged during office hours, suggesting the leadership is now using its internal networks the same way the West does: conducting daily government and private business. Now the country has developed its own version of a “virtual private network,” a technique to tunnel through the internet securely that has long been used by Western businesses to secure their transactions.
Meanwhile, the country’s efforts to encrypt data and hide its activities on the web have become far more sophisticated. And through a network of students, many in China and India, the North has learned how to exploit data that could improve its nuclear and missile programs.
The largely home-built effort to hide traffic, the report concluded, was being used to steal “data from the networks of unsuspecting targets, or as a means of circumventing government-imposed content controls.” Such methods have long been used by Chinese and Russian hackers, often working for intelligence agencies.
The North has managed to surprise the world before with its digital savvy: In November 2014, its devastating cyberattack on Sony Pictures Entertainment in an effort to kill “The Interview,” a comedy about two bumbling journalists sent by the C.I.A. to kill Mr. Kim, exposed American digital vulnerabilities. That was followed by a bold effort to steal nearly $1 billion from the Bangladesh central bank through the international financial settlement system called SWIFT. Other central bank attacks followed.
North Korea’s most famous cyberattack, using code called WannaCry, disabled the British health care system for days and created havoc elsewhere. It was based on vulnerabilities that had been stolen from the National Security Agency, and published by a group that called itself the Shadow Brokers. American officials have never publicly acknowledged their inadvertent role in fueling the attacks.