
North Korea’s Hacker Army - malloryerik
https://www.bloomberg.com/news/features/2018-02-07/inside-kim-jong-un-s-hacker-army
======
toomanybeersies
It's almost comical the different ways that North Korea tries to make money.
Kim Jong Un is almost like a comic supervillain with his own country.

Among other things, they engage in:

* Manufacturing methamphetamine [https://www.talkingdrugs.org/north-korea-increasing-crystal-...](https://www.talkingdrugs.org/north-korea-increasing-crystal-meth-production-to-economic-sanctions)

* Fake money [https://news.vice.com/article/north-koreas-counterfeit-benja...](https://news.vice.com/article/north-koreas-counterfeit-benjamins-have-vanished)

* Counterfeit cigarettes and pharmaceuticals

* People trafficking

* A restaurant chain: [https://en.wikipedia.org/wiki/Pyongyang_(restaurant_chain)](https://en.wikipedia.org/wiki/Pyongyang_\(restaurant_chain\))

* Statues for African dictators: [http://www.bbc.com/news/magazine-35569277](http://www.bbc.com/news/magazine-35569277)

Their embassies are also expected to make a profit and sustain themselves,
while sending money home.

The North Korean Embassy in Pakistan was suspected to be bootlegging alcohol:
[https://www.reuters.com/article/us-pakistan-northkorea-
insig...](https://www.reuters.com/article/us-pakistan-northkorea-insight/in-
pakistan-north-korean-diplomats-alcohol-stash-raises-bootlegging-suspicions-
idUSKBN1D80XG)

They rent out embassy owned land for a youth hostel in Berlin:
[https://www.washingtonpost.com/news/worldviews/wp/2017/10/05...](https://www.washingtonpost.com/news/worldviews/wp/2017/10/05/germany-
is-struggling-to-shut-down-a-hostel-funding-north-korea-the-hostel-is-
fighting-back/)

They also smuggle ivory in Africa: [https://www.economist.com/news/middle-
east-and-africa/217295...](https://www.economist.com/news/middle-east-and-
africa/21729543-rhino-horn-and-ivory-smuggling-help-fund-regime-pyongyang-
africa)

It's almost comical. The North Korean regime is completely morally bankrupt.

~~~
closeparen
Sanctions shut them out of the legitimate economy. Probably easiest make money
in the black market for illegal goods than in the black market for goods
everyone else can sell legally.

------
rando444
This article to me is just more evidence that North Korea was not behind the
Sony hack and possibly other high-profile attacks attributed to them.

I mean on the Sony end you have something requiring extreme sophistication and
technical knowledge to pull something like that off.. and this article depicts
North Korean hackers exactly how you picture them. Barely owning computers,
not having enough to survive themselves, poorly organized, and grinding video
games and selling pirated software as a means to make ends meet.

These two parallel depictions of the same group never seem to cross except in
the opening paragraphs of articles where the reader is meant to assume that
these groups are one in the same.

~~~
lern_too_spel
What about the Sony hack required extreme sophistication? The GoP's original
emails were ignored _because_ they seemed like people who didn't know what
they were doing. The source IPs were from a North Korean business in China.
The malware matched what had previously only been used against South Korean
banks, also from North Korean IPs. The reason the North Korean source IPs were
seen accessing GoP's Facebook page and the compromised systems was due to
sloppiness on the part of the attacker.

What motive does anyone else have to demand either that The Interview not be
released or that the ending be modified so that Kim's death wasn't "too
happy?"

~~~
crdoconnor
>What other motive do you have for a Sony hack where the perpetrators demand
either that The Interview not be released or that the ending be modified so
that Kim's death wasn't "too happy?"

That Lulzsec are engaged in a game of misdirection?

I've never found "Malware X was used in attack Y" or "it came from these IP
addresses owned by Z" to _ever_ be a convincing argument for attribution.

Whereas I'm fairly easily convinced that the party responsible for the hack
would prefer it if the FBI believes that the real attacker is outside of their
jurisdiction so they don't come knocking on their door.

The fact that North Korea is everybody's favourite bogeyman from the CIA down
makes them a convenient mark.

North Korea also has a habit of admitting to and _bragging_ about military
attacks whereas this time they just said "wasn't us, good job though guys".
I'm not entirely sure what motive they'd have for denying the fact that they
revealed a bunch of movie star salaries when most people think it was them
anyhow.

~~~
lern_too_spel
> North Korea also has a habit of admitting to and bragging about military
> attacks

They still claim no involvement in the death of Kim Jong Nam and the
destruction of Korean Air Flight 858. You're confusing overt military actions
with covert actions against civilian targets. Of course they will loudly boast
about the former. Boasting about computer attacks that can help attribute
other covert attacks is too stupid even for DPRK.

> I've never found "Malware X was used in attack Y" or "it came from these IP
> addresses owned by Z" to ever be a convincing argument for attribution.

That's just the publicly released evidence, which is enough to draw a
conclusion. You think somebody who is doing it for the lulz wouldn't then brag
about doing it for the lulz on IRC? That happens every other time, which is
one reason why your explanation is less plausible.

~~~
crdoconnor
>They still claim they didn't destroy Korean Air Flight 858.

North Korea maintains that it was a false flag attack. The awkward timing (it
occurred during the last throes of South Korean military dictatorship - there
was a power struggle going on), the fact that the North Korean agent convicted
of the attack was weirdly pardoned and the fact that North Korea had nothing
really to gain from this attack lends some credence to this view.

But, in any case, if it _was_ them I can kind of see why they wouldn't want to
admit to or approve of the wholesale murder of a bunch of civilians.

Revealing a bunch of movie star salaries, approving of it and not admitting to
it? Can't see the what the point would be.

>That's just the publicly released evidence, which is enough to draw a
conclusion. You think somebody who is doing it for the lulz wouldn't then brag
about doing it for the lulz on IRC?

If they don't want the FBI kicking their door in, yeah.

>That happens every other time

...after which they got their doors kicked down.

> why your explanation is less plausible.

Because why would they learn from experience, right?

~~~
lern_too_spel
> Because why would they learn from experience, right?

You realize it isn't the same kid every time, right? The whole point of doing
something for lulz is to laugh about it within a group of like-minded people
who share techniques and hacks.

> Revealing a bunch of movie star salaries, approving of it and not admitting
> to it? Can't see the what the point would be.

See GP post for reason. That it was really about not showing a film making fun
of the leader makes them look silly. If it really were the case that their
leader is so beloved all over the world that non-Koreans did it of their own
volition as they claim, that would not reflect poorly on Kim, but then these
supposed non-Koreans messed up by having so much evidence point to DPRK.

> North Korea maintains that it was a false flag attack.

The bomb was put on the flight by a pair of North Koreans. You believe that
they were turned prior to planting the bomb? And what do you believe about the
Kim Jong-Nam killers?

~~~
crdoconnor
>You realize it isn't the same kid every time, right? The whole point of doing
something for lulz is to laugh about it within a group of like-minded people
who share techniques and hacks.

Yes. I both realize this and posited the admittedly _outrageous_ notion that
rest may have reacted to one or two of them getting arrested by the FBI by
developing better opsec and engaging in a bit of misdirection.

>See GP post for reason. That it was really about not showing a film making
fun of the leader makes them look silly.

It was a film made by a foreign enemy that has threatened them countless times
about the assassination of their leader. They were pretty open that they took
it plenty seriously - if they didn't fear being made to look silly by
complaining about it at the UN why would they fear looking silly because of
the hack?

FWIW, if you made a similar film endorsing the assassination of a sitting US
president the secret service would treat it as a national security threat.

>then these supposed non-Koreans messed up by having so much evidence point to
DPRK.

As far as I'm aware there was no evidence that wouldn't have been easy enough
to fake by hackers who had the skills to breach Sony's security. When I hear
the word "sloppy" I can't help but think "deliberately placed in order to
deceive".

~~~
lern_too_spel
> I both realize this and posited the admittedly outrageous notion

You apparently skipped why it is outrageous. There are no lulz if nobody knows
about it.

> They were pretty open that they took it plenty seriously - if they didn't
> fear being made to look silly by complaining about it at the UN why would
> they fear looking silly because of the hack?

Complaining about how a country's leadership is depicted is one thing. If a
President is depicted as a fool who gets assassinated by other countries, the
US has every right to take offense. Retaliating with an illegal hack shows
thin skin and (what you somehow have kept forgetting to address since GGGP
post) exposes other hacks.

> As far as I'm aware there was no evidence that wouldn't have been easy
> enough to fake by hackers who had the skills to breach Sony's security.

And you have yet to give a plausible reason for anybody to go through that
trouble. In the meantime, we have lots of public evidence that says that DPRK
has done similar hacks in the past, and the agencies claim to have additional
bulletproof private evidence that they don't want to burn their sources for.

~~~
crdoconnor
>You apparently skipped why it is outrageous. There are no lulz if nobody
knows about it.

I'm sure there were plenty of "lulz" to be had among their little group and
while they'd like the admiration of joe bloggs as well as their peers, joe
bloggs' admiration can be ceded if it means the FBI isn't kicking their door
in.

>Retaliating with an illegal hack shows thin skin

This is how your cultural lens filters it but it is not how they would see it.
From their perspective, this hack would demonstrate North Korean technological
superiority (important, because they have an insecurity surrounding this),
while the outcome would demonstrate the moral decrepitude, hypocrisy and
incompetence of the American and Japanese "imperialist aggressors". This is
the nature of both their mindset and propaganda and it is very consistent.

No innocent life was taken. There was nothing really immoral about the act
from their perspective (or in general).

The simplest explanation is just that they didn't do it.

I can well imagine that they erroneously believed (and probably reported in
pyongyang newspapers) that the hack was performed by a secretive admiring
ally.

>If a President is depicted as a fool who gets assassinated by other
countries, the US has every right to take offense.

I like how when the tables are turned you somehow see it as something more
serious. Your cultural filter is on display.

>And you have yet to give a plausible reason for anybody to go through that
trouble.

Trying to prevent your door from getting kicked in by the FBI is more than a
plausible reason.

>In the meantime, we have lots of public evidence

Yeah, like "here are some IP addresses in a log that ended up there because
they were 'sloppy'". No potential for fakery there.

>the agencies claim to have additional bulletproof private evidence

I trust that about as much as I trusted the CIA's claim that they had
bulletproof unseen evidence of WMDs in Iraq. It wasn't put on display because
of national security concerns. It wasn't put on display because it doesn't
exist.

The CIA goes to Congress every so often with their cap in hand asking for more
money. This is the exact kind of thing they use to justify their budget
increase. I typically bear this in mind when I hear them cite evidence that we
are being protected from seeing for our own good.

------
jpelecanos
Who are those programmers's handler? Is it Bureau 121 of the Reconnaissance
General Bureau?

