Wednesday February 26, 2020
Home Lead Story North Korean ...

North Korean Hackers Behind Surge in Cyberattacks on Banks: Report

However, if North Korea is to be believed the hacker is nothing more than a figment of the US law enforcement's imagination

0
//
cyberattack
Image source: wordpress.com

With the US-led sanctions damaging its economy, the North Korean government is using cyberattacks on banks to raise cash, according to US officials, the CNN reported.

A summit between US President Donald Trump and North Korean leader Kim Jong-un ended on Thursday with no agreement after Washington refused Pyongyang’s demands for economic sanctions relief.

It is believed that the North Koreans are turning to cybercrime to steal money due to the increasing effectiveness of sanctions.

In just a few years, the North Korean intelligence services have grown capable of stealing large sums through sophisticated methods, Anthony Ferrante, a former Federal Bureau of Investigation (FBI) and White House cybersecurity official, was quoted as saying on Friday.

Unlike hackers from other countries like Russia, Iran or China who focus more on gathering intelligence, the North Korean hackers focus on acquiring cash, added John Demers, Assistant Attorney General for National Security at the US Department of Justice.

cloudhopper,cyber attacks
A man holds a laptop computer as cyber code is projected on him in this illustration picture. VOA

“The North Koreans have quickly become the world’s most advanced and persistent digital bank robbers,” said Ferrante, now Head of Cybersecurity at FTI Consulting, a business advisory firm.

In 2018, the US Justice Department charged a North Korean computer programmer in several cases of cybercrimes over the last four years, including the $81 million Bangladesh Bank heist in 2016, the Sony Pictures hack in 2014 and WannaCry ransomware attack in 2017 that infected thousands of computers in hospitals, universities and banks in several countries around the world.

The Department of Justice said that a person named Jin Hyok Park was responsible for the attacks and Park was believed to be a member of North Korea’s military intelligence outfit the Reconnaissance General Bureau as well as a suspected member of Lazarus, a hacking group which has been linked to a string of attacks against everything from banks to government agencies across the world.

Also Read- Now You Can Activate Facebook Messenger’s ‘Dark Mode’ on Android, iOS Devices

However, if North Korea is to be believed the hacker is nothing more than a figment of the US law enforcement’s imagination.

According to a 2018 report from cybersecurity vendor Group-IB, Lazarus was behind 14 hacking attacks on cryptocurrency exchanges since January 2017 — stealing $571 million. (IANS)

Next Story

Vulnerability in 4G May Help Hackers To Impersonate You: Researchers

For a successful attack, the attacker must be in the vicinity of the victim's mobile phone, said the researchers

0
Attacker
An attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator. Pixabay

Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity.

The vulnerability — which affects virtually all mobile phones, tablets and some connected household appliances — may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but can also access websites using the victim’s identity.

For example, an attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator, said researchers from Ruhr-Universitat Bochum public university.

“An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them,” said Professor Thorsten Holz from Horst Gortz Institute for IT Security.

Only changing the hardware design would mitigate the threat. The team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out.

“Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded. That is something that will not happen in the near future,” said David Rupprecht.

The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.

However, it is possible to modify the exchanged data packets. “We don’t know what is where in the data packet, but we can trigger errors by changing bits from 0 to 1 or from 1 to 0,” said Rupprecht. By provoking such errors in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.

Hackers
Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity. Pixabay

They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider – such as a purchase command for a subscription.

The researchers from Bochum used so-called software-defined radios for the attacks. These devices enable them to relay the communication between mobile phone and base station. Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.

ALSO READ: India’s Cooperation With Russia For AI Innovation May Reach Level of Strategic Sector Soon

For a successful attack, the attacker must be in the vicinity of the victim’s mobile phone, said the researchers. (IANS)