Slashdot Mirror

← Back to Stories (view on slashdot.org)

North Korean Hackers Hijack Computers To Mine Cryptocurrencies (bloomberg.com)

Posted by msmash on from the one-way-or-another dept.

North Korean hackers are hijacking computers to mine cryptocurrencies as the regime in Pyongyang widens its hunt for cash under tougher international sanctions. From a report: A hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins -- worth about $25,000 as of Dec. 29 -- according to Kwak Kyoung-ju, who leads a hacking analysis team at the South Korean government-backed Financial Security Institute. The case underscores the increasing appetite from cyber-attackers for digital currencies that are becoming a source of income for the Kim Jong Un regime. North Korea is accelerating its pursuit of cash abroad as the world tightens its stranglehold on its conventional sources of money with sanctions cutting oil supplies and other trade bans.

57 comments

  1. First post by kaoshin · · Score: 0

    I would have had first post, but my PC was running too slow because my browser was mining cryptocurrency.

    1. Re:First post by Anonymous Coward · · Score: 0

      Hilarious. Fucking hilarious.

    2. Re:First post by Anonymous Coward · · Score: 0

      So funny that I shat some cryptocoins!

  2. north korea should have to re pay to go olympics by Joe_Dragon · · Score: 1

    north korea should have to re pay it. If they want to go to the olympics!

  3. those wacky Norks by Anonymous Coward · · Score: 0

    Norks don't have computers. Kekekekekeke.

    1. Re:those wacky Norks by Anonymous Coward · · Score: 0

      whats a Kekekekekeke?

    2. Re:those wacky Norks by Anonymous Coward · · Score: 0

      ur ma is a hohohohohoho

  4. OpenBSD to the rescue? by Anonymous Coward · · Score: 0

    When I hear about situations like this, I have to wonder if they would have happened if OpenBSD had been used. We can't expect OpenBSD to be perfect, but it has a long, strong record of being highly secure. It has got probably the best balance between high security and usability.

    1. Re: OpenBSD to the rescue? by Anonymous Coward · · Score: 0

      Donâ(TM)t be an idiot. No one uses openBSD. Unless you are Theo. Look it was interesting in early 2000s, gave us OpenSSH etc. As a modern OS in 2018, openBSD is pretty shitty in performance when compared to comparable OS

    2. Re:OpenBSD to the rescue? by AHuxley · · Score: 1

      The code reading of OpenBSD and support for issues reported make OpenBSD one of the best OS.
      Other consumer OS brands could do better and follow the understanding of their own code in the way OpenBSD can.

      --
      Domestic spying is now "Benign Information Gathering"
  5. According to some "Kwak" by Anonymous Coward · · Score: 1

    I'll see my way out.

  6. DPRK is just an organization among many... by Anonymous Coward · · Score: 0

    There are a ton of criminal organizations looking to "borrow" CPU time on devices and computers. This isn't a real new trend, just their hacking group beating other people to the punch.

    1. Re:DPRK is just an organization among many... by FFOMelchior · · Score: 1

      Doesn't even have to be a criminal organization -- e.g. UFC which was caught with a browser-embedded miner in November.

  7. misspelled by Anonymous Coward · · Score: 3, Funny

    You misspelled Russian.

    1. Re:misspelled by Anonymous Coward · · Score: 1

      You misspelled Israeli.

    2. Re:misspelled by halivar · · Score: 1

      You misspelled Djibouti. It's the capitol of Djibouti.

  8. Dig deeper by WillAffleckUW · · Score: 1

    Actually, almost all of the ransoms are used by North Korea and Russian hackers to fund various projects.

    Follow the digital money trail.

    And then short Bitcoin.

    --
    -- Tigger warning: This post may contain tiggers! --
  9. Better than ransomeware by rsilvergun · · Score: 1

    I suppose.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  10. Great honeypot by wardrich86 · · Score: 1

    Let them waste their resources on Crypto-currencies, then run them all into the ground.

  11. Serious Question by tacokill · · Score: 4, Insightful

    How does a 3rd world country as backward as NK have elite, top of the line, hacking capability? Last I checked, they had a whole 1024 IP addresses for the whole country. There is no high tech industry there and they don't actually produce any computing or software products. I would be highly surprised if they could make a single ASIC, much less a complex and capable CPU on par with Intel/AMD.

    I ask seriously. There are many more technically capable adversaries out there but it's not them who strike successfully yet all of the "bad" hacks I've heard about over the last few years are all being attributed to DPNK

    So how do the norks have such a world class hacking capability in the middle of such a technological backwater? How is that even possible?

    1. Re:Serious Question by JackieBrown · · Score: 2

      How does a 3rd world country as backward as NK have elite, top of the line, hacking capability? Last I checked, they had a whole 1024 IP addresses for the whole country. T

      They switched to IPV6 ;)

    2. Re:Serious Question by Anonymous Coward · · Score: 0

      Because the internet is a door not a window.

    3. Re:Serious Question by SirGarlon · · Score: 1

      TL;DR it is easier to break stuff than to make stuff.

      Knowledge is easy to obtain, at least compared to building a microprocessor factory. The hardware you need to hack a remote system is pretty modest: you can run Metasploit on a three-year-old laptop.

      I am only speculating but a national scale intelligence service should be able to smuggle in the hardware from China and/or South Korea. As to recruiting the personnel, one thing totalitarian regimes are good at selecting and training talented people. People will study very hard if the penalty for failing a test is to have their toenails torn out with pliers. If necessary, their spooks can forge South Korean passports and they can educate the hackers overseas. To ensure they return, simply hold their family hostage.

      One could make a pretty good spy novel out of this, actually. Probably the reality is less exciting than what I imagine.

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    4. Re: Serious Question by Anonymous Coward · · Score: 0

      You act like hacking is hard.
      It is easier to break than to create.

      I can't code at all, doesn't mean I never broke into a computer.

      There are kids out there with no training or formal education who have their own botnets.

    5. Re:Serious Question by Anonymous Coward · · Score: 0

      Because security is our first, no second, maybe third?... Well it's on the list of priorities somewhere. NK just needs for someone to find a vulnerability and then check to see if anyone hasn't bothered to patch it yet. There are canned tools for this. It isn't rocket science.

    6. Re:Serious Question by SuricouRaven · · Score: 1

      Immunity, perhaps. State sponsored hackers don't have to worry about getting caught, so they can be reckless.

    7. Re:Serious Question by Zocalo · · Score: 2

      Probably the same reason why they can have a nuclear weapons programme; their priorities over where to spend their miniscule GDP are completely and utterly fscked up. They do send a few of their most trusted elites overseas to study, but mostly I suspect it's down to the black market and envelopes stuffed with used notes. Just as there were a lot of Soviet weapons scientists ready to fly to Pyongyang rather than face poverty after the USSR collapsed, there are almost certainly lot of black hats willing to train the appointed NORKs in the darker side of cracking.

      There's also the useful idiot / scapegoat angle, of course. A government that has trained the DPRK's hackers and an understanding of the way the DPRK operates essentially has a deniable cyberweapon they can point wherever they want just by leaking some appropriate data on the target. It's not hard to think of a few countries that might consider that black budget money well spent.

      --
      UNIX? They're not even circumcised! Savages!
    8. Re: Serious Question by TuringTest · · Score: 1

      Code can be copy-pasted with little knowledge. Also, it's likely that script-kiddies only find the activity profitable in these second world countries to the point of doing it full time; in developed countries you can get better rewards for that level of dedication.

      --
      Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
    9. Re:Serious Question by drewsup · · Score: 1

      You would be surprised at what can be accomplished with brainwashing and a gun barrel at you/loved ones heads, 99% of NK may be ass backwards, but the 1% that have education are..well, just as smart or smarter than you are, plus they have MOTIVATION, whether that is internal or externally applied doesnt matter.

    10. Re:Serious Question by edtice1559 · · Score: 1

      I imagine that there are a few things in play here. First, learning hacking is (relatively) cheap. You can setup a system, compromise it, and then re-image with no incremental cost. You should be able to get started just using information freely available on the Internet and some very cheap equipment. Second, opportunistic hacking (to mine cryptocurrencies) is much harder than targeted hacking. Basically you just do reconnaissance until you find something with a known weakness. You don't even really have to know much about the vulnerability. Finally, the hardest part of getting *good* at hacking is that one mistake and you land up in jail. If you are working for the NK state apparatus, you are beyond the reach of western law enforcement, so you can just learn from your mistakes and keep going. In terms of more capable adversaries, they probably aren't getting caught as often. They have to be more careful since they do care not to get caught. They're not trying to mine crypto-currenies or embarrass a movie production company. They're trying to infiltrate high-value systems and, even if they are successful (especially when they are successful), it is kept quiet rather than publicized.

    11. Re:Serious Question by Anonymous Coward · · Score: 0

      I suppose they buy x86 computers in neighboring countries that aren't Japan, US or S. Korea. That's not hard to procure. They also learn English at school, with some kind of standard British accent. The country always had heavy industry so they can mine their own coal and build their own coal power plants too, this is where they get most of their power from (plus a bit from presumably imported solar panels).
      Even if only one million people can access the intranet and 10,000 can access the internet that's a fair few people, plus I don't know of that many hacks attributed to North Korea. DDoS, access to unsecured servers?

      Is there much else at all? Headlines are cheap, e.g. "North Korea hacked Sony Pictures" : not much proof they did that.
      The country does have very low GDP, but like in many countries the children spend over a decade in school. They go on spending a decade in the military (they do things like build skyscrapers using conscript soldiers. When you have a large mostly unpaid workforce like that, there's a lot you can do without contributing to a GDP figure)
      The country may appear very backward on a lot of fronts but backwards or not it is very civilized. According to some article I read it's the world's poorest advanced economy - sure they can't make CPUs, can't make jet fighters but there are a lot of other things they do make be it water pumps, dams, doors, tanks, pipes, school bags, artillery chemicals and a thousand other boring and mundane things.

    12. Re:Serious Question by Opportunist · · Score: 1

      You don't need elite, top of the line hacking abilities. Yes, if you want to break into high security areas where you're facing policies that Put the C of the CIA triad (read the link before you post conspiracy bullshit, please) before the A, then yes, Otherwise you're facing the same problem the average malware jockey faces: If you don't want a specific targets, there's plenty of easy ones.

      Take a look at the OWASP Top 10. These are the 10 security issues that are considered the most critical and most common out in the field. Take a look at the 2017 edition, then 2014, then 2010. Notice something? They barely change. And believe it or not, the number 1, top level security issue has not changed since 2003.

      If companies considered security at least a tertiary priority, do you think the most critical, most widespread and most common security issue would still be an issue? Or at least still be number 1?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    13. Re:Serious Question by AHuxley · · Score: 1

      Re 'How is that even possible?"
      Japan, the NSA and GCHQ keep access to the web wide open and fast for their own reasons.
      Without the ability to be on the web the CIA code litter does not sell well to the tame waiting media.
      "CIA anti-forensics tool that makes Uncle Sam seem fluent in enemy tongues" https://www.theregister.co.uk/...
      "... pretend that the malware was created by a speaker of a range of foreign languages ... Korean .... "
      For a good propaganda to work, the big pipe to the internet has to be kept open.
      If the big network pipe to the world is closed then all the code litter, ip ranges, time of day logs found by "trusted" security experts in the wild looks kind of strange.

      The other reason why the web is kept open is to send messages to all of NK mil (not new nuclear forces).
      Whispers and deals to stand down and not use any advanced weapons. That escape to China is still possible with waiting travel documents to any other nation, funds and support. Only if some weapon systems are never get used.
      The CIA has made the entire top level NK traditional mil command and control structure really good offers. Stand down and it will all be ok. No trials, escape, total protection in any other nation, funds and support.
      For such offers to get to the right person at the right time, the internet has to be kept working into NK.
      NK has countered such offers been accepted by placing more nuclear scientists in top positions rather than trusting the mil who might have been swayed by the generous CIA communications.
      NK likes the internet open to watch who is talking with the CIA.
      For propaganda, communications, deals, counter surveillance.

      --
      Domestic spying is now "Benign Information Gathering"
    14. Re:Serious Question by AmiMoJo · · Score: 1

      The malware they used has code from NSA and CIA cyber weapons that those agencies lost control of. As I recall the NSA leak was from an unsecured staging server.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    15. Re:Serious Question by tlhIngan · · Score: 1

      How does a 3rd world country as backward as NK have elite, top of the line, hacking capability? Last I checked, they had a whole 1024 IP addresses for the whole country.

      They aren't hacking from NK. In fact, they are based in a NK-owned Chilbosan hotel in Shenyang, China.

      As long as you're good, you're staying in 5 star accommodations.

      I think it's less about raising home-grown hackers, and more about attracting top-tier talent from China and Russia.

    16. Re:Serious Question by Anonymous Coward · · Score: 0

      You seem to forget they even have their own Linux distribution.

      https://en.wikipedia.org/wiki/Red_Star_OS

  12. what cost? by supernova87a · · Score: 1

    So here's the uncomfortable thing about virtual currencies... If there's no bank to authorize transactions or impose sanctions or prevent cash from moving, how do you stop North Korea, or criminals, or terrorists, from using it as a way to get around laws? I feel this will become an increasing problem for these currencies... The only way would be for banks to refuse to put in or withdraw money from accounts related to cryptocurrencies?

    1. Re:what cost? by SuricouRaven · · Score: 1

      You can't. That's the point. Part of the purpose of them is to be unregulatable. Criminals don't just mean fraudsters and terrorists - it also means churches in Saudi Arabia, human rights lawyers in China and anti-government media in Russia.

    2. Re:what cost? by Anonymous Coward · · Score: 0

      Criminals don't just mean fraudsters and terrorists - it also means churches in Saudi Arabia.

      Churches in Saudi Arabia are fraudsters or terrorists anyway. As are churches anywhere else...

  13. cryptocurrency by Anonymous Coward · · Score: 0

    Is that why my mouse cursor is so jumpy? I thought it was because of that known, 3 year old, still unaddressed BUG in Gnome that effects every Linux distribution on the planet but which the Gnome devs won't resolve because they have no idea what they're doing.

    Turns out it was these damn North Koreans the whole time!

    Feh!

  14. QUESTION: Detecting rogue mining code running? by Rick+Schumann · · Score: 1

    Serious question for /. professionals: Other than high CPU usage by your browser, how do you detect a rogue cryptocurrency miner?
    Second question: How do you block a rogue cryptocurrency miner from running and/or shut it down?

    1. Re: QUESTION: Detecting rogue mining code running? by Anonymous Coward · · Score: 0

      Install nominer extension

    2. Re: QUESTION: Detecting rogue mining code running? by Anonymous Coward · · Score: 0

      See how I...

      Never mind I'm not even going to impersonate APK. But just know you asked for it, so expect to see him pop up.

      To answer your question, I'm guessing check your resource monitor and make sure to see if some rogue process isnt eating all your CPU. I think that's the only real signs. Which you of course already knew.

      I'm assuming that the writers of these miners are atleast as smart as virus/malware creators. Meaning they will do everything they can do to prevent you from detecting/ stopping /deleting it.

  15. Another attack that APK faild to prevent by Anonymous Coward · · Score: 0

    And here we have yet another example of an attack that wasn't prevented by APK's work.
    I'm sure that retard will chime in on blocking it after the fact but as always he is playing catch-up.
    I guess Alexander Peter Kowalski will just have to argue in vain even more because his work keeps failing its users

    1. Re:Another attack that APK faild to prevent by Anonymous Coward · · Score: 0

      At least apk blocks botnets, trackers, ads. You don't. He is useful providing programs with info to block threats. You're not useful at all.

  16. Re: DIY Cryptocurrency Mining... by Anonymous Coward · · Score: 0

    Creimer afffiliate spam. Mod down and report to Amazon.

  17. Propaganda. Yawn. by Anonymous Coward · · Score: 4, Insightful

    A few years ago it was always Syrian Electronic Army. Now it's always North Korea and Russia. Lol

  18. So sick of Bitcoin by MillionthMonkey · · Score: 2

    When will this worthless shit crash already? It's a complete failure as a currency. All it's accomplished for the world is to facilitate trafficking in drugs, weapons, and humans, and to reward people who waste electricity. Yes, everyone accepts it as payment. Because it's undergoing a bubble. But no one wants to pay for stuff with it. Because it's undergoing a bubble.

    For a currency to be usable, it needs to maintain a stable value. Bitcoin fails miserably at it. Nerds seem to get intrigued by its algorithm and lose sight of human nature- people won't trust it once they get burned by the crash that's being dismissed as an inevitable "short-term correction". (And that's more acceptable than a long-term correction... why?) Sure, you'll forget you were a "billionaire" when you went to bed last night and you'll buy pizza with your Bitcoins for lunch- except no pizzeria will accept them after that. But rest assured, there is a distributed blockchain uncontrolled by any central authority that establishes beyond all doubt that you are the proud owner of a worthless currency.

    Bitcoin has made one thing perfectly clear- so-called "fiat money" is the worst kind of currency except for all the others.

    1. Re: So sick of Bitcoin by Anonymous Coward · · Score: 0

      Following this article logic, in a shitty America, aka N1ggerstan, hackers are mining crypto currency in a desperate attempt to counter sanctions and the shitty lifestyle they are now "enjoying" thanks to the legacy of terrorist-in-chief Obama.

    2. Re:So sick of Bitcoin by Anonymous Coward · · Score: 0

      They aren't mining Bitcoin, they're mining Monero. And Monero is much more useful than Bitcoin.

    3. Re:So sick of Bitcoin by Anonymous+Cow+Ward · · Score: 1

      Why is Monero more useful than Bitcoin?

      --
      Examine even your most deeply held beliefs. Nobody is always right.
  19. Why not cut their internet? by Anonymous Coward · · Score: 0

    Seriously. Why do we allow a country as corrupt as theirs to connect to the internet?

  20. north koreans hack to mine by mapkinase · · Score: 1

    ... who doesn't

    --
    I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
  21. Blockade supply by Anonymous Coward · · Score: 0

    So what if the North Koreans can mine cryptocurrencies? They can buy their illicit goods online, but if the UN sanctions are backed up with shipping blockades, they'll never take delivery.

  22. No they aren't by Anonymous Coward · · Score: 0

    They don't have the resources or the skill, or the incentive. This is just more bullshit from the propaganda mill over at the CIA. It's always about one of the countries on the CIA hit-list that won't lie down and do as America wants. Would you expect anything less then propaganda?

  23. 70 XMR on a single computer during the summer? by Anonymous Coward · · Score: 0

    Forget the hacking news. I want to know how they managed to mine 70 Monero on a single server during the summer? Consider, 25000 USD worth of crypto there from a few months of mining.. All you need is a single server and some electricity? Sure it happened that way, and it wasn't actually some server farm or whatever? :)