charlesarthur + northkorea   27

FireEye unmasks a new North Korean threat group • Cyberscoop
Sean Lyngaas:
<p>There is a distinct and aggressive group of hackers bent on financing the North Korean regime and responsible for millions of dollars in bank heists in recent years, according to research from cybersecurity company FireEye.

The group, dubbed APT38, is distinct from other Pyongyang-linked hackers because of its overriding financial motivation — as opposed to pure espionage — and persistent targeting of banks worldwide, FireEye researchers said.

“This is an active … threat against financial institutions all around the world,” Sandra Joyce, FireEye’s vice president of global intelligence, said at a press briefing.

The group was responsible for some of the more high-profile attacks on financial institutions in the last few years, the researchers said, including the $81m heist of the Bangladesh’s central bank in February 2016, and <a href="https://www.reuters.com/article/us-far-eastern-fine/taiwans-far-eastern-international-fined-t8-million-over-swift-hacking-incident-idUSKBN1E60Y3">an attack on a Taiwanese bank</a> in October 2017.</p>


The Bangladesh bank one was widely known, but not the Taiwanese one. North Korea's GDP is so tiny, and its foreign exchange reserves so tiny that this was a smart move.
northkorea  hacking 
19 days ago by charlesarthur
Tech’s new problem: North Korea • WSJ
Wenxin Fan, Tom Wright and Alastair Gale:
<p>“It never crossed my mind” that North Koreans operated an IT business online, said Donald Ward, an Australian entrepreneur, when shown that a programmer he hired to redesign a website, who he thought was Japanese, was actually part of a North Korean crew operating in northeastern China, near the city of Shenyang.

The Journal discovered the Shenyang business after reviewing computers and other devices belonging to a North Korean operative arrested in Malaysia for suspected involvement in last year’s murder of North Korean leader Kim Jong Un’s half-brother. A car that ferried the alleged killers away from the Kuala Lumpur airport was registered to the North Korean operative, according to Malaysian investigators. The operative, who denied wrongdoing, was deported.

The operative’s electronic devices showed he had communicated with the Shenyang group about money-making ventures for North Korea, using vocabulary found only in the north’s dialect of the Korean language.

For North Korea, finding new business ventures has been crucial since the United Nations last year tightened sanctions and banned the country’s coal exports in a bid to curb Pyongyang’s nuclear-weapons and missile programs. The U.S. Treasury Department warned in July that North Koreans working abroad were selling IT services and hiding behind front companies and the anonymity provided by freelancing websites. The report offered few specifics. The Treasury on Thursday sanctioned two Russian and Chinese technology firms as revenue-generating fronts for North Korea.

Interviews with clients, plus records on Freelancer.com, help detail at least tens of thousands of dollars earned by the Shenyang group. In total, North Korea may be pulling in millions from software development with numerous fake social-media profiles, say experts who track North Korean activity. The group took payment from clients and subcontracted the jobs to programmers world-wide who say they were cut out without compensation.

“It’s a big chunk of change” for North Korea, said Andrea Berger, a North Korea specialist at the James Martin Center for Nonproliferation Studies in Monterey, Calif.</p>


Given how miniscule North Korea's economy is (smaller than Samsung Electronics's quarterly revenues, according to some estimates), Berger's not exaggerating at all.
northkorea  cyber 
5 weeks ago by charlesarthur
Exclusive: Trump told Kim Jong Un in Singapore he’d declare end to Korean War • Vox
Alex Ward:
<p>President Donald Trump told North Korean leader Kim Jong Un during their Singapore summit in June that he’d sign a declaration to end the Korean War soon after their meeting, according to multiple sources familiar with the negotiations.

But since then, the Trump administration has repeatedly asked Pyongyang to dismantle most of its nuclear arsenal first, before signing such a document.

That decision is likely what has led to the current stalemate in negotiations between the two countries — and the increasingly hostile rhetoric from North Korea.

“It makes sense why the North Koreans are angry,” one source told me. “Having Trump promise a peace declaration and then moving the goalposts and making it conditional would be seen as the US reneging on its commitments.”

Here’s the background: North Korea invaded South Korea in 1950, which started the war. The United States, as part of a United Nations force, intervened on behalf of South Korea, and China later intervened on behalf of the communist North. It was a bloody conflict that ultimately killed some 5 million soldiers and civilians.

Fighting ceased in 1953, but the warring parties only signed an armistice — a truce — which means the war technically continues to this day. Both Koreas still have troops and weaponry at or near the border, known as the Demilitarized Zone. This is one major reason North Korea has oriented its foreign policy around how to deter a future attack by the United States and South Korea, mostly by developing a strong nuclear program that includes around 65 nuclear warheads and missiles that can reach all parts of the US mainland…

…in the agreement Kim and Trump signed after their summit, two items about establishing peace between the two countries came before a denuclearization commitment, which helps explain why North Korea thinks a peace declaration should come before nuclear concessions.

But Secretary of State Mike Pompeo has repeatedly asked Pyongyang to hand over 60 to 70 percent of its nuclear warheads within six to eight months.</p>


Trump is such an idiot. He thought he could get the most paranoid nuclear dictator in the world to fall for a bait-and-switch? So that's the end of that. North Korea will go back to underground trading with China, Russia and Iran.
northkorea  trump 
7 weeks ago by charlesarthur
How North Korea could go from hermit kingdom to factory hub • Foreign Policy
Elias Groll:
<p>The summit, and the prospect of an end to international economic sanctions, could lead to a flood of foreign capital that could transform North Korea from a hermit kingdom into an economic juggernaut, concludes the study by Samsung Securities.

“If South Korea combines its wealth and industrialization knowhow with North Korea’s human and natural resources, the economies of both nations could make a quantum leap over the long term,” the authors write.

The report offers a nearly 200-page blueprint detailing how foreign capital could revamp North Korea’s battered infrastructure, strengthen its mining sector, and turn a nearly autarkic economy into a manufacturing and logistics hub thanks to its privileged position between some of the world’s biggest economies. The report riffs on the US demand for “complete, verifiable, and irreversible dismantlement” of North Korea’s nuclear program to argue instead for “complete, visible, irreversible prosperity.”

Granted, realizing the report’s vision will require overcoming a formidable list of obstacles, including a wide-ranging sanctions regime against Pyongyang, corporate reluctance to jump into an economy rife with illicit activity, and heavy-handed state control over nearly all aspects of the economy.

Iran’s disappointing bid to attract foreign investment after winning its own sanctions relief in 2016 as part of the nuclear deal is a case in point, said Jonathan Schanzer, a sanctions expert at the Foundation for Defense of Democracies, a hawkish Washington think tank.</p>


North Korea has an advantage over Iran: it's right next door to a gigantic manufacturing power. But does Kim Jong-un really want to give up his dictatorial grip? The benefits for everyone would be great. I'm hopeful, though not optimistic.
northkorea 
june 2018 by charlesarthur
North Korea is rapidly upgrading nuclear site despite summit vow • WSJ
Jonathan Cheng:
<p>North Korea is upgrading its nuclear research center at a rapid pace, new satellite imagery analysis suggests, despite Pyongyang’s commitment to denuclearization at a summit with the US this month.

The <a href="https://www.38north.org/2018/06/yongbyon062618/?mod=article_inline">analysis from 38 North</a>, a North Korea-focused website published by the Stimson Center in Washington, found that Pyongyang, in recent weeks, appears to have modified the cooling system of its plutonium-production reactor and erected a new building near the cooling tower. New construction could also be observed at the site’s experimental light-water reactor, the report said.

The satellite pictures, captured on June 21, nine days after the Singapore summit meeting between President Donald Trump and North Korean leader Kim Jong Un, showed no immediate effort to begin denuclearization at North Korea’s key nuclear research site.</p>


Oh well, we tried. Still, at least they've given up that nuclear site that collapsed. Um.
northkorea  nuclear 
june 2018 by charlesarthur
Why North Korea’s hacking should have been on the agenda at the Trump-Kim summit • Fast Company
Tim Bajarin:
<p>Prevention of nuclear war needed to be a top priority in the five-hour meeting, but to ignore the hacking threat that North Korea poses is irresponsible. The harm that could be caused by cyber warfare may seem less immediate than that from nuclear war, but it’s a major threat that could easily escalate to more direct forms of warfare.

“The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber-war capacity,” a North Korean defector told the BBC in 2015. “Their cyber attacks could have similar impacts as military attacks, killing people and destroying cities.”

North Korean hackers attacked private ATM accounts in South Korea to steal money from private citizens, and, more recently, they have been taking aim at banks around the world, including the US Federal Reserve.

The Daily Beast reported that North Korea <a href="https://www.thedailybeast.com/north-korean-hackers-may-be-developing-malware-that-could-shut-down-the-us-power-grid">may also be planning to attack the US power grid</a>, something that could paralyze our financial systems, and demobilize major cities around the country.</p>


Bajarin mentions Wannacry, but not the possibility that somebody could have died due to the ransomware infections of hospitals in the UK. (No deaths have been ascribed to it as far as I know, but it was probably a close thing.) In that sense, North Korea's cyber threat has already come much closer to killing people than its nuclear one.

By the way, I discuss North Korea's focus on hacking as a nation state priority in <a href="https://www.koganpage.com/product/cyber-wars-9780749482008">my book Cyber Wars</a>…
northkorea  hacking  security  trump 
june 2018 by charlesarthur
North Korea targeting defectors with Android malware attacks • ExtremeTech
Ryan Whitwam:
<p>North Korea has been caught tinkering with Android malware again, but this time it’s using both Facebook and Google Play to target North Korean defectors living in South Korea.

According to McAfee, North Korea’s Sun Team hackers perpetrated the attack over the last several months. They likely infected around 100 targets, which isn’t a huge number compared with most malware campaigns. However, these were all highly targeted infiltrations to gather intelligence on political opponents. There are currently around 30,000 North Korean defectors living in the south. 

The hackers used Facebook to distribute links to the malicious apps, focusing on populations and individuals who would have information about defectors. They created convincing fake profiles, often using images stolen from South Korean users as profile photos. Their posts asked the targets to download and test some Android apps hosted in the Play Store. These apps, however, were not what they appeared.

McAfee researchers found three apps uploaded by Sun Team hackers: 음식궁합 (Food Ingredients Info), Fast AppLock, and AppLockFree. All three were listed as “unreleased” in the Play Store, which kept them from garnering unwanted attention. The hackers only wanted to send specific targets to the listings. Upon installation, the apps would ask for access to contacts, SMS data, and local files before sending it all to the malware operators. This data could lead to more targets for future malware attacks, including both defectors and those who help them escape North Korea. McAfee tied the apps together as part of a single attack from the use of identical developer accounts, emails, and IP addresses.</p>


A bit amateurish, that last bit.
northkorea  hacking 
may 2018 by charlesarthur
Trump can't afford to admit his failures with North Korea • The Atlantic
David Frum:
<p>Throughout his career, Trump has coped with failure by brazenly misrepresenting failure as success.

In 1995, for example, Trump presided over the sale of the Plaza Hotel for $75m less than he had paid for it in 1988. His ownership stake had long since been extinguished, and by then he was little more than a front for the syndicate of creditors who actually controlled what remained of Trump’s portfolio after 1990, when he faced bankruptcy in all but name. Yet Trump insisted of the Plaza purchaser, “I put him through the wringer and made a great deal.”

We should probably expect the Plaza Hotel treatment for the coming Kim-Trump summit. Secretary of State Mike Pompeo has demanded “complete, verifiable, irreversible denuclearization,” or CVID in the argot of the negotiators. That will not be forthcoming. But perhaps something else will: a testing pause, maybe, or some other interim measure that can somehow be upgraded into the promised “great deal.”

The administration may have little choice by now but to carry on the pretense that it is scoring a great success in its Korea negotiations, and for two reasons.

First, US options in the Korean peninsula depend heavily on the cooperation of South Korea. Trump has now thoroughly frightened and alienated South Korean opinion. South Korea’s dovish president, Moon Jae In, was elected with only 41% of the vote. Polls now show his approval rating in the mid-70s, because of his success in drawing Trump away from “fire and fury” and toward negotiations. As Robert Kelly of Pusan National University in South Korea observes, revulsion against Trump has consolidated a dovish consensus in South Korea.

Much of the work of snookering Trump into the Kim summit has actually been done by South Koreans, not North Koreans. It was President Moon who slyly insinuated that Trump deserved a Nobel Prize for the summit—bait that Trump swallowed like a credulous guppy. In fact, it was a South Korean delegation that first put the summit idea into Trump’s head back in March. It was the South Koreans who immediately announced Trump’s impulsive “yes” answer at the very entrance to the West Wing, thus effectively locking the door behind the president before he understood the full implications of what he had done—and before he could be dissuaded by his staff and secretary of state.</p>

Frum, in common with many professional politicians, is signally unimpressed by Trump's "dealmaking" skills.
Trump  northkorea  politics 
may 2018 by charlesarthur
Senior North Korean counterintelligence official believed to have defected • intelNews.org
Joseph Fitsanakis:
<p>One of North Korea’s most senior intelligence officials, who played a major role in building Pyongyang’s nuclear weapons program, has disappeared and is believed to have defected to France or Britain, according to sources. South Korean media identified the missing official as “Mr. Kang”, and said he is a colonel in North Korea’s State Security Department (SSD), also known as Ministry of State Security. Mr. Kang, who is in his mid-50s, enjoyed a life of privilege in North Korea, because he is related to Kang Pan-sok (1892-1932), a leading North Korean communist activist and mother to the country’s late founder, Kim Il-sung.

According to South Korean reports, Kang was in charge of North Korea’s counter-espionage operations in Russia and Southeast Asia, including China. He is also believed to have facilitated secret visits to Pyongyang by foreign nuclear scientists, who helped build North Korea’s nuclear weapons program. In recent years, Kang was reportedly based in Shenyang, the largest Chinese city near the North Korean border, which is home to a sizeable ethnic Korean population. </p>


This could make the summit a little more interesting. Reckoned to have defected to Britain or France some time in February; North Korea reckoned to have a manhunt going on. He'll do well to evade the sort of <a href="https://www.nytimes.com/2017/02/23/world/asia/kim-jong-nam-vx-nerve-agent-.html">VX nerve agent murder that Kim Jong-un used on his half-brother</a>. (It's not only Russians that do that sort of thing.)
northkorea  intelligence  defection 
may 2018 by charlesarthur
Seth Rogen, in conversation • Vulture
David Marchese talks to the film writer:
<p><strong>Q: What thoughts get kicked up when you see North Korea in the news these days?</strong><br />It does kick stuff up for sure. Honestly, I really don’t think North Korea hacked SonyDirected by Rogen and Goldberg, 2014’s The Interview stars Rogen and James Franco as journalists traveling to North Korea to interview Kim Jong-un, who are co-opted by the CIA to assassinate him. In June of that year, North Korea threatened the United States, calling the film’s release an “act of war.” In November, the DPRK-affiliated group “Guardians of Peace” hacked into Sony, dropping executive salary numbers and a few unreleased films. (It also revealed a huge gender and racial gap at the company.) Sony eventually decided not to widely release the picture in theaters, and made it available as a digital rental in December 2014. .

<strong>Why’s that?</strong><br />
When the trailer for The Interview came out we were called into a meeting at Sony, where they told us that North Korea had probably already hacked into their system and seen the movie and that the statements they’d put out was their response. Then, months later, when the movie itself finally came out, all this hacking shit happened. This was months after North Korea had probably already seen the movie. Why would they wait? And they never did anything like that before and haven’t done anything like it since. So things just never quite added up. The guy I’d hired to do my cybersecurity even told me, “There’s no way this was a hack. It had to be a physical act.” The amount of stuff that was stolen would have had to have physical mass to it.

In the sense that whoever stole the information needed to have his or her hands on a server at some point?
Yeah, it wasn’t something you could’ve hacked remotely. It required plugging shit into other shit. And the hack also seemed weirdly targeted at Amy [Pascal], which seems fishy — of all the people to target? Why not me? Why not Michael Lynton? [Lynton was the CEO of Sony Pictures Entertainment at the time of the hack, and was largely spared. He’s currently the CEO at Snapchat.]</p>


Ooh, another chance to <a href="https://www.koganpage.com/product/cyber-wars-9780749482008">plug Cyber Wars</a>. (Also available on Amazon and in bookshops from Thursday.) The first chapter investigates the Sony hack. There's no doubt among security professionals that it was North Korea. Kim Jong Un wasn't going to be made fun of on the international stage just as he was working towards being an international player with his nuclear plan. Sony Pictures was hacked by North Korea.
rogen  northkorea  sony 
april 2018 by charlesarthur
As two Koreas shake hands, Hidden Cobra hackers wage espionage campaign • Ars Technica
Dan Goodin:
<p>As Kim Jong Un became the first North Korean leader to step into South Korea, his generals continue to oversee teams of increasingly advanced hackers who are actively targeting the financial, health, and entertainment industries in the US and more than a dozen other countries. The so-called GhostSecret data reconnaissance campaign, <a href="https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/">exposed Tuesday by security firm McAfee</a>, remains ongoing. It is deploying a series of previously unidentified tools designed to stealthily infect targets and gather data or possibly repeat the same type of highly destructive attacks visited upon Sony Pictures in 2014.

Last month, McAfee reported finding Bankshot, a remote-access trojan attributed to Hidden Cobra—a so-called advanced persistent threat group tied to North Korea—infecting Turkish banks. In this week's report, the security firm said the same malware was infecting organizations all over the world. McAfee researchers also found never-before-seen malware that was infecting the same organizations. One tool included many of the capabilities of Bankshot, including its ability to compromise computers that connect to the SWIFT banking network and permanently wipe data from infected computers. The tool also had digital fingerprints found in Destover, the name given to malware that was used in the Sony Pictures intrusion.

Coinciding with the McAfee discovery, according to a ThaiCERT advisory published Wednesday, Thailand officials seized a server inside the Thammasat University in Bangkok that was being used to communicate with computers infected in the GhostSecret campaign. The server used the same IP address range that was used in the Sony Pictures hack. Thai officials are in the process of analyzing the server now.</p>


North Korea might (though I doubt it) give up its nukes, but it won't give up its hacking capability, which it has identified as one of the two weapons of the 21st century. Nukes are the other.)

Massive plug: I wrote about North Korea's attitude to hacking in my upcoming book, Cyber Wars. <a href="https://www.koganpage.com/product/cyber-wars-9780749482008">You can pre-order it!</a>

Aleks Krotoski, who presents the BBC's Digital Human series, read it and calls it "A terrifying analysis of the dark cyber underworld." Can't argue with that. (Unless you buy it and read it. Then you can argue.)
northkorea  hacking 
april 2018 by charlesarthur
Inside North Korea’s hacker army • Bloomberg
Sam Kim talks to three people who defected from North Korea's program - which as they describe it seems to be about earning foreign currency by any means possible:
<p>
Lim Jong In, head of the department of cyberdefense at Korea University in Seoul and a former special adviser to South Korea’s president, says that North Korea’s hacking strategy has evolved since Jong defected. At the program’s height, he says, well over a hundred businesses believed to be fronts for North Korean hacking were working in the Chinese border cities of Shenyang and Dandong alone. China has since cracked down on these operations in an effort to comply with United Nations sanctions, but they’ve simply been moved elsewhere, to countries such as Russia and Malaysia. Their value to the regime—and to the hackers themselves—is simply too high to forgo. “North Korea kills two birds with one stone by hacking: It shores up its security posture and generates hard currency,” Lim says. “For hackers it offers a fast track to a better life at home.”

[Ex-North Korean state hacker] Jong is doing well for himself in Seoul. He blushes when congratulated for a promotion he recently received at a local software security company, saying he had to work especially hard for it. “I feel like my value as a programmer is discounted by half when I tell people I’m from North Korea,” he says. Others in the 30,000-odd defector community express similar frustrations about their outsider status; some display contempt for their adopted country’s concerns about appearances and money, and recall with pride their homeland’s penchant for bluntness.

Still, there’s no going back.</p>
Northkorea  hacking 
february 2018 by charlesarthur
The hotlines between North and South Korea •Electrospaces
The unnamed author on the modern version of the formal communications link between north and south, which was first opened in 1971:
<p>On the South Korean side, the hotline equipment is located in the communication office on the second floor of the Freedom House, which was built in 1998. On the North side, the line ends at a desk in the Panmungak building, which is less than 100 meters (328 feet) away.

The current equipment, which is seen in the most recent photos, was installed in 2009 and consists of a large, wood-panelled console on a desk. On top is a sign that says "South-North Direct Telephone". The system features disk drives, USB ports and a computer screen, which shows the Windows XP user interface. It's not clear what the function of the screen is, as there's no keyboard visible.

<img src="https://1.bp.blogspot.com/-0TBeswEkii0/WoJl-ArJVEI/AAAAAAAAD4I/qnkezwZIr70ccCXiENulbqN88u0FvhFEQCLcBGAs/s1600/korea-hotline-noclocks.jpg" width="100%" /><br /><em>Equipment of the Red Cross or border hotline on the South Korean side
(photo: YTN News)</em>

The most important parts are however two telephone handsets, one red and one green. The red one is for incoming calls from North Korea, while the South uses the green handset to make outgoing calls to the North. However, both phone sets are capable of sending and receiving, but there have been installed two of them just in case one fails.

Since 2015, the console has two digital clocks on top, as in that year North Korea shifted to UTC 08:30 or Pyongyang Time (PYT), while South Korea stayed in the UTC 09:00 or Korea Standard Time (KST) zone. The green clock shows 3:34 for South Korea and the orange/red one 3:04 for North-Korea.

Next to the hotline console there's a fax machine through which North Korea sometimes sends messages about topics that range from logistics to threats.

<img src="https://4.bp.blogspot.com/-h-JUfkdoLtg/WoNMQBOUfJI/AAAAAAAAD4w/lwa5hZ05brQxW5YBS_IRueJocflE3lEeACLcBGAs/s1600/korea-hotline-clocks3.jpg" width="100%" /></p>

Ah yes, we used to have a fax machine like that connected to head office.
communications  Northkorea 
february 2018 by charlesarthur
North Korea suspected of hatching coincheck heist • Bloomberg
Sohee Kim:
<p>South Korea’s spy agency has begun investigating the possibility that North Korean hackers orchestrated the theft of about $500m worth of digital coins from Japanese cryptocurrency exchange Coincheck Inc., said a lawmaker who attended a meeting with the head of the intelligence service.

The National Intelligence Service is investigating last month’s incident - one of the largest cryptocurrency heists in history - based on similarities with past cases associated with its northern neighbor’s cyber-attack apparatus, said the lawmaker, who didn’t want to be identified because of the sensitivity of the information. The South Korean agency is now examining the incident with cooperation from international authorities, the lawmaker added.

Cybersecurity experts say North Korea has master-minded a growing number of crypto-heists in past years, as Kim Jong Un’s hermit regime seeks capital to bankroll its nuclear weapons program and circumvent tough international sanctions. South Korean investigators are already said to be looking into Pyongyang’s involvement in the hack of Seoul-based exchange Youbit, which collapsed in December. In a recent twist, cyber-sleuths say the regime’s attacks have expanded to include hijacking computers to mine digital currencies - particularly hard-to-trace Monero.</p>

Yup, highly likely. Large amounts of foreign currency, hard to trace, freely available, loose law enforcement - it’s just what North Korea would ask for.
Northkorea  hacking  bitcoin 
february 2018 by charlesarthur
Six Chinese ships covertly aided North Korea. The US was watching • WSJ
Michael Gordon and Chun Han Wong:
<p>Satellite photographs and other intelligence gathered by U.S. officials provide what they say is detailed evidence of at least six Chinese-owned or -operated cargo ships violating United Nations sanctions against North Korea.

The U.S. compiled the information from Asian waters as part of the Trump administration’s strategy to pressure North Korea into giving up its nuclear weapons and long-range missiles.

The effort identified the ships by name and tracked their movements. The ships either entered ports in North Korea and transported what U.S. officials concluded was illicit cargo to Russia and Vietnam or made ship-to-ship transfers at sea.

According to the U.S., which presented the information to a U.N. sanctions committee, the ships also made extensive maneuvers designed to disguise their violations of the U.N. sanctions. In August, the Security Council banned North Korean exports of coal, iron ore, lead and seafood, which have generated an estimated $1bn a year in hard currency for North Korea.</p>


$1bn might not sound much, but it's a significant proportion of North Korea's GDP. Problem, though: how do you censure China effectively?
china  northkorea  sanctions 
january 2018 by charlesarthur
New cyberattack on cryptocurrency investors came from North Korea, report says • WSJ
Jonathan Cheng:
<p>A new hacking offensive against cryptocurrency investors uses malware similar to that deployed in North Korea’s attack on Sony Pictures Entertainment and its WannaCry ransomware assault, cybersecurity researchers said, providing further evidence of Pyongyang’s involvement in crypto heists.

U.S. cybersecurity firm Recorded Future <a href="https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/">in a report on Tuesday</a> identified the Lazarus group—a hacking operation with links to the North Korean regime—as behind the malware campaign, which began targeting users of a South Korean exchange in the late fall and may still be active. It isn’t known how successful the hackers were, or how much was stolen.</p>


No surprise. The only people in the world who really, really want to cash out of cryptocurrency and ignore the price or "to the moon!" nonsense are the North Koreans who have mined or hacked it, because they're so constrained for other ways to get foreign currency.
northkorea  hacking  cryptocurrency 
january 2018 by charlesarthur
North Korea is suspected in bitcoin heist • WSJ
Timothy W. Martin, Eun-Young Jeong and Steven Russolillo:
<p>Investigators in South Korea are looking into North Korea’s possible involvement in a heist from a bitcoin exchange that collapsed here on Tuesday, according to people familiar with the situation, as the sanctions-choked regime develops new ways to raise money.

The investigation into the hack, led by South Korean law enforcement and a state cybersecurity agency, is still in its infancy and a review of the malware code could take weeks, the people said.

But the people said there were telltale signs and historical evidence that North Korea, which has turned in recent years to increasingly sophisticated financial warfare, was behind the hack of Seoul-based exchange Youbit.

The same cryptocurrency exchange, operating under a different name, was targeted in April by North Korean hackers, several of the people said. Yapian, the company that operates Youbit, suspended trading and filed for bankruptcy after Tuesday’s hack.

The bitcoin heist follows similar suspected Pyongyang-directed offensives against other South Korean cryptocurrency exchanges—and an increasing number of attempts to steal from individual investors.</p>


Particularly now that bitcoin is at such a crazy price, it's a natural for North Korea's hackers. It's almost untraceable - almost, if you use the right exchanges - and it's directly usable as foreign currency, which North Korea badly needs. (It doesn't have any access to debt markets.) I'd expect to hear a lot more about NK hackers targeting bitcoin both in future and in the past.
bitcoin  northkorea  hacking 
december 2017 by charlesarthur
Trump admin calls out North Korea hackers, stays mum on Russia’s • Daily Beast
Joseph Cox:
<p>On Monday the Trump administration publicly attributed the WannaCry cyberattacks—which locked down computers in businesses, health-care institutions and governments around the world—to North Korea. Thomas P. Bossert, President Trump’s Homeland Security adviser, made the announcement in an op-ed in The Wall Street Journal, and held a White House press conference Tuesday, complete with maps showing which countries were infected by the malware epidemic.

This fanfare could not be much further from how the Trump White House has addressed the issue of Russian hacking throughout the 2016 election and beyond, even though the same intelligence agencies likely contributed to both conclusions.

“It’s striking that a campaign that for so long denied the possibility of attribution has turned into an administration that now treats it as routine enough to do it in the newspaper—when the adversary is not Russia,” Ben Buchanan, a fellow at Harvard University’s Belfer Center Cyber Security Project, told The Daily Beast.</p>


As part of the book I've been writing about hacking, I've looked into the John Podesta hack. What's remarkable is the sheer volume of straightforward attributions from both private and security groups saying that the DNC and Podesta hacks were the work of Russian groups. What's also remarkable is how the media largely ignored them, and focussed instead on the content released by those hacks. As Cox also points out, the NotPetya attack in June is attributed to Russia; howcome the Trump administration isn't calling them out?

The other question: why now? GCHQ and CERT had this pinned down to North Korea back in June. What's held up the US attribution? The logical conclusion is that this is trying to publicly make an even greater enemy of North Korea, and to make it look less foolish and more crafty - and dangerous.
trump  northkorea  wannacry 
december 2017 by charlesarthur
The world once laughed at North Korean cyberpower. No more • The New York Times
David Sanger, David Kirkpatrick and Nicole Perlroth:
<p> just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyberpotential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose.

The country’s primitive infrastructure is far less vulnerable to cyberretaliation, and North Korean hackers operate outside the country, anyway. Sanctions offer no useful response, since a raft of sanctions are already imposed. And Mr. Kim’s advisers are betting that no one will respond to a cyberattack with a military attack, for fear of a catastrophic escalation between North and South Korea.

“Cyber is a tailor-made instrument of power for them,” said Chris Inglis, a former deputy director of the National Security Agency, who now teaches about security at the United States Naval Academy. “There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use. It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.”

Mr. Inglis, speaking at the Cambridge Cyber Summit this month, added: “You could argue that they have one of the most successful cyberprograms on the planet, not because it’s technically sophisticated, but because it has achieved all of their aims at very low cost.”

It is hardly a one-way conflict: By some measures the United States and North Korea have been engaged in an active cyberconflict for years.</p>


I'm writing a book about hacking (to be published next year); one of the chapters is about the Sony Pictures hack in late 2014, which was by North Korea. At the time, lots of people dismissed the idea. But they overlooked Kim Jong-un's understanding when he took over that cyberwarfare has gigantic returns - and huge deniability. It's almost the opposite of nuclear weapons.
northkorea  hacking 
october 2017 by charlesarthur
Allies' wartime operational plan presumably stolen by N.K. hackers last year: lawmaker • Yonhap News
<p>North Korean hackers are believed to have stolen a large amount of classified military documents, including the latest South Korea-U.S. wartime operational plan, last year, a ruling party lawmaker said Tuesday.

Citing information from unnamed defense officials, Democratic Party Rep. Lee Cheol-hee said that the hackers broke into the Defense Integrated Data Center in September last year to steal the secret files, such as Operational Plans 5015 and 3100.

OPLAN 5015 is the latest Seoul-Washington scheme to handle an all-out war with Pyongyang, which reportedly contains detailed procedures to "decapitate" the North Korean leadership. OPLAN 3100 is Seoul's plan to respond to the North's localized provocations.

Lee said that 235 gigabytes of military documents were taken with the content of nearly 80 percent of them yet to be identified. Also among them were contingency plans for the South's special forces, reports to allies' top commanders, and information on key military facilities and power plants, he added.

"The Ministry of National Defense has yet to find out about the content of 182 gigabytes of the total (stolen) data," the lawmaker said in a statement.</p>


North Korea's hacking capabilities have been underestimated since 2011 - when Kim Jong-un, its youngest leader ever, who was tutored in the west, took over. Those facts aren't coincidence.
northkorea  hacking 
october 2017 by charlesarthur
How to win a nuclear standoff • FiveThirtyEight
Oliver Roeder:
<p>Imagine you’re Trump or Kim Jong Un, essentially playing a game of chicken. You’re driving at high speed directly toward your opponent who’s also racing toward you. Neither of you wants to chicken out and veer away, but neither wants to die, either. Your best strategy? Rip off your steering wheel, make sure your opponent knows you’ve done so, and hit the gas.

That’s the terrifying thing about game theory: Sometimes the most rational choice can feel like the most dangerous. And that’s a problem when there are nukes involved. In the old days, if my country had better archers than yours, you’d keep that in mind when you felt like going to war with me. But nuclear weapons don’t work like archers. They decouple raw military strength from a state’s ability to win a war. That’s why North Korea, a country smaller than Mississippi with a GDP roughly equal to Wyoming’s, gets to compete alongside a superpower like the U.S. “What matters is if they can launch ICBMs to destroy Los Angeles or Chicago or Washington or wherever,” James Fearon, a political scientist at Stanford, told me.

Either you have nukes or you don’t. Either you use nukes or you don’t. It’s not a competition with arms or battlefields any more. It’s a competition in risk taking.

Fearon is the author of a 1995 paper called “Rationalist Explanations for War.” A modern classic in its field, it begins: “The central puzzle about war, and also the main reason why we study it, is that wars are costly but nonetheless wars recur.” In the paper, Fearon argues that there are two main reasons why wars break out. First, players have private information, and incentives to misrepresent that information. Second, the players have commitment problems.

Our $100 game [in which two players write a number from 0 to 100; the higher number wins, but the lower number is used to calculate the percentage risk that both players must burn $10,000 of their own money; so if you write 100 and your opponent 99, there's a 99% chance you both burn the cash], which Fearon teaches to his undergraduates, revolves around those two ideas. My private information is my appetite for risk. How much of it am I willing to take on to try and win the $100? You have no idea, and vice versa. And neither of us can really commit to a peaceful or bellicose strategy and make the other side believe it. The secret envelope and our unceasing self-interest stops that. That’s a commitment problem.

In our $100 game and in nuclear standoff, there’s no easy way to rip out the steering wheel.</p>


Fearon says that with North Korea, people aren't sure what its $100 would be. (People aren't thinking hard enough. For North Korea, the $100 is easier trade.)
northkorea  nuclear  gametheory 
september 2017 by charlesarthur
How to take down Kim Jong Un • POLITICO Magazine
Tom Malinowski was assistant secretary of state for democracy, human rights and labo(u)r at the US State Department from 2014-2017:
<p>Kim Jong Un, like all totalitarian leaders, wants above all to ensure his survival. He is convinced that a nuclear strike capability is necessary to deter the United States and South Korea from threatening his regime, and to extract concessions that might prolong its life. There is nothing crazy about this conviction. And because the matter is existential for Kim, more economic pressure will not change his mind. His regime survived a famine and can risk economic hardship. What he apparently will not risk is following the example of Saddam Hussein and Muammar Qadhafi, who gave up nuclear programs and found themselves defenseless against foreign interventions that claimed their lives.

But there is an opportunity in Kim’s obsession with survival. While he assumes the United States would not start a catastrophic war to stop his nuclear program, he also knows that were he to start that war, the U.S. would have no reason to hold back. We could, and likely would, destroy his regime. This means that even if we can’t prevent North Korea from gaining the ability to hit us or our allies, we can deter it from actually doing so, and thus have time to pursue, by means more effective than sanctions and less dangerous than war, our ultimate goal of a reunified Korea that threatens no one.</p>


Malinowski offers a number of suggestions for what those "more effective than sanctions" options are, though personally I find them unsatisfactory, in that they're slow. (They're all things the US and South Korea are doing anyway.) A nuclear North Korea has negotiating power, so the US should negotiate with it - because it can be sure that any opening of North Korea's regime to outside trade and information will weaken it and eventually undermine it. (I made <a href="https://twitter.com/charlesarthur/status/895256515258580992">similar points in a Twitter thread</a>.)

Overall? I think that the risk of actual war with North Korea is minimal, as long as the US keeps calm. (Thanks for the link to Tim Bajarin, who has previously pointed to similar thinking about Kim Jong-un.)
northkorea  government  war 
august 2017 by charlesarthur
Opinion: why North Korea should worry the tech world • PC Magazine
Tim Bajarin:
<p>Some years back, on a trip to Asia, which included a stop in South Korea, I asked a top tech official what concerns him the most. He said the collapse of North Korea and the fact that millions of North Koreans would rush over the border and paralyze South Korea's region and economy. As a result, I have been watching North Korea's efforts to advance its nuclear program, and what I fear is more than just saber-rattling.

In April, President Trump spoke with Chinese President Xi Jinping and reportedly told him that if China doesn't help solve the North Korean problem, the US will address the issue on its own. Now, I don't profess in the slightest to know what it means to "go it alone," but as Secretary of State Rex Tillerson has said, "all options are on the table" when it comes to dealing with North Korea.

Given the fact that our current administration is unpredictable and has little experience in dealing with a crisis like the one we have in North Korea, anything is possible, including some type of strike to try and take out its nuclear sites…

…A good friend of mine, who travels to this area of the world 10 to 12 times a year and really understands the political side of these countries, says that the only way to normalize North Korea, which may sound counterintuitive, is to help it find a way to feel more secure. North Korea will focus on prosperity and abandon its nuclear ambitions only when it feels safe and a part of the northeast Asian economy. More sanctions or military action will not end well. This is a wise observation, and I would hope that our current administration has someone inside that understands this option.</p>


This point about making North Korea feel safe, rather than threatened, is counterintuitive; but it makes perfect sense.
northkorea  technology 
july 2017 by charlesarthur
Who's behind the ransomware pandemic? One small clue points to North Korea • Forbes
Thomas Fox-Brewster:
<p>The clue lies in the code. Google security researcher Neel Mehta posted a mysterious tweet linking to two samples of malware: one was WannaCry, the other a creation of a gang of hackers called the Lazarus Group, which has been linked to the catastrophic 2014 hack of Sony and attacks on the SWIFT banking system that resulted in a record $81 million cyber theft from a Bangladeshi bank. Lazarus was also said to be North Korean, according to previous analyses by numerous security firms.

After Mehta's post, Kaspersky Lab probed the code, as did Proofpoint security researcher Darien Huss and founder of Comae Technologies Matthieu Suiche. All have been actively investigating and defending the web against WannaCry and were intrigued at the possible link to North Korea.

All believe that Mehta's find could provide a clue as to the possible creators of WannaCry, which has resulted in huge downtime for hospitals in the U.K. and caused downtime in Nissan and Renault car factories, amongst other issues. But, they all note, it could be a false flag purposefully lodged in the code to lead everyone down the wrong path.</p>
google  northkorea  wannacry  ransomware 
may 2017 by charlesarthur
Trump inherits a secret cyberwar against North Korean missiles • The New York Times
David Sanger and William Broad on a US scheme to make North Korean missiles fail on liftoff:
<p>The Times inquiry began last spring as the number of the North’s missile failures soared. The investigation uncovered the military documents praising the new antimissile approach and found some pointing with photos and diagrams to North Korea as one of the most urgent targets.

After discussions with the office of the director of national intelligence last year and in recent days with Mr. Trump’s national security team, The Times agreed to withhold details of those efforts to keep North Korea from learning how to defeat them. Last fall, Mr. Kim was widely reported to have ordered an investigation into whether the United States was sabotaging North Korea’s launches, and over the past week he has executed senior security officials.

The approach taken in targeting the North Korean missiles has distinct echoes of the American- and Israeli-led sabotage of Iran’s nuclear program, the most sophisticated known use of a cyberweapon meant to cripple a nuclear threat. But even that use of the “Stuxnet” worm in Iran quickly ran into limits. It was effective for several years, until the Iranians figured it out and recovered. And Iran posed a relatively easy target: an underground nuclear enrichment plant that could be attacked repeatedly.

In North Korea, the target is much more challenging. Missiles are fired from multiple launch sites around the country and moved about on mobile launchers in an elaborate shell game meant to deceive adversaries. To strike them, timing is critical.

Advocates of the sophisticated effort to remotely manipulate data inside North Korea’s missile systems argue the United States has no real alternative because the effort to stop the North from learning the secrets of making nuclear weapons has already failed. The only hope now is stopping the country from developing an intercontinental missile, and demonstrating that destructive threat to the world.</p>


Consider next what happens if North Korea does attain a nuclear ICBM capability. And who would be negotiating.
northkorea  missile  stuxnet 
march 2017 by charlesarthur
FBI briefed on alternate Sony hack theory >> Politico
Tal Kopan:
Researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn’t point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.

The FBI says it is standing by its conclusions, but the security community says the agency has been open and receptive to help from the private sector throughout the Sony investigation.

Norse, one of the world’s leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.

Norse’s senior vice president of market development said the quickness of the FBI’s conclusion that North Korea was responsible was a red flag.


1) a riled insider or insiders is a far, far more likely path to this hack
2) there's no way in the world, now that the FBI has said that North Korea did it, and President Obama has echoed that, that the FBI or US government will ever admit to being wrong unless it is part of some gigantic diplomatic deal with North Korea. One has to wonder what NK would give the US in return for making the US eat humble pie in public.
northkorea  fbi  sony  hacking 
january 2015 by charlesarthur
North Korea experiencing severe internet outages >> Associated Press
North Korea experienced sweeping and progressively worse internet outages extending into Monday, with one computer expert saying the country's online access is "totally down." The White House and the State Department declined to say whether the U.S. government was responsible.


That's the internet in North Korea, home to 24m people, where the <a href="http://www.internetworldstats.com/asia.htm#kp">internet is available to</a>.. nobody quite knows how many people.
northkorea  internet 
december 2014 by charlesarthur

Copy this bookmark:



description:


tags: