North Korean Hackers Hijack Computers To Mine Cryptocurrencies

North Korean hackers are hijacking computers to mine cryptocurrencies as the regime in Pyongyang widens its hunt for cash under tougher international sanctions. From a report: A hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins -- worth about $25,000 as of Dec. 29 -- according to Kwak Kyoung-ju, who leads a hacking analysis team at the South Korean government-backed Financial Security Institute. The case underscores the increasing appetite from cyber-attackers for digital currencies that are becoming a source of income for the Kim Jong Un regime. North Korea is accelerating its pursuit of cash abroad as the world tightens its stranglehold on its conventional sources of money with sanctions cutting oil supplies and other trade bans.

north korea should have to re pay to go olympics

[Joe_Dragon]

north korea should have to re pay it. If they want to go to the olympics!

According to some "Kwak"

I'll see my way out.

misspelled

You misspelled Russian.

Re:misspelled

You misspelled Israeli.

Re:misspelled

[halivar]

You misspelled Djibouti. It's the capitol of Djibouti.

Dig deeper

[WillAffleckUW]

Actually, almost all of the ransoms are used by North Korea and Russian hackers to fund various projects.

Follow the digital money trail.

And then short Bitcoin.

Re:DPRK is just an organization among many...

[FFOMelchior]

Doesn't even have to be a criminal organization -- e.g. UFC which was caught with a browser-embedded miner in November.

Better than ransomeware

[rsilvergun]

I suppose.

Great honeypot

[wardrich86]

Let them waste their resources on Crypto-currencies, then run them all into the ground.

Serious Question

[tacokill]

How does a 3rd world country as backward as NK have elite, top of the line, hacking capability? Last I checked, they had a whole 1024 IP addresses for the whole country. There is no high tech industry there and they don't actually produce any computing or software products. I would be highly surprised if they could make a single ASIC, much less a complex and capable CPU on par with Intel/AMD.

I ask seriously. There are many more technically capable adversaries out there but it's not them who strike successfully yet all of the "bad" hacks I've heard about over the last few years are all being attributed to DPNK

So how do the norks have such a world class hacking capability in the middle of such a technological backwater? How is that even possible?

Re:Serious Question

[JackieBrown]

How does a 3rd world country as backward as NK have elite, top of the line, hacking capability? Last I checked, they had a whole 1024 IP addresses for the whole country. T

They switched to IPV6 ;)

Re:Serious Question

[SirGarlon]

TL;DR it is easier to break stuff than to make stuff.

Knowledge is easy to obtain, at least compared to building a microprocessor factory. The hardware you need to hack a remote system is pretty modest: you can run Metasploit on a three-year-old laptop.

I am only speculating but a national scale intelligence service should be able to smuggle in the hardware from China and/or South Korea. As to recruiting the personnel, one thing totalitarian regimes are good at selecting and training talented people. People will study very hard if the penalty for failing a test is to have their toenails torn out with pliers. If necessary, their spooks can forge South Korean passports and they can educate the hackers overseas. To ensure they return, simply hold their family hostage.

One could make a pretty good spy novel out of this, actually. Probably the reality is less exciting than what I imagine.

Re:Serious Question

[SuricouRaven]

Immunity, perhaps. State sponsored hackers don't have to worry about getting caught, so they can be reckless.

Re:Serious Question

[Zocalo]

Probably the same reason why they can have a nuclear weapons programme; their priorities over where to spend their miniscule GDP are completely and utterly fscked up. They do send a few of their most trusted elites overseas to study, but mostly I suspect it's down to the black market and envelopes stuffed with used notes. Just as there were a lot of Soviet weapons scientists ready to fly to Pyongyang rather than face poverty after the USSR collapsed, there are almost certainly lot of black hats willing to train the appointed NORKs in the darker side of cracking.

There's also the useful idiot / scapegoat angle, of course. A government that has trained the DPRK's hackers and an understanding of the way the DPRK operates essentially has a deniable cyberweapon they can point wherever they want just by leaking some appropriate data on the target. It's not hard to think of a few countries that might consider that black budget money well spent.

Re: Serious Question

[TuringTest]

Code can be copy-pasted with little knowledge. Also, it's likely that script-kiddies only find the activity profitable in these second world countries to the point of doing it full time; in developed countries you can get better rewards for that level of dedication.

Re:Serious Question

[drewsup]

You would be surprised at what can be accomplished with brainwashing and a gun barrel at you/loved ones heads, 99% of NK may be ass backwards, but the 1% that have education are..well, just as smart or smarter than you are, plus they have MOTIVATION, whether that is internal or externally applied doesnt matter.

Re:Serious Question

[edtice1559]

I imagine that there are a few things in play here. First, learning hacking is (relatively) cheap. You can setup a system, compromise it, and then re-image with no incremental cost. You should be able to get started just using information freely available on the Internet and some very cheap equipment. Second, opportunistic hacking (to mine cryptocurrencies) is much harder than targeted hacking. Basically you just do reconnaissance until you find something with a known weakness. You don't even really have to know much about the vulnerability. Finally, the hardest part of getting *good* at hacking is that one mistake and you land up in jail. If you are working for the NK state apparatus, you are beyond the reach of western law enforcement, so you can just learn from your mistakes and keep going. In terms of more capable adversaries, they probably aren't getting caught as often. They have to be more careful since they do care not to get caught. They're not trying to mine crypto-currenies or embarrass a movie production company. They're trying to infiltrate high-value systems and, even if they are successful (especially when they are successful), it is kept quiet rather than publicized.

Re:Serious Question

[Opportunist]

You don't need elite, top of the line hacking abilities. Yes, if you want to break into high security areas where you're facing policies that Put the C of the CIA triad (read the link before you post conspiracy bullshit, please) before the A, then yes, Otherwise you're facing the same problem the average malware jockey faces: If you don't want a specific targets, there's plenty of easy ones.

Take a look at the OWASP Top 10. These are the 10 security issues that are considered the most critical and most common out in the field. Take a look at the 2017 edition, then 2014, then 2010. Notice something? They barely change. And believe it or not, the number 1, top level security issue has not changed since 2003.

If companies considered security at least a tertiary priority, do you think the most critical, most widespread and most common security issue would still be an issue? Or at least still be number 1?

Re:Serious Question

[AHuxley]

Re 'How is that even possible?"
Japan, the NSA and GCHQ keep access to the web wide open and fast for their own reasons.
Without the ability to be on the web the CIA code litter does not sell well to the tame waiting media.
"CIA anti-forensics tool that makes Uncle Sam seem fluent in enemy tongues" https://www.theregister.co.uk/...
"... pretend that the malware was created by a speaker of a range of foreign languages ... Korean .... "
For a good propaganda to work, the big pipe to the internet has to be kept open.
If the big network pipe to the world is closed then all the code litter, ip ranges, time of day logs found by "trusted" security experts in the wild looks kind of strange.

The other reason why the web is kept open is to send messages to all of NK mil (not new nuclear forces).
Whispers and deals to stand down and not use any advanced weapons. That escape to China is still possible with waiting travel documents to any other nation, funds and support. Only if some weapon systems are never get used.
The CIA has made the entire top level NK traditional mil command and control structure really good offers. Stand down and it will all be ok. No trials, escape, total protection in any other nation, funds and support.
For such offers to get to the right person at the right time, the internet has to be kept working into NK.
NK has countered such offers been accepted by placing more nuclear scientists in top positions rather than trusting the mil who might have been swayed by the generous CIA communications.
NK likes the internet open to watch who is talking with the CIA.
For propaganda, communications, deals, counter surveillance.

Re:Serious Question

[AmiMoJo]

The malware they used has code from NSA and CIA cyber weapons that those agencies lost control of. As I recall the NSA leak was from an unsecured staging server.

Re:Serious Question

[tlhIngan]

How does a 3rd world country as backward as NK have elite, top of the line, hacking capability? Last I checked, they had a whole 1024 IP addresses for the whole country.

They aren't hacking from NK. In fact, they are based in a NK-owned Chilbosan hotel in Shenyang, China.

As long as you're good, you're staying in 5 star accommodations.

I think it's less about raising home-grown hackers, and more about attracting top-tier talent from China and Russia.

what cost?

[supernova87a]

So here's the uncomfortable thing about virtual currencies... If there's no bank to authorize transactions or impose sanctions or prevent cash from moving, how do you stop North Korea, or criminals, or terrorists, from using it as a way to get around laws? I feel this will become an increasing problem for these currencies... The only way would be for banks to refuse to put in or withdraw money from accounts related to cryptocurrencies?

Re:what cost?

[SuricouRaven]

You can't. That's the point. Part of the purpose of them is to be unregulatable. Criminals don't just mean fraudsters and terrorists - it also means churches in Saudi Arabia, human rights lawyers in China and anti-government media in Russia.

QUESTION: Detecting rogue mining code running?

[Rick+Schumann]

Serious question for /. professionals: Other than high CPU usage by your browser, how do you detect a rogue cryptocurrency miner?
Second question: How do you block a rogue cryptocurrency miner from running and/or shut it down?

Propaganda. Yawn.

A few years ago it was always Syrian Electronic Army. Now it's always North Korea and Russia. Lol

So sick of Bitcoin

[MillionthMonkey]

When will this worthless shit crash already? It's a complete failure as a currency. All it's accomplished for the world is to facilitate trafficking in drugs, weapons, and humans, and to reward people who waste electricity. Yes, everyone accepts it as payment. Because it's undergoing a bubble. But no one wants to pay for stuff with it. Because it's undergoing a bubble.

For a currency to be usable, it needs to maintain a stable value. Bitcoin fails miserably at it. Nerds seem to get intrigued by its algorithm and lose sight of human nature- people won't trust it once they get burned by the crash that's being dismissed as an inevitable "short-term correction". (And that's more acceptable than a long-term correction... why?) Sure, you'll forget you were a "billionaire" when you went to bed last night and you'll buy pizza with your Bitcoins for lunch- except no pizzeria will accept them after that. But rest assured, there is a distributed blockchain uncontrolled by any central authority that establishes beyond all doubt that you are the proud owner of a worthless currency.

Bitcoin has made one thing perfectly clear- so-called "fiat money" is the worst kind of currency except for all the others.

Re:So sick of Bitcoin

[Anonymous+Cow+Ward]

Why is Monero more useful than Bitcoin?

north koreans hack to mine

[mapkinase]

... who doesn't

Re:OpenBSD to the rescue?

[AHuxley]

The code reading of OpenBSD and support for issues reported make OpenBSD one of the best OS.
Other consumer OS brands could do better and follow the understanding of their own code in the way OpenBSD can.