North Korean Hackers Infiltrate Chile's ATM Network After Skype Job Interview (zdnet.com)

← Back to Stories (view on slashdot.org)

North Korean Hackers Infiltrate Chile's ATM Network After Skype Job Interview (zdnet.com)

Posted by msmash on Thursday January 17, 2019 @04:52AM from the stranger-things dept.

A Skype call and a gullible employee was all it took for North Korean hackers to infiltrate the computer network of Redbanc, the company that interconnects the ATM infrastructure of all Chilean banks. From a report: Prime suspects behind the hack are a hacker group known as Lazarus Group (or Hidden Cobra), known to have associations to the Pyongyang regime, is one of the most active and dangerous hacking groups around, and known to have targeted banks, financial institutions, and cryptocurrency exchanges in the past years. Lazarus' most recent attack took place at the end of December last year but only came to the public's attention after Chilean Senator Felipe Harboe called out Redbanc on Twitter last week for not disclosing its security breach. The company, which has direct lines into the networks of all Chilean banks, formally admitted to the hack a day later in a message posted on its website, but that announcement didn't include any details about the intrusion. However, a day after Redbanc's admission, an investigation conducted by Chilean tech news site trendTIC revealed that the financial firm was the victim of a serious cyber-attack, and not something that could be easily dismissed. According to reporters, the source of the hack was identified as a LinkedIn ad for a developer position at another company to which one of the Redbanc employees applied.

44 comments

Min score:

Reason:

Sort:

For the Record by lazarus · 2019-01-17 04:59 · Score: 4, Funny

Just for the record, I had nothing to do with this.

--
I am not interested in articles about life extension advancements.
1. Re:For the Record by bill_mcgonigle · 2019-01-17 05:17 · Score: 1
  
  It's not "after a skype interview", but rather "after the user opened a malicious executable which compromised the system". How is this newsworthy again?
  Clickbait for Nerds.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
2. Re:For the Record by Headw1nd · 2019-01-17 05:22 · Score: 4, Funny
  
  I'm sorry, but we have to look at the facts here, the most important being your UID.
  4-digit UID = international cybercriminal, no exceptions.
3. Re:For the Record by Anonymous Coward · 2019-01-17 06:58 · Score: 0
  
  After drinking a glass of water the user compromised the system. Lesson here: Do not allow anyone who drinks water to use a computer.
4. Re:For the Record by TimMD909 · 2019-01-17 08:05 · Score: 2
  
  I'm sorry, but we have to look at the facts here, the most important being your UID.
  4-digit UID = international cybercriminal, no exceptions.
  You're talking crazy. The thing we should be worried about is that his UID mod 2213 equals 666. Obviously a sign of the end times. Nostradamus said so cuz aliens.
5. Re:For the Record by Anonymous Coward · 2019-01-17 08:49 · Score: 0
  
  Weren't you dead? Feeling better now, I hope?
  And yes, your "living" is the reason for all that's ill.
  CAP === 'lacing'
6. Re:For the Record by Anonymous Coward · 2019-01-17 10:15 · Score: 0
  
  Clickbait for Nerds.
  Stuff that matters to advertisers..
7. Re: For the Record by Anonymous Coward · 2019-01-17 10:23 · Score: 0
  
  Well that's because other than patriots like myself, AC's are russians and NPCs
For the Record by Anonymous Coward · 2019-01-17 05:04 · Score: 2, Interesting

It's not "after a skype interview", but rather "after the user opened a malicious executable which compromised the system". How is this newsworthy again?
North Korea - Improving The World, Every Day!!! by dryriver · 2019-01-17 05:05 · Score: 1

That was sarcasm, in case anybody didn't get it...

--
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
1. Re:North Korea - Improving The World, Every Day!!! by Anonymous Coward · 2019-01-17 06:57 · Score: 0
  
  Donald Trump is a fucking traitor headed to prison, so the idea of him ripping off ATM's is perfectly believable. He's a scumbag. He hasn't told the truth twice in a row in his entire adult diaper faggot traitor life. YOU should HANG too.
Local devs only by Anonymous Coward · 2019-01-17 05:08 · Score: 0

This is what you deserve for hiring cheap remote workers.
1. Re: Local devs only by Anonymous Coward · 2019-01-17 05:26 · Score: 0
  
  racist
Misleading title... by Fuzi719 · 2019-01-17 05:10 · Score: 4, Informative

The title makes it seem as if Skype was the infection vector, but reading the article will tell you it wasn't. The problem, as usual, is stupid people doing stupid things, "during this interview [the Skype call], the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form." Yes, Skype is a mess, but it didn't infect the computer system.
1. Re:Misleading title... by Anonymous Coward · 2019-01-17 05:27 · Score: 0
  
  Kind of a brilliant bit of social engineering to be fair... People don't expect job interviews to be an attack vector.
2. Re:Misleading title... by Dragonslicer · 2019-01-17 07:11 · Score: 1
  
  The title makes it seem as if Skype was the infection vector, but reading the article will tell you it wasn't. The problem, as usual, is stupid people doing stupid things, "during this interview [the Skype call], the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form." Yes, Skype is a mess, but it didn't infect the computer system.
  I think that's even less interesting than what I had imagined, which was the Redbanc employee leaving screen sharing turned on and allowing the other person to see something like login credentials that they could use to gain access.
3. Re:Misleading title... by AHuxley · 2019-01-17 12:00 · Score: 1
  
  The ".exe" is the big US brand hint.
  Its the junk US consumer OS that allows NK in.
  
  Doing interviews with random strangers?
  Ensure the interview system is fully isolated and used only for that interview.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:Misleading title... by johnsie · 2019-01-17 22:58 · Score: 1
  
  Plus if you don't run the exe you don't get the job.
Malicious attribution by Anonymous Coward · 2019-01-17 05:11 · Score: 1

North Korea has nothing to gain by doing flippant things like this at this point in time when they're trying to reconcile with the world. This is just malicious attribution most likely carried out by the U.S. to continue throwing wrenches into the work as always.
Also, what could they possibly gain by doing this? Plop out money at some cash dispenser and then send an agent to collect the "booty" and bring it back home? As usual, a "report" with no sense to it.
1. Re:Malicious attribution by ShanghaiBill · 2019-01-17 05:52 · Score: 3, Interesting
  
  North Korea has nothing to gain by doing flippant things like this
  Actually, they do gain. If NK behaved like a "normal" country, they would be treated like one. But by regularly engaging in batshit insane behavior, they lower expectations so much that when we sit down to negotiate with them, we are happy to accept any outcome that is even halfway sane, even they though have a long pattern of not keeping their word.
  The Kim family regime has controlled NK for more than 70 years. Even longer than the Castro family has controlled Cuba. Their strategy of egregious behavior has worked well for them.
2. Re:Malicious attribution by Anonymous Coward · 2019-01-17 07:41 · Score: 0
  
  Sir, you're a first-class dumb-ass. You unknowingly got shanghai'd by American "news" in which the unsubstantiated yet unquestionable "report" is all that's needed to convince people of lesser intellectual fibre to believe whatever is on the current agenda.
  North Korea does not have a plan to rob ATM machines in Chile, and if they tried they would gain nothing, it would only be detrimental to what they want the most right now, negotiating terms and a way forward with their neighbors and the world. The whole premise of this supposed ATM hack is so stupid it could only fit in a ridiculous Hollywood movie.
This was posted too close to lunch. by jellomizer · 2019-01-17 05:18 · Score: 3, Funny

I read the title, and I was thinking of Chilie's Bar and Grill, (a somewhat popular food chain in the US). I was picturing some early 20 something store manager, just getting tricked by this guy. Then I read a little further realize it was the country.

--
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
1. Re:This was posted too close to lunch. by ShanghaiBill · 2019-01-17 05:57 · Score: 1, Offtopic
  
  I read the title, and I was thinking of Chilie's Bar and Grill
  Here is a quick guide:
  Chile: The country
  Chili: The name of the bar & grill
  Chilie: (What your wrote) Not an actual word
2. Re:This was posted too close to lunch. by Anonymous Coward · 2019-01-17 06:23 · Score: 0
  
  The country is CHILE and the US-based restaurant is CHILI'S. Neither is CHILIE'S.
3. Re:This was posted too close to lunch. by Anonymous Coward · 2019-01-17 08:55 · Score: 0
  
  But you fell for the ol' Chilie exploit. Ha! Now, you're infected!
  CAP === 'deadline'
4. Re:This was posted too close to lunch. by pablo.cl · 2019-01-17 13:28 · Score: 1
  
  This is Chili's Grill & Bar, an American restaurant chain.
  This is Chile, a beautiful country located in South America. Have you ever heard of the writer Isabel Allende? She comes from Chile!
  I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
They deserve it by Anonymous Coward · 2019-01-17 05:55 · Score: 0

trendTIC reports that during this interview, the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form.
LOL, what idiots
Get real by The+Snazster · 2019-01-17 06:21 · Score: 2

"known to have associations to the Pyongyang regime" Seriously? If they are operating out of North Korea they are just stooges for that Joffrey wannabe. Get it straight. There is no Pyongyang regime. There is no North Korean government. It's just that piece of slime. Every news report or article that says something like "the North Korean government did or said thus and so" should get the publisher slapped silly. They know his name.
Re:Nope, just clickbait by Guybrush_T · 2019-01-17 06:32 · Score: 2

You're not getting it. It's easy to play the "idiots get what they deserve". In practice, someone looking to get a job at a company will lower its guards since he need that job and refusing to follow a stupid company process will likely disqualify them.
And even when interviewing for very "technical" companies, HR folks usually have no clue about security and will put the candidates at risk all the times, so even if you're a security expert, it's really hard to know whether the interviewer is trying to trick you or just bad at security.
I've been asked so many times to provide personal information through unencrypted email, like banking accounts ; this is very common. Every time, I configured a web server with HTTPS and authentication for the HR person to retrieve the documents securely, calling them to give them the password or creating the password to that part of it would be only known by the HR person. Obviously not everyone would do that and I was lucky the HR person managed to retrieve the documents (they were nice and helpful and managed to follow my instructions).
Job interview - social engineering *is* brilliant and really hard to counter.
I was going to say... by Lucas123 · 2019-01-17 06:54 · Score: 1

Just reading the headline, I was thinking if N. Koreans can bypass your security, you're a piece of red meat in the jungle filled with hungry amateur hackers.
EggShell by cwsumner · 2019-01-17 07:07 · Score: 2

It was "EggShell" security, a hard perimiter with no protection once it cracks. Any breach and -everything- is lost.
I am not sure that it counts as any security at all, these days...
Re:Nope, just clickbait by Anonymous Coward · 2019-01-17 07:13 · Score: 0

If refusing to follow a stupid company process will likely disqualify one from being hired by that company, then one ought be glad that one will not be hired by that company as it is apparent that said company is not one for which one would want to work.
Re: Biggest racists of all is this religious cult by Anonymous Coward · 2019-01-17 08:57 · Score: 0

You make a compelling argument but what has this to do with TFA?
Monopoly by Anonymous Coward · 2019-01-17 08:59 · Score: 0

Redbanc is an ATM monopolistic corporation owned by the local Banks around here.
MICROS~1 Windows strikes again :] by najajomo · 2019-01-17 11:31 · Score: 1

“The dropper used to deliver the malware is related to the PowerRatankba, a Microsoft Visual C#/ Basic .NET (v4.0.30319)-compiled executable” ref

.. insert one of China/Russia/Iran/NORK/Venezuela ..or who ever else the deepstate is trying to pick a fight with ..
they ask for your SS# as part of the application by Joe_Dragon · 2019-01-17 12:23 · Score: 1

they ask for your SS# as part of the application and that in it self it is bad.
Re:they ask for your SS# as part of the applicatio by pablo.cl · 2019-01-17 13:20 · Score: 1

In Chile the RUT (Unique Identification Number) is not secret. There are third party web sites that find a RUT given your name, and those are not illegal.
Fcuking misleading headline, as always by Anonymous Coward · 2019-01-22 01:57 · Score: 0

This had NOTHING to do with LinkedIn or Skype. The victim was tricked into downloading and installing a sketchy executable, which basically opened the door for the attack. The attackers simply used LinkedIn as the social engineering tool, and Skype was just a word used in the job listing.