Slashdot Mirror

← Back to Stories (view on slashdot.org)

North Korean Hackers Infiltrate Chile's ATM Network After Skype Job Interview (zdnet.com)

Posted by msmash on from the stranger-things dept.

A Skype call and a gullible employee was all it took for North Korean hackers to infiltrate the computer network of Redbanc, the company that interconnects the ATM infrastructure of all Chilean banks. From a report: Prime suspects behind the hack are a hacker group known as Lazarus Group (or Hidden Cobra), known to have associations to the Pyongyang regime, is one of the most active and dangerous hacking groups around, and known to have targeted banks, financial institutions, and cryptocurrency exchanges in the past years. Lazarus' most recent attack took place at the end of December last year but only came to the public's attention after Chilean Senator Felipe Harboe called out Redbanc on Twitter last week for not disclosing its security breach. The company, which has direct lines into the networks of all Chilean banks, formally admitted to the hack a day later in a message posted on its website, but that announcement didn't include any details about the intrusion. However, a day after Redbanc's admission, an investigation conducted by Chilean tech news site trendTIC revealed that the financial firm was the victim of a serious cyber-attack, and not something that could be easily dismissed. According to reporters, the source of the hack was identified as a LinkedIn ad for a developer position at another company to which one of the Redbanc employees applied.

44 comments

  1. For the Record by lazarus · · Score: 4, Funny

    Just for the record, I had nothing to do with this.

    --
    I am not interested in articles about life extension advancements.
    1. Re: For the Record by Anonymous Coward · · Score: -1

      Oh like hell you had nothing to do with it you international criminal

    2. Re: For the Record by Anonymous Coward · · Score: -1

      A.C. has typical slashdot mentality. The slightest sign of intelligence would show that he really doesn't have anything to do with it, but do we care?

    3. Re:For the Record by bill_mcgonigle · · Score: 1

      It's not "after a skype interview", but rather "after the user opened a malicious executable which compromised the system". How is this newsworthy again?

      Clickbait for Nerds.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    4. Re:For the Record by Headw1nd · · Score: 4, Funny
      I'm sorry, but we have to look at the facts here, the most important being your UID.

      4-digit UID = international cybercriminal, no exceptions.

    5. Re:For the Record by Anonymous Coward · · Score: -1

      Clickbait for Nerds. Stuff that doesn't matter.

    6. Re:For the Record by Anonymous Coward · · Score: 0

      After drinking a glass of water the user compromised the system. Lesson here: Do not allow anyone who drinks water to use a computer.

    7. Re:For the Record by TimMD909 · · Score: 2

      I'm sorry, but we have to look at the facts here, the most important being your UID.

      4-digit UID = international cybercriminal, no exceptions.

      You're talking crazy. The thing we should be worried about is that his UID mod 2213 equals 666. Obviously a sign of the end times. Nostradamus said so cuz aliens.

    8. Re:For the Record by Anonymous Coward · · Score: 0

      Weren't you dead? Feeling better now, I hope?
      And yes, your "living" is the reason for all that's ill.

      CAP === 'lacing'

    9. Re:For the Record by Anonymous Coward · · Score: 0

      Clickbait for Nerds.

      Stuff that matters to advertisers..

    10. Re: For the Record by Anonymous Coward · · Score: 0

      Well that's because other than patriots like myself, AC's are russians and NPCs

  2. For the Record by Anonymous Coward · · Score: 2, Interesting

    It's not "after a skype interview", but rather "after the user opened a malicious executable which compromised the system". How is this newsworthy again?

  3. North Korea - Improving The World, Every Day!!! by dryriver · · Score: 1

    That was sarcasm, in case anybody didn't get it...

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
    1. Re:North Korea - Improving The World, Every Day!!! by Anonymous Coward · · Score: -1

      And ignorance. Do you really think NK is trying to hack Chilean ATM machines and just wait for the shit to hit the news with everything that's happening over there now? Democrats could tell you that Donald Trump did it, and you'd probably believe that too.

    2. Re:North Korea - Improving The World, Every Day!!! by Anonymous Coward · · Score: 0

      Donald Trump is a fucking traitor headed to prison, so the idea of him ripping off ATM's is perfectly believable. He's a scumbag. He hasn't told the truth twice in a row in his entire adult diaper faggot traitor life. YOU should HANG too.

  4. Local devs only by Anonymous Coward · · Score: 0

    This is what you deserve for hiring cheap remote workers.

    1. Re: Local devs only by Anonymous Coward · · Score: 0

      racist

  5. Misleading title... by Fuzi719 · · Score: 4, Informative

    The title makes it seem as if Skype was the infection vector, but reading the article will tell you it wasn't. The problem, as usual, is stupid people doing stupid things, "during this interview [the Skype call], the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form." Yes, Skype is a mess, but it didn't infect the computer system.

    1. Re:Misleading title... by Anonymous Coward · · Score: 0

      Kind of a brilliant bit of social engineering to be fair... People don't expect job interviews to be an attack vector.

    2. Re:Misleading title... by Dragonslicer · · Score: 1

      The title makes it seem as if Skype was the infection vector, but reading the article will tell you it wasn't. The problem, as usual, is stupid people doing stupid things, "during this interview [the Skype call], the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form." Yes, Skype is a mess, but it didn't infect the computer system.

      I think that's even less interesting than what I had imagined, which was the Redbanc employee leaving screen sharing turned on and allowing the other person to see something like login credentials that they could use to gain access.

    3. Re:Misleading title... by AHuxley · · Score: 1

      The ".exe" is the big US brand hint.
      Its the junk US consumer OS that allows NK in.

      Doing interviews with random strangers?
      Ensure the interview system is fully isolated and used only for that interview.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Misleading title... by johnsie · · Score: 1

      Plus if you don't run the exe you don't get the job.

  6. Malicious attribution by Anonymous Coward · · Score: 1

    North Korea has nothing to gain by doing flippant things like this at this point in time when they're trying to reconcile with the world. This is just malicious attribution most likely carried out by the U.S. to continue throwing wrenches into the work as always.

    Also, what could they possibly gain by doing this? Plop out money at some cash dispenser and then send an agent to collect the "booty" and bring it back home? As usual, a "report" with no sense to it.

    1. Re:Malicious attribution by ShanghaiBill · · Score: 3, Interesting

      North Korea has nothing to gain by doing flippant things like this

      Actually, they do gain. If NK behaved like a "normal" country, they would be treated like one. But by regularly engaging in batshit insane behavior, they lower expectations so much that when we sit down to negotiate with them, we are happy to accept any outcome that is even halfway sane, even they though have a long pattern of not keeping their word.

      The Kim family regime has controlled NK for more than 70 years. Even longer than the Castro family has controlled Cuba. Their strategy of egregious behavior has worked well for them.

    2. Re:Malicious attribution by Anonymous Coward · · Score: 0

      Sir, you're a first-class dumb-ass. You unknowingly got shanghai'd by American "news" in which the unsubstantiated yet unquestionable "report" is all that's needed to convince people of lesser intellectual fibre to believe whatever is on the current agenda.

      North Korea does not have a plan to rob ATM machines in Chile, and if they tried they would gain nothing, it would only be detrimental to what they want the most right now, negotiating terms and a way forward with their neighbors and the world. The whole premise of this supposed ATM hack is so stupid it could only fit in a ridiculous Hollywood movie.

  7. This was posted too close to lunch. by jellomizer · · Score: 3, Funny

    I read the title, and I was thinking of Chilie's Bar and Grill, (a somewhat popular food chain in the US). I was picturing some early 20 something store manager, just getting tricked by this guy. Then I read a little further realize it was the country.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:This was posted too close to lunch. by ShanghaiBill · · Score: 1, Offtopic

      I read the title, and I was thinking of Chilie's Bar and Grill

      Here is a quick guide:

      Chile: The country
      Chili: The name of the bar & grill
      Chilie: (What your wrote) Not an actual word

    2. Re:This was posted too close to lunch. by Anonymous Coward · · Score: 0

      The country is CHILE and the US-based restaurant is CHILI'S. Neither is CHILIE'S.

    3. Re:This was posted too close to lunch. by Anonymous Coward · · Score: 0

      But you fell for the ol' Chilie exploit. Ha! Now, you're infected!

      CAP === 'deadline'

    4. Re:This was posted too close to lunch. by pablo.cl · · Score: 1

      This is Chili's Grill & Bar, an American restaurant chain.

      This is Chile, a beautiful country located in South America. Have you ever heard of the writer Isabel Allende? She comes from Chile!

      I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  8. Biggest racists of all is this religious cult by Anonymous Coward · · Score: -1

    Khazar Talmudic Jews believe this of all they call goyim/gentiles (any non-jew): Jews = biggest racists of all for which they "jew guilt" you for no less! They're hypocrites known as thieves all thru history or were Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations nazi german's too? No. Driven into DESERTS ages ago! Don't wonder why after all those exilings above.

    Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud.

    This is the province of the synagogue of Satan (Pharisees whom Jesus Christ himself kicked to the curb out of the temple & they killed him for it. Jeremiah did the same to them also + the Essenes could not stand them either breaking away from the pharisee corruption):

    Jew Talmud excerpts (the book that calls Christ's mother a whore & a bastard of a roman soldier):

    1. Sanhedrin 59a: "Murdering Goyim is like killing a wild animal."

    2. Abodah Zara 26b: "Even the best of the Gentiles should be killed."

    3. Sanhedrin 59a: "A goy (Gentile) who pries into The Law (Talmud) is guilty of death."

    4. Yebhamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age."

    5. Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."

    6. Hilkkoth Akum X1: "Do not save Goyim in danger of death."

    7. Hilkkoth Akum X1: "Show no mercy to the Goyim."

    8. Choschen Hamm 388, 15: "If it can be proven that someone has given the money of Israelites to the Goyim, a way must be found after prudent consideration to wipe him off the face of the earth."

    9. Choschen Hamm 266,1: "A Jew may keep anything he finds which belongs to the Akum (Gentile). For he who returns lost property (to Gentiles) sins against the Law by increasing the power of the transgressors of the Law. It is praiseworthy, however, to return lost property if it is done to honor the name of God, namely, if by so doing, Christians will praise the Jews and look upon them as honorable people."

    10. Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."

    11. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."

    12. Simeon Haddarsen, fol. 56-D: "When the Messiah comes every Jew will have 2800 slaves."

    13. Nidrasch Talpioth, p. 225-L: "Jehovah created the non-Jew in human form so that the Jew would not have to be served by beasts. The non-Jew is consequently an animal in human form, and condemned to serve the Jew day and night."

    14. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated."

    15. Gad. Shas. 2:2: "A Jew may violate but not marry a non-Jewish girl."

    16. Tosefta. Aboda Zara B, 5: "If a goy kills a goy or a Jew, he is responsible; but if a Jew kills a goy, he is NOT responsible."

    17. Schulchan Aruch, Choszen Hamiszpat 388: "It is permitted to kill a Jewish denunciator everywhere. It is permitted to kill him even before he denounces."

    18. Schulchan Aruch, Choszen Hamiszpat 348: "All property of other nations belongs to the Jewish nation, which, consequently, is entitled to seize upon it without any scruples."

    19. Tosefta, Abda Zara VIII, 5: "How to interpret the word 'robbery.' A goy is forbidden to steal, rob, or take women slaves, etc., from a goy or from a Jew. But a Jew is NOT forbidden to do all this to a goy."

    20. Seph. Jp., 92, 1: "God has given the Jews power over the possessions and blood of all nations."

    21. Schulchan Aruch, Choszen H

    1. Re: Biggest racists of all is this religious cult by Anonymous Coward · · Score: 0

      You make a compelling argument but what has this to do with TFA?

  9. They deserve it by Anonymous Coward · · Score: 0

    trendTIC reports that during this interview, the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form.

    LOL, what idiots

  10. Nope, just clickbait by Anonymous Coward · · Score: -1

    What are you saying, job interviews make you stupid? I don't think so. It's just like pointing at "holding a cell phone" as being the culprit for car accidents (obligatory car analogy alert). That's just not true. The people who'll cause accidents holding cell phones are the same people who used to cause accidents fumbling with the radio or the next cassette to play. That is, their attention isn't on the road, regardless of what their attention is focused on. So here, the guy's attention wasn't on what he was doing. That's how "social engineering" works.

    And of course the long-standing problem that the "OS-like" crap on most people's computers is outright unsafe to use, making such people prime targets for tricking into doing things they're not supposed to. There are so many things they're not supposed to do, just making them do any one of those things is, well, pretty easy really.

    Now, if you read the summary, it's "hackers! this", "hackers! that", "hackers! the other", and that makes it the usual content-free idiocy that msmash loves so much. And then getting the little content that was in there utterly wrong. Congratulations, dear "editor", don't go driving please.

    1. Re:Nope, just clickbait by Guybrush_T · · Score: 2

      You're not getting it. It's easy to play the "idiots get what they deserve". In practice, someone looking to get a job at a company will lower its guards since he need that job and refusing to follow a stupid company process will likely disqualify them.

      And even when interviewing for very "technical" companies, HR folks usually have no clue about security and will put the candidates at risk all the times, so even if you're a security expert, it's really hard to know whether the interviewer is trying to trick you or just bad at security.

      I've been asked so many times to provide personal information through unencrypted email, like banking accounts ; this is very common. Every time, I configured a web server with HTTPS and authentication for the HR person to retrieve the documents securely, calling them to give them the password or creating the password to that part of it would be only known by the HR person. Obviously not everyone would do that and I was lucky the HR person managed to retrieve the documents (they were nice and helpful and managed to follow my instructions).

      Job interview - social engineering *is* brilliant and really hard to counter.

    2. Re:Nope, just clickbait by Anonymous Coward · · Score: 0

      If refusing to follow a stupid company process will likely disqualify one from being hired by that company, then one ought be glad that one will not be hired by that company as it is apparent that said company is not one for which one would want to work.

  11. Get real by The+Snazster · · Score: 2

    "known to have associations to the Pyongyang regime" Seriously? If they are operating out of North Korea they are just stooges for that Joffrey wannabe. Get it straight. There is no Pyongyang regime. There is no North Korean government. It's just that piece of slime. Every news report or article that says something like "the North Korean government did or said thus and so" should get the publisher slapped silly. They know his name.

  12. I was going to say... by Lucas123 · · Score: 1

    Just reading the headline, I was thinking if N. Koreans can bypass your security, you're a piece of red meat in the jungle filled with hungry amateur hackers.

  13. EggShell by cwsumner · · Score: 2

    It was "EggShell" security, a hard perimiter with no protection once it cracks. Any breach and -everything- is lost.

    I am not sure that it counts as any security at all, these days...

  14. Monopoly by Anonymous Coward · · Score: 0

    Redbanc is an ATM monopolistic corporation owned by the local Banks around here.

  15. MICROS~1 Windows strikes again :] by najajomo · · Score: 1

    “The dropper used to deliver the malware is related to the PowerRatankba, a Microsoft Visual C#/ Basic .NET (v4.0.30319)-compiled executable” ref

    .. insert one of China/Russia/Iran/NORK/Venezuela ..or who ever else the deepstate is trying to pick a fight with ..

  16. they ask for your SS# as part of the application by Joe_Dragon · · Score: 1

    they ask for your SS# as part of the application and that in it self it is bad.

  17. Re:they ask for your SS# as part of the applicatio by pablo.cl · · Score: 1

    In Chile the RUT (Unique Identification Number) is not secret. There are third party web sites that find a RUT given your name, and those are not illegal.

  18. Fcuking misleading headline, as always by Anonymous Coward · · Score: 0

    This had NOTHING to do with LinkedIn or Skype. The victim was tricked into downloading and installing a sketchy executable, which basically opened the door for the attack. The attackers simply used LinkedIn as the social engineering tool, and Skype was just a word used in the job listing.