
N. Korea Took in $2B in Cyberattacks to Fund Weapons Program: U.N. Report - atlasunshrugged
https://www.reuters.com/article/us-northkorea-cyber-un/north-korea-took-2-billion-in-cyberattacks-to-fund-weapons-program-u-n-report-idUSKCN1UV1ZX
======
Ididntdothis
From whatever I have read so far North Korea government is pretty much a
criminal organization like the Mafia . They forge money, sell drugs, abduct
people, sell weapons. Pretty much anything is fair game as long as it makes
money without any regard for health or life of their own people or foreigners
. In addition they have a propensity for killing each other. I think it would
make a great mob movie.

~~~
st1ck
Totally, no other government, especially those cyber superpower countries,
would ever do such immoral things.

~~~
cheeze
Yeah. I can't imagine Russia ever doing something like Hacking an adversary or
abducting someone.

~~~
woodandsteel
Russia is terrible, but No. Korea is worse for it's size. That's because
Russia has large legitimate sources of income, like fossil fuels, agriculture,
and manufacturing. No. Korea has much less that other countries want to buy,
so it makes most of its currency from criminal activity of one type or
another.

------
sharadov
How are they training the hackers? Are they being educated abroad, or are they
hiring foreign hackers? For a country living in the dark ages, how are they
managing to pull this off?

~~~
FDSGSG
> are they hiring foreign hackers?

Probably, but they wouldn't need more than one or two.

E: Actually, I should just refer to this _awfully_ specific grugq take
[https://twitter.com/thegrugq/status/997114164131737600](https://twitter.com/thegrugq/status/997114164131737600)

~~~
tyingq
Agree with this in order of magnitude at least. Even if it's 10 and not 1 or
2, the costs are relatively low. They have drug and other money. Hire for
aptitude, train the trainer. Everyone else is shackled by plausible
deniability. DPRK gives zero f*cks. Best candidates, best training, whatever
equipment, training, and info you want, and go...no bars held.

It's all about removing constraints.

~~~
mkl
> no bars held

Off topic, but it's "no holds barred". From wrestling: no holds (moves) barred
(banned), i.e. anything goes.

~~~
tyingq
It's a sort of silly inverse meme thing. So a little "whoosh", but thanks for
noticing.

~~~
sharadov
I love it, will steal..

------
dreamcompiler
The beautiful part here is that the DPRK has (effectively) no cyber
infrastructure of its own to retaliate against. It's perfect asymmetric
warfare.

------
dmix
Considering the lack of blow back this has generated it seems to be a
successful operation on NK's part. Who knows, maybe there will be some future
consequences, but everyone globally is so focused on their nukes this seems to
get lost on the side. Plus the intel agencies care more about offensive
operations and hiding their capabilities, so they don't seem to be making much
noise about all this to the public either (not that law enforcement is their
job).

~~~
tfha
If I could prevent NK from getting Nukes, or I could prevent NK from stealing
billions from banks... seems pretty reasonable that nukes are still the focus

~~~
bronco21016
But aren’t the billions a prerequisite for nukes? At the end of the day
they’re still going to need money to make things happen with regards to the
nukes. Unless they’re able to go from raw material to facilities and missiles
purely from slave labor?

------
choppaface
North Korea has substantial hydroelectric power, which could support a highly
profitable crypto mining operation. I wonder how much hydropower they need
before the opportunity cost of hacking exceeds that of mining crypto. I don’t
think anybody wants them to spend money on weapons, but in the eventuality
that they never go to war, it would probably be desirable to prevent theft.

~~~
FDSGSG
I don't see how the opportunity cost of hacking could ever exceed that of
mining crypto.

~~~
choppaface
Crypto mining would provide a more stable cashflow and has a more limited
downside versus theft. I see your point, given how successful the thieves have
been. But I just wonder about the value of hydro power.

~~~
FDSGSG
Hydro power is nice and all, but monetizing that requires strictly different
resources than monetizing hackers. Perhaps hydro power can be valuable, but
that will not make hacking any less valuable.

------
rolltiide
> North Korea has generated an estimated $2 billion for its weapons of mass
> destruction programs using “widespread and increasingly sophisticated”
> cyberattacks to steal from banks and cryptocurrency exchanges

I'm more interested in how this proves cryptocurrency markets are liquid
enough. Enterprises of all sizes can get in and out of a portfolio of the
largest cryptocurrencies.

------
michalxnet
I will guess even more. And add some drug money lets say about ~$1.3B

Two years ago:

The World Once Laughed at North Korean Cyberpower. No More.

[https://www.nytimes.com/2017/10/15/world/asia/north-korea-
ha...](https://www.nytimes.com/2017/10/15/world/asia/north-korea-hacking-
cyber-sony.html)

~~~
Scaevolus
There's probably large-scale counterfeiting, too!
[https://en.wikipedia.org/wiki/Superdollar#North_Korea](https://en.wikipedia.org/wiki/Superdollar#North_Korea)

------
mikedilger
Does anyone have a good explanation or thoughts on why a confidential UN
report was leaked to the media?

~~~
hannob
Even if you keep the circle small you have a bunch of people who will have
access to the report. Include some people who can gain access if they want to,
e.g. IT staff.

It takes one of them who strongly believes that this information should be
public knowledge.

------
ju-st
How is it possible to attribute cyberattacks to a state sponsored hacking
programme?

~~~
jdm2212
Often, our intel has hacked their intel and watched them do it.

For example: the US is certain that North Korea was behind the Sony hack
because South Korean intelligence hacked North Korean intelligence, and the
NSA hacked South Korean intelligence. So the NSA found that it could access
Sony servers by going through SK intel to NK intel to Sony.

Another example: one of Cozy and Fancy Bear (don't remember which) is known
definitely to be Russian because Dutch intelligence hacked the CCTV cameras
outside their Moscow office and was able to correlate times when they
conducted spearphishing operations with times when known Russian government
hackers were in the office and specific, spearphishing-related Google searches
were being issued from computers in the office.

~~~
pfundstein
Russian hackers using Google instead of Yandex or other? Or is Google here a
metaphor for 'searching the internet'?

~~~
jdm2212
I think it was actually Google, but I read the article a while back and it
might've been Yandex.

------
ourmandave
Maybe we'll never hear about it but it seems strange we don't have counter
cyber ops against their weapons programs, e.g. Israel Stuxnet and Iran's
nuclear program.

~~~
dsfyu404ed
There's probably some guys in office buildings in Georgia and Maryland who are
chucking in their heads as they read your comment.

------
AnimalMuppet
Get your enemies to pay for your weapons. Neat trick, if you can pull it off.
I'd be more impressed if they used the money to feed their people, though.

~~~
alasdair_
The moment the NK people are well fed and able to focus on things other than
survival is the moment that the regime will be overthrown.

~~~
uncoder0
The same goes for firearms. The moment they can defend themselves is the
moment they take the food and resources for themselves. Having your population
near starvation and defenseless is the main method used to maintain power as
an oppressive fascist regime.

~~~
inawarminister
Not only fascist.

Authoritarian regime is more accurate.

------
bitcoinmoney
How is nk connected to Internet?

~~~
borumpilot
Quick google found:

Since 2010: North Korean ISP Star JV via China Unicom link.

Since 2017: TransTeleCom, or TTK, is one of Russia’s biggest
telecommunications companies and a subsidiary of the Russian railway operator.

[https://www.38north.org/2017/10/mwilliams100117/](https://www.38north.org/2017/10/mwilliams100117/)

------
reilly3000
Indeed, a ‘beautiful vision for his country’.

------
mises
Three-letters have known this for years. I know of countless situations in
which a company gets ransomware and the FBI has relayed that the attacker is
known, it's classified as terrorism, but nothing will happen. They've all seen
it happen to many more companies. Basically, our government hasn't stood up to
the evil communist bully that is little rocket man. He has committed horrible
human rights violations, has attacked our companies (which is typically an act
of war), and our government has done nothing.

~~~
lawnchair_larry
There is a difference between doing nothing and not telling mises from
hackernews what they are doing.

------
coldtea
Sounds about as reliable a news as the WMDs of yore...

~~~
tareqak
Could you please be a bit more specific about what you are trying to say?

~~~
coldtea
That there's all kind of propaganda around any enemy du jour, and don't
believe everything that you hear, even if it comes from "expert groups" and
"independent journalists".

Let's see in a few years...

