Saturday February 29, 2020
Home World The Secrets O...

The Secrets Of The North Korean Hacker Army

The last component would be for governments to codify what measures would be employed as proportional responses, should additional cyberattacks

0
//
Hacking (representational Image), VOA

North Korean hackers continue to circumvent protections and compromise computer systems around the globe. Pyongyang’s cyber operatives, like the Lazarus Group, have been linked to computer system infiltrations like the 2014 Sony Pictures Studios hack prior to the release of the U.S. film “The Interview” and the attempted theft of close to $1 billion from the central Bangladesh bank using the SWIFT banking network in 2016.

But how did Pyongyang become so adept at hacking while not possessing rich resources and being under tough International sanctions?

Seungjoo Kim, a professor at Korea University’s Graduate School of Information Security says the answer, in part, is because North Korea’s computer hackers operate in China and Europe with easy access to the internet.

“North Korea practices their craft under real conditions, like hacking cryptocurrency sites or stealing information,” he said, “These repeated exercises help to improve their skills.”

As an instructor, Seungjoo Kim teaches his students how hackers invade other systems using traditional textbooks instruction. But without real-world trials, he says they can’t obtain the knowledge needed to test systems or prevent hostile attacks.

“Basically, you should teach basic computer knowledge, and then try to solve some hacking problems,” he said, adding that the best way to improve one’s computer infiltration skills is with real-time and real-world practice.

“North Korea acquires [their] knowledge by invading other systems,” said Kim.

He added that because North Korea can directly attack other countries, that effort has enabled Pyongyang to quickly develop their world-renowned hacking skills.

North Korea’s cyber army

Experts assert there are between 6,000 and 7,500 members of North Korea’s cyber army, split into a number of divisions to carry out cyberterrorism against state infrastructure, financial institutions, and the latest hijacking of defense technology.

Sony Pictures, North Korean, Computer
Pedestrians walk past an exterior wall of Sony Pictures Studios in Los Angeles, California, Dec. 4, 2014. That year, Sony became the victim of a cyber hack by North Korean operatives from the Lazarus Group. VOA

“North Korea was inspired by the Chinese cyberwar units and learned from them,” said NK Intellectuals Solidarity director Heung Kwan Kim, “Recognizing their power, North Korea set up the first unit within the central government in 1993.”

While Pyongyang’s Reconnaissance General Bureau is comprised of six divisions and overseas operations in South Korea, the United States, and Japan, it’s another bureau that is responsible for the bulk of North Korea’s cyber warfare.

“Unit 121 oversees Unit 180, Unit 91, and lab 110,” Heung Kwan Kim told VOA.

A 500-person strong Unit 121 was created in 1998, and in 2009 the group successfully carried out 77 attacks by overwhelming computer networks through unleashing an onslaught of Internet traffic.

This led Pyongyang to conclude that cyber-warfare was “the most suitable form of war” for North Korea in the modern era, according to Heung Kwan Kim.

Attacks continued throughout 2014, and in 2015. When North Korea reorganized their divisions, Unit 121 was given the mission of attacking a foreign nation’s infrastructure, such as transportation networks, telecommunications, gas, electric power, nuclear power, and aviation systems.

Bitcoin Price, Cryptocurrency surge, Computer
Bitcoins placed on dollar banknotes are seen in this illustration photo taken Nov. 6, 2017. Cryptocurrencies are attractive for North Korean hackers because they are difficult to trace back to their original owner. VOA

Unit 91’s focus was shifted to acquiring “advanced technologies needed for nuclear development and long-range missiles from developed countries.”

Finally, the role of Unit 180 was changed for it to target financial systems and to focus on block chain technology.

Cryptocurrency and blockchains

With international sanctions crippling Pyongyang’s coffers, Heung Kwan Kim said North Korea shifted their cyberattacks to private systems, rather than government networks, because the smaller entities weren’t as well protected.

“It’s a problem of North Korea’s high ability and low security,” he said.

The numerous attacks on small and private companies have led to allegations that Pyongyang is hacking into cryptocurrency exchanges to steal virtual money, like Bitcoin, said Seungjoo Kim. Stolen cryptocurrencies are attractive because they are difficult to trace back to their original owner.

In 2017, the North Korean hacking group Lazarus was accused of attacking South Korea cryptocurrency exchange Bithumb. The cyber thieves made off with nearly $7 million in digital currencies.

Bitcoin Price, Cryptocurrency surge, Computer
Experts: Cyber attacks Growing Increasingly Sophisticated. Pixabay

The hackers also obtained personal information of users stored on the compromised servers. The BBC reports North Korea was later able to ransom additional funds from the owners in exchange for deleting the data.

“Cryptocurrency is easy to steal because it moves in cyberspace,” said Seungjoo Kim.

He added, “To earn cryptocurrency in a legitimate way, cutting-edge computers are required, but North Korea doesn’t have them, so they attack computers abroad and hack mining programs.”

The hacked computers then send any virtual coins it uncovers to North Korean digital wallets they can convert to hard currency.

Also Read: $571 Mn In Cryptocurrency Stolen By North Korean Hacker Group

To curtail North Korea’s cyberattacks, he advocates a detente in the virtual world that’s similar to the easing of tensions taking place on the peninsula. However, that may be difficult, as it would require Pyongyang to admit it committed acts of cyberwarfare.

In addition, it would require “Russia and China not only participating in current real-world sanctions, cyber sanctions at the same time,” said Seungjoo Kim.

The last component, he said, would be for governments to codify what measures would be employed as proportional responses, should additional cyberattacks take place and prepare for those events. (VOA)

Next Story

Cyber Attackers May Use Ultrasonic Waves To Activate Siri, Google on Your Smartphone

These waves, the researchers found, can propagate through many solid surfaces to activate voice recognition systems and -- with the addition of some cheap hardware -- the person initiating the attack can also hear the phone's response

0
Hackers
The new research from Washington University in St. Louis expands the scope of vulnerability caused by hackers that ultrasonic waves pose to cellphone security. Pixabay

Ultrasonic waves do not make a sound, but they can still activate Siri on your cellphone and have it make calls, take images or read the contents of a text to a stranger – without the phone owner’s knowledge, suggests a new research.

Researchers have previously shown that ultrasonic waves can be used to deliver a single command through the air. However, the new research from Washington University in St. Louis expands the scope of vulnerability that ultrasonic waves pose to cellphone security.

These waves, the researchers found, can propagate through many solid surfaces to activate voice recognition systems and — with the addition of some cheap hardware — the person initiating the attack can also hear the phone’s response.

The results were presented at the Network and Distributed System Security Symposium in San Diego. “We want to raise awareness of such a threat,” said Ning Zhang, Assistant Professor of at the McKelvey School of Engineering. “I want everybody in the public to know this.”

Zhang and his co-authors were able to send “voice” commands to cellphones as they sat inconspicuously on a table, next to the owner. With the addition of a stealthily placed microphone, the researchers were able to communicate back and forth with the phone, ultimately controlling it from afar. Ultrasonic waves are sound waves in a frequency that is higher than humans can hear. Cellphone microphones, however, can and do record these higher frequencies.

“If you know how to play with the signals, you can get the phone such that when it interprets the incoming sound waves, it will think that you are saying a command,” Zhang said. To test the ability of ultrasonic waves to transmit these “commands” through solid surfaces, the research team set up a host of experiments that included a phone on a table.

Attached to the bottom of the table was a microphone and a piezoelectric transducer (PZT), which is used to convert electricity into ultrasonic waves. On the other side of the table from the phone, ostensibly hidden from the phone’s user, is a wave form generator to generate the correct signals. The team ran two tests, one to retrieve an SMS (text) passcode and another to make a fraudulent call.

The first test relied on the common virtual assistant command “read my messages” and on the use of two-factor authentication, in which a passcode is sent to a user’s phone — from a bank, for instance — to verify the user’s identity. The attacker first told the virtual assistant to turn the volume down to Level 3. At this volume, the victim did not notice their phone’s responses in an office setting with a moderate noise level.

Voice Search
Ultrasonic waves do not make a sound, but they can still activate Siri on your cellphone and have it make calls, take images or read the contents of a text to a stranger – without the phone owner’s knowledge, suggests a new research. Pixabay

Then, when a simulated message from a bank arrived, the attack device sent the “read my messages” command to the phone. The response was audible to the microphone under the table, but not to the victim.

In the second test, the attack device sent the message “call Sam with speakerphone,” initiating a call. Using the microphone under the table, the attacker was able to carry on a conversation with “Sam.” The team tested 17 different phone models, including popular iPhones, Galaxy and Moto models. All but two were vulnerable to ultrasonic wave attacks.

ALSO READ: India is The Bright Spot For HP Inc in Asia-Pacific Region, Says Top Company Executive

Ultrasonic waves made it through metal, glass and wood. Zhang said there is a simple way to keep a phone out of harm’s way of ultrasonic waves: the interlayer-based defence, which uses a soft, woven fabric to increase the “impedance mismatch.” In other words, put the phone on a tablecloth. (IANS)