How North Korea’s Hacker Army Stole $3 Billion in Crypto – The Journal. | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

This transcript was prepared by a transcription service. This version may not be in its final form and may be updated.

Kate Linebaugh: Should we do the thing where we ask you to introduce yourself and-

Bob McMillan: We should.

Kate Linebaugh: …tell us how many times you’ve been on our podcast to talk about hacking.

Bob McMillan: Okay. All right, sure. My name’s Bob McMillan. I’m the cybersecurity reporter here in San Francisco, and I’ve been on The Journal podcast more times than I can remember talking about hacking.

Kate Linebaugh: We could have a whole playlist of Bob McMillan talking about hacking. Would it be a compendium?

Bob McMillan: It would be a greatest hits. Greatest hits.

Kate Linebaugh: Greatest hits, okay. And today, Bob, we’re going to add to your greatest hits with a story about North Koreans.

Bob McMillan: Oh boy, Kate, I hope I can remember all the facts about this story because there’s so many things they’ve done. It’s nuts.

Kate Linebaugh: Bob has covered the biggest, most outlandish hacking scams around the world. He reports on the techniques and the players.

Bob McMillan: There are a couple of countries that are really well known for hacking. The Chinese are really well known for taking personal data and intellectual property from American companies. The Russians are known for disinformation and for destructive attacks. The North Koreans are known for stealing money, that’s their jam, and they’ve stolen an awful lot of it. In the last five years.

Kate Linebaugh: How much have they stolen?

Bob McMillan: The blockchain analytics company Chainalysis estimates that they’ve stolen more than three billion dollars.

Kate Linebaugh: Where do you rank them on a scale of one, for not very good hacker, and 10, super-duper hacker?

Bob McMillan: With the Bob McMillan scale of hacking dastardly-ness. Where would they fit on that? Yeah, I guess they’re probably a good eight. Got to be a good eight right now in terms of just consequence of what they’re doing. Eight out of ten.

Kate Linebaugh: Welcome to the journal, our show about money, business and power. I’m Kate Linebaugh. It’s Thursday, June 22nd. Coming up on this show, how North Korea’s Hacker Army stole three billion dollars in Crypto.
North Korea’s emergence onto the global hacking stage started with a headline grabbing stunt.

Bob McMillan: In 2014, Sony was set to release a movie that was very critical of North Korea and North Korean leadership called The Interview.

Speaker 3: You want us to kill the leader of North Korea?

Speaker 4: Yes.

Bob McMillan: And it was like this Seth Rogan comedy movie that was set in North Korea and spoofed the entire country and North Korea was really offended by this film and they hacked Sony.

Speaker 5: The whole world is being given a glimpse inside a major Hollywood studio as a relentless electronic hacking attack continues against Sony.

Speaker 6: First, the studio’s movies were leaked and now private emails are going public.

Speaker 7: A source at Sony tells us the company is looking into the possibility that hackers working for North Korea could be behind the attack.

Bob McMillan: They broke into Sony and they pretended to be hacktivist group. They hacked into Sony. They released all these internal emails. They embarrassed the heck out of the company.

Kate Linebaugh: All out of spite because they didn’t want to be made fun of.

Bob McMillan: Yeah, and it put pressure on the distributors and on people involved with the film to not release it. People were scared by it, but it was also kind of silly. It was just very public and very just like, “You can’t release this movie about us or we’re going to embarrass the heck out of your company.”

Kate Linebaugh: Over the years, North Korea escalated its hacking game. To understand just how, Bob has reviewed documents from court cases, interviewed government officials, and talked to experts in the field. And Bob says, after the Sony hack, North Korea started using hackers to steal money and one of the very early cases was when state sponsored hackers targeted a central bank.

Bob McMillan: Well, they hacked into the Bank of Bangladesh and they ordered all this money to be moved into accounts that they controlled, but they kind of screwed that one up and they actually didn’t make as much money as they could have from it. It could have been a billion dollar hack. It ended up being a tens of million dollar hack, but it showed that really put them on the map as hackers who were capable, who were smart, who could figure out complex financial systems and who could steal millions of dollars from them.
And we haven’t mentioned the craziest one of all though, and that was WannaCry. The WannaCry worm, ransomware worm.

Kate Linebaugh: In 2017, North Korean hackers unleashed WannaCry. It was a self copying ransomware. It jumped from computer to computer and tore across the globe. When a computer got infected, it would freeze up. The hackers targeted businesses demanding they pay a ransom in Bitcoin to have their digital systems unlocked.

Bob McMillan: But it was very, very clear from the very beginning that if you paid the ransom, nothing would ever happen. There was no mechanism to actually get your ransomware computer unlocked.

Kate Linebaugh: So not a lot of businesses actually paid the Bitcoin and for the record, North Korea denies involvement in the attack. But Bob says North Korean hackers learned something important. Crypto was a good way for them to get money. They could move money around anonymously and more easily avoid international sanctions.

Bob McMillan: And so right around that time is when they started really getting serious about Crypto and what they did was they started hacking Cryptocurrency companies and then moving that money around the world and cashing it out.

Kate Linebaugh: Can you describe the techniques they use?

Bob McMillan: There are a variety of techniques that North Koreans use. I mean, phishing messages. So they send you an email with a link on it and you click on the link and then there’s malicious software on your computer that gives them a way to learn your passwords and learn how you log into things. So phishing would be one.
But over the years, these techniques have evolved, and so what’s really remarkable is they’ve gone from very simple phishing techniques to much more complicated tactics. So what we’re seeing nowadays are things like these very sophisticated social engineering scams where you have a fake recruiter, but somebody you can actually talk to on the phone or video conference with.

Kate Linebaugh: In these fake recruiter scams, someone connects with an employee from say, a Cryptocurrency company with an appealing job offer. The hacker gets this recruit to click on a link or downloaded a document which opens up access to that Crypto company’s servers, and there’s one big case where this exact technique worked. North Korean hackers targeted an engineer at a gaming company called Sky Mavis.

Bob McMillan: This engineer gets a note via LinkedIn, very standard recruiting pitch from another company. The engineer found the request to be interesting enough that he responded to it and they had a back and forth. This engineer feels like they’re moving through the recruitment process to a job that’s going to pay more money and maybe be a little bit more interesting than the Sky Mavis job.
And at one point the recruiter says, “Look, we need to evaluate your technical proficiency. We need you to just review this document and give us some comments on it.” So a document gets sent to the engineer at Sky Mavis and that document was not a legitimate document. It was a Trojan horse that once downloaded, gave the hackers access to the Sky Mavis network.

Kate Linebaugh: So the guy thought, this engineer thought he was being recruited for a new job, but actually by opening this document, he just let hackers into his company’s servers.

Bob McMillan: Right, and within a relatively short amount of time they had mapped out the network. They had essentially discovered a flaw that even Sky Mavis itself didn’t know about that that occurred within their own networks. They were good.

Kate Linebaugh: In Sky Mavis’s game, users linked their Cryptocurrency accounts and the hackers were able to get in and steal that Crypto.

Bob McMillan: And so Sky Mavis, they had a bunch of users who had been robbed. They themselves had been robbed. 600 million dollars was gone.

Kate Linebaugh: Sky Mavis has now repaid the victims of the cyber attack but a company executive said the incident threatened the company’s very existence.

Bob McMillan: Sky Mavis was the largest hack that the North Koreans ever pulled off. It was at over 600 million dollars. It dwarfs all of the other ones and it accounts for about a fifth of the money that these North Korean hackers have stolen from Cryptocurrency companies over the last five years.

Kate Linebaugh: And does this vault North Korea now up into the elite echelons of hackers?

Bob McMillan: Well, it’s hard to argue that they don’t fit in there.

Kate Linebaugh: North Korean hackers are pulling in billions. Coming up, what the country does with all that loot.
Since North Korea’s hackers have started targeting Crypto, they’ve stolen an estimated three billion dollars. What have they used the money for?

Bob McMillan: Well, the most concerning use of it is the missile program.

Kate Linebaugh: Last year, North Korea had more than 42 successful missile launches, according to data tracked by researchers. Bob asked the White House about the connection between the Crypto attacks and North Korea’s missile program, and he heard from Deputy National Security Advisor Ann Neuberger.

Bob McMillan: She said, “Are they related?” Well, she couldn’t say, but you just can’t help but notice that there’s been this… these two things have happened at the same time. And definitely, the White House believes that half of the funding for the missile program in North Korea is coming from hacking. So the fact that they’ve been so successful at this seems it seems impossible to doubt that it’s helped that.

Kate Linebaugh: Did you reach out to the North Koreans?

Bob McMillan: North Korea has a mission in New York, and so we reached out to the North Korean United Nations mission and they did not respond to our request for a comment.

Kate Linebaugh: Now the US is in a cat and mouse game with North Korea to try to either recover the stolen Crypto or stop the North Koreans from being able to convert the Crypto into cash.

Bob McMillan: Over the last year with the Treasury Department taking a big interest in this, the FBI has pushed out alerts about this. So there’s definitely been an effort to seize and disrupt them in the last year or so.

Kate Linebaugh: What exactly has the US done?

Bob McMillan: Well, I mean, the FBI has published the Cryptocurrency wallets used by North Korea, which has made it harder for them to cash out their stolen money. The Treasury Department has detailed the tactics that the North Koreans have used in an effort to get the word out to other potential victims that this kind of stuff is happening, but it’s hard to really go after the root of the problem because it’s in North Korea.

Kate Linebaugh: What is the Crypto industry doing to make the stealing of Crypto more difficult?

Bob McMillan: It’s pretty tough to get… I mean, hats off to Sky Mavis for talking about this because it’s pretty tough to get somebody to say, “Hey, we were hacked by the North Koreans. It was a social engineering attack and this is how it worked and this is how much they stole.”
I think there’s a strong incentive for people to just keep quiet when this happens because it’s embarrassing and the North Koreans are dangerous, and so I think people are a little bit afraid of them.

Kate Linebaugh: What are the stakes for the US of North Korea’s Crypto stealing?

Bob McMillan: Ultimately, North Korea has a missile program that is thought to be capable of reaching the West coast of the United States today. They’re a nuclear power, and they’re in a pretty hostile relationship with the United States right now. So ultimately, the stakes are how far are they going to be able to take their weapons development? I think that’s the ultimate concern about all of this.
And now from that very worrying concern is just this idea that a nation could act almost like privateers, just global Crypto pirates running around and breaking into whoever they want and stealing money and causing disruption for financial game.
I mean, earlier this year, there were ransomware attacks linked to North Korea that were affecting hospitals in the United States. They’re shutting down computer systems in US hospitals and the ultimate goal there was to just get some Cryptocurrency for this dictatorship and I mean, that’s kind of horrifying to think about.

Kate Linebaugh: So is stealing Cryptocurrency a sustainable way for North Korea to fund itself?

Bob McMillan: It feels like it is. It feels like they’re still, despite all of the efforts of the US government, they’re still finding ways to convert to local currency. It’s not as easy as it used to be, but they’re still hacking Cryptocurrency companies, that hasn’t stopped. So they feel like it’s worthwhile, that’s clear.

Kate Linebaugh: That’s all for today. Thursday, June 22nd. The Journal is a co-production of Gimlet and the Wall Street Journal. Additional reporting in this episode by Dustin Volz. Thanks for listening. See you tomorrow.


Click Here For The Original Story From This Source.

National Cyber Security