Among top hacking nations, North Korea’s the weirdest | #government | #hacking | #cyberattack

Hackers there are more likely to steal cryptocurrency than to steal secret information from a rival government like their peers in other cyber-savvy nations. Much of the stolen money goes to fund the heavily sanctioned nation’s nuclear program and other government operations. 

Most recently, Pyongyang’s premier hacking gang, dubbed the Lazarus Group, has been making headlines because of its brazen theft of more than $600 million in cryptocurrency from the video game Axie Infinity — the latest in a string of major cryptocurrency thefts. 

But it gets weirder from there: While the biggest blockbuster hacks backed by Moscow and Beijing targeted U.S. government agencies and prominent international organizations, North Korea is best known for the 2014 hack of a movie studio — Sony Pictures Entertainment — to settle a score over an unflattering portrayal of its totalitarian leader Kim Jong Un. 

• “In a word, they’re completely different,” Eric Chien, a fellow on Symantec’s Threat Hunter Team who’s closely studied the gang, told me. He described North Korea as more similar to the mafia or a criminal gang than a nation based on its actions in cyberspace. 

Mandiant vice president for threat intelligence John Hultquist told me it’s common to see criminals brought in as contractors and used to carry out espionage and other state-related activities among the “big four hacking nations,” using a term that traditionally includes Russia, China, Iran and North Korea. 

• “What separates North Korean activity is that they basically started as state actors and then became criminals,” Hultquist said. “They crossed the line into criminal activity and that takes up a lot of their effort now — straight up stealing for the state.”

Even North Korea’s status as a top hacking nation is exceedingly strange. 

North Korea’s estimated gross domestic product is smaller than Montana’s. It lacks significant trade or political ties with much of the world. And the vast majority of its residents have no Internet access. 

Yet Pyongyang has been able to build a hacking army that rivals nearly any on the globe and is frequently spoken about in the same breath as global powerhouses like China and Russia. 

It was also one of the first nations to invest in hacking more than 15 years ago. 

In addition to the Sony hack and cryptocurrency thefts, North Korean hackers:

• Pummeled South Korean banks and TV stations in 2013
• Nearly stole $1 billion from Bangladesh’s national bank (a typo in the computer code resulted in them getting away with only $81 million)

“The lesson here is that cyber capabilities are an incredibly asymmetric tool,” Hultquist told me. “It’s allowed them to raise funds for their country, but it’s also allowed them to push others around.”

Take the Sony hack as an example. The hackers leaked reams of embarrassing studio emails and unreleased films, throwing studio executives into a tailspin. Then the studio initially acceded to pressure to pull the movie that had launched the imbroglio from theaters — the Seth Rogen and James Franco buddy comedy “The Interview,” which plays Kim’s death for laughs. 

That decision was also spurred by threats of physical attacks on movie theaters. Soon after, the movie was released to stream on Netflix and other platforms. 

Given the risk of a similar hack, it’s unlikely such a movie would be made these days. 

“I doubt any movies about Kim Jong Un are getting greenlit anytime soon,” Hultquist said. 

North Korean hacking is weird in other ways too. Here’s a rundown:

• Most North Korean hackers live outside the country, including in at least one “hacker hotel” in China. That’s partly because North Korean Internet connections are so limited that hacks originating from there could be more easily tracked and mitigated.
• Cybercrime is part of a larger universe of illicit activities that the hermit nation has turned to for revenue, including the manufacture and sale of illegal drugs. “They were always involved in this underground to make money. Now they’ve shifted heavily to cybercrime because it’s easy for them and the amount of money they can make is crazy,” Chien told me.
• Unlike government hackers in Russia and China, it’s exceedingly rare for researchers to catch North Korean hackers moonlighting after hours, conducting cybercrime for their own profit. “We’ve seen a couple of very minor cases, but that’s few and far between,” Chien said. He speculated North Korean hackers are far warier retribution if they step out of line and upset national leaders than their counterparts in other nations.

In rare public speech, Obama laments rise of disinformation

Former president Barack Obama called for technology companies to “redesign” themselves to protect the public from disinformation, Elizabeth Dwoskin and Eugene Scott report. His address focused heavily on false claims that the 2020 election was stolen and that coronavirus vaccines aren’t trustworthy. 

“If we do nothing, I am convinced that the trends we are seeing will get worse,” Obama said, arguing that new technology can make disinformation more sophisticated. “Without some standards, the implications of this technology for our elections, for our legal system, for our democracy, for rules of evidence, for our entire social order are frightening and profound.”

Meanwhile, European policymakers are preparing to unveil a wide-ranging legislative package that would also target disinformation. Under the Digital Services Act, regulators plan to include an emergency method of forcing major tech companies to reveal how they’re responding to covid-19 or Ukraine misinformation and disinformation, the Financial Times’s Javier Espinoza reports. 

• “Search engines will also be captured by the new rule book, meaning companies such as Google will have to assess and mitigate risks when it comes to users spreading disinformation on its search platform,” he writes.
• The rules are expected to be unveiled as early as Friday.

Ex-judge leading partisan Wisconsin election review tracked backgrounds of election workers

Former Wisconsin Supreme Court justice Michael Gableman released a slew of documents from his probe, including an unsigned memo claiming that a Milwaukee mapping expert was “probably” a Democrat because she “has a weird nose ring.” 

The memo also describes other allegedly Democratic-aligned activities, including that the mapping expert “plays video games,” has “colored hair in some pictures,” “loves nature and snakes” and lives in a house she owns with her boyfriend, the Milwaukee Journal Sentinel’s Patrick Marley reports. It’s renewing criticism of Gableman, who has suggested that the Republican-controlled legislature should examine decertifying President Biden’s victory in the state.

Gableman’s probe has been plagued by blunders and off-the-cuff remarks that drew criticism:

• Before he even launched the investigation, Gableman said the 2020 election was stolen, leading some critics to question his impartiality.
• Some of Gableman’s subpoenas had incorrect information and his team used an insecure email address to tell clerks to preserve records, leading them to categorize it as spam.
• Liberal watchdog group American Oversight has filed three lawsuits targeting Gableman. On Thursday, a judge ordered Gableman to not delete or destroy potentially responsive records after his attorney told the group that he “routinely deletes documents and text messages that are not of use to the investigation.”
• Gableman also recently attacked Meagan Wolfe, who leads the Wisconsin Elections Commission, for how she dresses, Marley reported.

Researchers spotlight vulnerabilities in critical infrastructure systems

Ethical hackers at the Pwn2Own contest in Miami were able to breach software used to run industrial systems like pipelines and power grids, the MIT Technology Review’s Patrick Howell O’Neill reports. Hackers at the contest took home thousands of dollars in prize money for revealing how they were able to breach the systems and software — part of an effort to make the systems more secure. 

A step ahead of Russia: The event raises additional security concerns about some of the United States’ most vital computer systems amid a barrage of warnings about the increased Russian hacking threat during the war in Ukraine.

“In industrial-control systems, there is still so much low-hanging fruit,” Dutch security researcher Daan Keuper, who successfully hacked such systems during the conference, told Patrick. “The security is lagging behind badly.”

To be clear: Even if nefarious hackers discovered the vulnerabilities highlighted at the conference, they’d still be a few steps away from doing something destructive or dangerous. Here’s more from Patrick:

Costa Rica’s Alvarado says cyber​​attacks seek to destabilize country as government transitions (Reuters)

Greek prosecutor to probe alleged bugging of journalist’s phone (Reuters)

EU’s Vestager brushes off spyware threat (Politico Europe)

House Democrats ramp up investigation into impact of election disinformation (By Jacqueline Alemany, Theodoric Meyer and Tobi Raji)

Wawa wants a refund, says Mastercard owes $32 million for data breach penalties (The Philadelphia Inquirer)

House introduces cyber bill intended to safeguard energy sectors (The Hill)

Crypto Thieves Get Bolder by the Heist, Stealing Record Amounts (Wall Street Journal)

• The Atlantic Council hosts an event on recently discovered malware targeting industrial control systems Friday at 9:30 a.m.
• The R Street Institute holds an event on aspects of a U.S. privacy law Monday at noon.
• Clearview AI founder and chief executive Hoan Ton-That speaks at a Washington Post Live event Wednesday at 11 a.m.
• CISA Executive Assistant Director for Cybersecurity Eric Goldstein speaks at the State-of-the-Field Conference on Cyber Risk to Financial Stability on Thursday at 9 a.m.
• The Committee on House Administration holds a hearing on the effects of disinformation on communities of color Thursday at 10 a.m.

Thanks for reading. See you tomorrow.