North Korea

hackers on state service

North Korea is causing increasing fears in the world not only because of its nuclear program, but also because of the whole army of cybercriminals. Last year, her hackers tried to steal a billion dollars from the federal reserve of New York. The deception was noticed only due to a spelling mistake – instead of the word foundation, the attackers wrote a fandation. Nevertheless, hackers of Kim Jong-un managed to withdraw funds in the amount of $ 81 million.
According to US and British security officials, North Korea’s cyber-army employs more than six thousand hackers who steal hundreds of millions of dollars and arrange chaos in the world. Now the attention of Western analysts is focused on the country’s nuclear program, and many underestimate its cyberpotential. North Korea’s infrastructure is well protected against cyber attacks, in addition, its hackers mainly operate outside the country, so they can not be stopped by sanctions.
“[North Korea] has the most successful cyber program on the planet, not because it is technically advanced, but because it achieved all its goals at low cost,” said Chris Inglis, former deputy director of the NSA.
According to intelligence reports, every year North Korea earns hundreds of millions of dollars thanks to extortion programs, digital bank robberies, hacking accounts in video games and crypto- exchanges in South Korea. A representative of the leadership of British intelligence said that cyberattacks bring the country about a billion dollars a year, that is one-third of its exports.
How the army of hackers was formed.
The father of the current head of North Korea Kim Jong Il promoted the popularization of the Internet in the country. Previously, access to the network was an expensive pleasure, available only to the elite. In 2011, when Kim Jong Il died, there were about 1024 IP addresses in North Korea (less than in most quarters of New York). Initially, Kim saw the Internet as a threat to strict control of the population, but in the early 1990s his attitude changed. Then a group of specialists in computer science returned to North Korea from a business trip. It was they who suggested that Kim Jong-il use the Internet for surveillance and attacks on the United States and South Korea.
The North Korean government began to look for able students and send them for special training in computer science. In the late 1990s, the FBI noted that North Koreans working in the UN began to secretly register for programming courses in New York.
I got a call from the FBI and asked what to do, “recalls James Lewis, the former head of the cybersecurity department at the US Department of Commerce. “I told them not to do anything, but just follow [these faces] to find out what they’re up to.”
In 2011, led by North Korea stood Kim Jong Un. Under his leadership, information operations in the network turned into a weapon of war, which he began to use to commit thefts, harassment and political persecution.
A year later, information appeared that North Korea had sent its hackers abroad, mostly to China. Thus, the country was able to use large unprotected networks. A recent analysis by the Cyber Security Agency Recorded Future showed that the main activity of Korean hackers comes from India, Malaysia, New Zealand, Nepal, Kenya, Mozambique and Indonesia. In some cases, for example, if we talk about New Zealand, the hackers most likely used a proxy, but in India they were probably physically. By the way, it is from the latter country that almost one-fifth of all the cyberattacks of Pyongyang are conducted.
Now the intelligence services are trying to track down Korean hackers in all these countries using the same methods they used to search for terrorists. They are looking for their favorite hacker hotels, looking at thematic forums and trying to infect their computers with viruses.
North Korea at the same time as Iran?
For decades, Iran and North Korea have been exchanging weapons technology. In addition, American intelligence agencies have found evidence of cooperation between the two countries in the nuclear program. As for cyberattacks, Iran taught Koreans the important fact: if banks, currency exchangers, pipelines, hospitals, dams and whole cities of your enemy are connected to the network, you have unlimited possibilities to turn his life into chaos.
In August 2012, Iranian hackers attacked the Saudi company Aramco, infecting about 30,000 of its computers and 10,000 servers. The virus deleted all the data and left a part of the image with the burning US flag instead. Six months later, hackers from North Korea conducted a similar attack from China, infecting the computers of the three major banks and the two largest television channels in South Korea.
Perhaps the Korean hackers simply copied the model of the Iranians, but experts believe that Iran is likely to help North Korea, writes The New York Times.
Attacks are becoming more sophisticated.
The main task of Korean hackers is to protect the image of the country’s 33-year-old leader Kim Jong-un. In August 2014, they attacked the British channel Channel Four, after he reported that he would shoot a series about a British scientist who was captured in Pyongyang to develop nuclear weapons.
At first, the Koreans turned to the British government, calling the series “scandalous farce.” The complaint was ignored, after which the authorities found that Korean hackers could get into the system of the TV channel. Cyberattack was suppressed before it caused any damage, and the representatives of the channel promised to continue shooting the series.
But that was only the beginning. Sony Pictures Entertainment published a trailer for the comedy “Interview” about two journalists who went to Pyongyang to kill the new young dictator. The Pyongyang authorities wrote a complaint to the UN asking them to cancel the release of the film.
Then Sony began to receive threats.
In September 2014, Korean hackers penetrated Sony’s network, but the company and the US intelligence agencies did not notice it. On November 24, the Koreans launched a cyber attack on Sony: when the company’s employees came to work, they found an image of a red skeleton on the monitors of their computers. “We have captured all your internal data, including all secrets and super secrets,” read the message of the hackers. “If you do not obey us, we will show this information to the whole world.”
Malicious code destroyed 70% of information on computers and laptops of Sony Pictures. Employees of the company had to use traditional methods for communication – paper, pen and phone.
Then, North Korea decided to make money on its cyber attacks, and online banks hit the blows. In October 2015, hackers attacked the Philippines, at the end of the same year – the bank of Tien Phong in Vietnam and the Central Bank of Bangladesh. The cyberattacks became even more sophisticated: for example, a malicious program appeared on the website of the Polish Financial Inspectorate, which infected computers of certain users – employees of banks in Poland, Brazil, Chile, Estonia, Mexico, Venezuela and even the USA.
Recently, hackers from North Korea attacked the South Korean currency exchange, they also stood for the spread of the extortion program WannaCry, which suspended the work of many organizations around the world.
American experts fear that in the growing cyberwar with North Korea, the enemy can use not only cyber weapons, but also nuclear weapons. At the moment it is not clear who is leading the cyber attacks from North Korea. The Japanese press believes that this is someone named Jan Kil-soo, some call the names Gene and No Kwan Chol. The New York Times suggests that Kim Jong-un plans to defeat the US without launching a single rocket.