[HN Gopher] The Lazarus heist: How North Korea almost pulled off...
___________________________________________________________________
The Lazarus heist: How North Korea almost pulled off a billion-
dollar hack
Author : pseudolus
Score : 158 points
Date : 2021-06-21 03:09 UTC (19 hours ago)
(HTM) web link (www.bbc.com)
(TXT) w3m dump (www.bbc.com)
| bellyfullofbac wrote:
| Hmm, this reads more like cheap entertainment rather than
| rigorous reporting.
|
| Was the Sony hack really done by the North Koreans [1]?
| "Journalists" just repeating what the FBI say make me doubt their
| seriousness.
|
| [1] https://talglobal.com/knowledge-center/hack-at-sony-
| pictures...
| rjmunro wrote:
| "But North Korea is better than that. They would not steal all
| the other movies and not grab The Interview. I am convinced
| that this is an inside job."
|
| Surely the fact that The Interview was the one movie they did
| not want to "grab" indicates that there was something about
| that movie. Perhaps they grabbed the others to spread them
| freely on pirate sites, but didn't want to spread The Interview
| because their whole aim was to make sure no one could ever see
| it.
| boomboomsubban wrote:
| The article uses the phrase 'It was "well-known in the intel
| community"' from an FBI agent to prove a North Korean
| connection. They aren't doubting the FBI at all in this story,
| it's less cheap entertainment more blatant propaganda.
| jollygoodshow wrote:
| For those interested in some of the technical details on the
| malware see: baesystemsai.com/2016/04/two-bytes-to-951m.html
| mzs wrote:
| https://archive.is/jlrGl
| zerr wrote:
| Tangential question: in order to become educated/expert in some
| field (e.g. IT) one needs the freedom of doing research, free
| access to information, Internet, thus exposure to
| "western"/civilized values, human rights, etc... So how NK
| "produces" such experts behind the iron curtain?
| cinntaile wrote:
| The hackers have a lot more access to information than regular
| citizens because they need it to do their job, but it would be
| interesting to know how that affects the defection rate.
| magicsmoke wrote:
| Probably higher than your average citizen without access to
| classified information, but not high enough to make defection
| a common occurrence that significantly hampers intelligence
| work. Some hackers may be disillusioned with the system, but
| most are socially conditioned to accept it as better than the
| alternative, imposed by external enemies and pressures, or
| not their problem. Defection is also not unique to
| authoritarian countries, see Snowden.
| rjmunro wrote:
| Also defection can be very bad news for the rest of your
| family and friends who you leave behind.
| magicsmoke wrote:
| Even in a nonauthoritarian country, defecting means
| you'll never return again to see your friends and family
| anyways. Given that, defectors probably consider making a
| political stand more important than their personal
| connections regardless of what happens after they leave.
| Not everybody has a loving family and close friends they
| can't give up.
| jetzzz wrote:
| You can't return but what is preventing them to come to
| your new home. Snowden's girlfriend moved to Russia and I
| think any of his family members can visit him if they
| want.
| magicsmoke wrote:
| I meant that if he was willing to put his family through
| that much trouble, they probably weren't that close in
| the first place. In which case, what does or doesn't
| happen to family left behind isn't a large factor in
| deciding to defect.
| krylon wrote:
| I doubt you can just move out of North Korea, especially
| if your significant other or close relative has just
| defected.
| jokethrowaway wrote:
| There is not a country in the world that is not a tiny bit
| authoritarian, see Snowden.
| 55555 wrote:
| For one thing, a lot of North Korean hackers apparently live
| and work abroad. source: The Great Successor
| wombatmobile wrote:
| > So in order to train its cyber-warriors, the regime sends the
| most talented computer programmers abroad, mostly to China.
| There they learn how the rest of the world uses computers and
| the internet: to shop, to gamble, to network and to be
| entertained. It's there, experts say, that they are transformed
| from mathematical geniuses into hackers.
| rtpg wrote:
| Exposure to "Western"/civilized values? What are you even
| talking about?
|
| Yes you can learn to be a script kiddy and plan heists without
| having the pledge of allegiance as part of a balanced
| breakfast. Books and random websites and stuff!
|
| Not to mention that people from NK or China don't just explode
| from logic errors after discovering Facebook.
|
| And yes people have ways of getting around internet blocking
| stuff for "reasons". They get exposed to minion memes and come
| out without being totally radicalized.
| f00zz wrote:
| Bloomberg managed to interview a former NK cracker who
| defected, it's pretty interesting:
|
| https://www.bloomberg.com/news/features/2018-02-07/inside-ki...
| BTCOG wrote:
| Not spoken about here is the fact that Lazarus __did__ make off
| with well over a billion dollars in funds by hacking numerous
| cryptocurrency exchanges around Asia and got away with it, too.
|
| https://www.forbes.com/sites/thomasbrewster/2021/02/09/north...
|
| Oh, and this is just KuCoin they're talking about here. They
| stole well over $3 billion more from several other exchanges in
| 2017-2018. All the exchange hacks back then on the various Asian
| exchanges are attributed to them. Really likely they made off
| with upward of $5 billion in today's terms of all sorts of
| altcoins.
|
| https://www.coindesk.com/north-korean-hacking-group-lazarus-...
| tester756 wrote:
| what's so elite about them?
|
| >In January 2015, an innocuous-looking email had been sent to
| several Bangladesh Bank employees. It came from a job seeker
| calling himself Rasel Ahlam. His polite enquiry included an
| invitation to download his CV and cover letter from a website. In
| reality, Rasel did not exist - he was simply a cover name being
| used by the Lazarus Group, according to FBI investigators. At
| least one person inside the bank fell for the trick, downloaded
| the documents, and got infected with the viruses hidden inside.
|
| >Once inside the bank's systems, Lazarus Group began stealthily
| hopping from computer to computer, working their way towards the
| digital vaults and the billions of dollars they contained.
|
| I'd say when you want elite level hackers, then try those:
| https://ctftime.org/ like
|
| More Smoked Leet Chicken, Dragon Sector or Plaid Parliament of
| Pwning
| jokethrowaway wrote:
| I agree. Just a bit of social engineering and a trojan.
|
| The main difference is that they know they have their country's
| backing and they don't need to account for that risk, allowing
| them to aim higher.
| londons_explore wrote:
| Does having your countries backing help that much?
|
| I assume hackers in other countries simply use a few layers
| of tor and bounce boxes.
| igou wrote:
| I feel like as somebody that works in tech, infosec media tends
| to feel too dense, or overdramatised (nothing against the BBC
| writers, I don't expect them to be super technical)
|
| The best middleground I found was Sandworm by Andy Greenberg.
| Does anybody know of similar works?
| shahchirag1709 wrote:
| Kento Bento had made a video explaining the same around 2 years
| back : https://www.youtube.com/watch?v=Usu9z0feHug
|
| Just wanted to share.
| baybal2 wrote:
| I believe it's overdramatised.
|
| The commotion in Bangladesh over missing $1B was bigger not so
| much because of money missing, but how it went undetected, and
| covered up.
|
| BAL goondas preemptively abducted country's leading computer
| security guy, beaten him half dead, and made him shut-up for a
| mere prospect of him being involved into investigation.
| bigbluedots wrote:
| [citation needed]
| baybal2 wrote:
| https://news.ycombinator.com/item?id=11319750
| raverbashing wrote:
| Here is proof that being technically capable is not so
| useful if you don't have corporate/governmental/legal
| knowledge and "street smarts"
|
| People (especially the technically inclined) have a rose-
| coloured view of how things should work. And yes if the
| company is up to date on security practices your
| vulnerability reports will be welcome.
|
| If not, well... (Not saying it should be like this, I'm
| saying drawing attention to yourself needlessly is not the
| wisest thing, especially if you don't have a plan B)
| mzs wrote:
| At the time there was a Reuters report that he made it back
| to his wife after the days long ordeal thankfully.
|
| https://www.reuters.com/article/us-usa-fed-bangladesh-
| idINKC...
| NikolaNovak wrote:
| Hah; check the comments in linked thread about "Trump
| Effectively Inciting Violent Action among his supporters".
| Let's put aside our individual perspectives and
| interpretations on events of 2021 for a moment - either way
| it's fascinating that comment is from _2016_ :O
| sudeepj wrote:
| > That North Korea would be the prime suspect in a case of cyber-
| crime might to some be a surprise.
|
| Really? This is actually well-known (atleast amongst security
| agencies) [1][2]
|
| [1]
| https://www.ft.com/content/cbb28ab8-8ce9-11e9-a24d-b42f641ec...
|
| [2] https://www.business-
| standard.com/article/international/cybe...
| johncoltrane wrote:
| "To some"
| dagw wrote:
| It's well known among people who pay attention to these sorts
| of things, but a lot of otherwise well educated people seem to
| think that all of North Korea is a primitive backwater stuck in
| the 50s lacking any kind of technical sophistication.
| Clewza313 wrote:
| The vast majority of the country (basically everything
| outside Pyongyang) is just that. But even in North Korea, the
| future is unevenly distributed.
| dagw wrote:
| _The vast majority of the country (basically everything
| outside Pyongyang) is just that._
|
| Oh absolutely, which I guess is why so many people find it
| so surprising that they at the same time have pretty decent
| cyber offensive capabilities.
| sometimesshit wrote:
| They have some Math people and I wonder why the regime didn't
| use state of art AI in their attacks.
|
| They surly has the potential but I don't see they are fully
| using it.
| jialutu wrote:
| > thieves had gained access to a key part of Bangladesh Bank's
| systems, called Swift
|
| Eh, what? I recall that to get access to SWIFT, you would require
| a SWIFT USB stick. How would a hacker be able to access SWIFT
| without the USB stick? This story doesn't smell right to me.
|
| Here is a link for SWIFT Alliance Lite 2:
|
| https://www.swift.com/our-solutions/interfaces-and-integrati...
| mcintyre1994 wrote:
| I've been really enjoying their podcast covering this story:
| https://www.bbc.co.uk/programmes/w13xtvg9/episodes/downloads
| frogcoder wrote:
| I've been enjoying BBC's podcast on this subject. Darknet
| Diaries also has an excellent podcast episode on it.
| https://darknetdiaries.com/episode/72/
___________________________________________________________________
(page generated 2021-06-21 23:02 UTC)