Rubbing money, stealing money, threatening, this North Korean hacker organization earned 4 billion a year

In less than a year, the world's first exchange, the currency exchange, and the hackers came in close contact. Compared with the previous two times, no matter whether it is on the K-line or the market sentiment, it has not been intense before. It can be seen that the currency circle has been eccentric to the hacker.

It has been no exaggeration to say that the coin circle has been described as a “hacker cash machine” : in 2018, global hackers stole a total of $1.7 billion worth of digital currency.

Unexpectedly, nearly 600 million US dollars of thefts were committed by North Korean hackers, and these hacking attacks are likely to be under the command of the North Korean military.

North Korean hacker born for the country

 

In most people's impressions, North Korea is "the least open economy in the world", and its Internet technology is far less developed than other countries. After all, it is enough in North Korea.

It is said that in North Korea, only tourists or “higher” citizens can access the Internet . The internal network can be seen. The website is only one or two thousand, and all online records are monitored.

In this case, the average person has no chance to become a hacker who threatens the world.

Unlike programmers who are still struggling on the 996 line in China, being a national programmer in North Korea is considered to be the ancestors of the ancestors. Not only can they survive this life , but their families can also move to the capital and receive advanced treatment from the government.

Every once in a while, the government specializes in rigorous screening of some young people with computer talents. After sending them abroad for rigorous training, they will return to the country for military selection. These include the 121 Bureau of the Korean Intelligence Agency – one was established in the 1990s. At the end, there are about 1,800 people who specialize in hacking.

The core purpose of the 121st Bureau is to free North Korea from dependence on other countries . Through the power of the hacker army, it steals the core data of hostile countries, triggers political chaos, and gains opportunities in the network battle.

Jang, a former Korean who worked in the 121st bureau and later defected to South Korea, told the media: "North Korean hackers have reached the top international level, and they are not in line with Google or the CIA."

The New York Times used this phrase to describe North Korea: "As Western analysts have ridiculed the potential of North Korea's nuclear program, experts have also underestimated the country's network potential. For Pyongyang, which suffers from isolation and has little to lose, Hackers are near-perfect weapons."

Crazy Lazarus

 

The 121 bureau has a hacker organization that has been reported by foreign media numerous times, called Lazarus Group, transliterated to Lazarus . They have done a well-known thing – attacking Sony.

In North Korea, the authority and image of Kim Jong-un are sacred and inviolable. As long as the name appears on the North Korean website, the font size of these three words must be 20% larger than the standard font on the page .

In 2014, Sony Pictures of Japan took a comedy film, "Assassination of Kim Jong-un," which tells the story of two American talk show hosts who went to Pyongyang to assassinate Kim Jong-un under the direction of the CIA and intends to release it on Christmas Day. a movie.

The North Korean government certainly does not allow the top leaders to be "insulted" by this. Their foreign ministry has actually protested to the United States: "This is a war act. If the US government allows the film to be broadcast, North Korea will take decisive measures."

This kind of intimidation is simply unmoved by the United States, and even encourages everyone to watch this film.

In the month before the film was officially released, Sony was suddenly attacked by hackers . The company’s large confidential documents and employee information were leaked. At the same time, the hackers sent threatening letters to Sony CEOs and other executives: “Do you remember the 9/11 incident? Stop the release of the terrorist movie immediately!"

In the end, Sony announced the cancellation of the "Assassination of Kim Jong-un" , and the hacker organization Lazarus was also famous in this "competition for the country" campaign.

In addition to the national face, Lazarus is often robbed in the world for the sake of wealth.

In 2015, Lazarus attacked a bank in the Philippines and attacked a bank in Vietnam at the end of the year;

In 2016, Lazarus tried to steal $1 billion from the Fed and eventually stole $ 81 million because of a misspelled word;

In 2016, the personal information of over 10 million users of Interpark's e-commerce platform Interpark was stolen by cyberattacks, and North Korean hackers demanded $2.7 million in bitcoin as a ransom;

In 2017, WannaCry ransomware spread to 150 countries around the world, but North Korea did not have a move, and the script of the virus was the one used by Lazarus…

Every time I face doubts, North Korea’s attitude is very firm: I am not, I am not, you can’t talk nonsense.

Then, after the ravages, North Korean hacking organizations began to adopt new strategies to point the cryptocurrency.

Hacker's tentacles reach into the coin

 

Some intelligence companies found that before May 17, 2017, North Korea had basically no Bitcoin-related website or node activities, and there was no use of Bitcoin ports or protocols. Since May 17th, related activities have increased dramatically, from zero to hundreds of times a day.

Before 2017, North Korean hackers’ theft of the currency circle was only a small hit, and they also stole millions of dollars. As bitcoin added and the currency circle flourished, North Korean hackers seemed to find a gold mine here. .

In 2017, South Korea’s cryptocurrency exchange Bithumb was hacked, 8 billion won was stolen, and a large amount of user information was leaked. Afterwards, South Korean lawmakers pointed out: "It is a North Korean hacker who sent some phishing emails, hacked into the exchange, stealing user information and stealing billions of won in assets."

Compared with direct stealing of cash, because of the difficulty of tracking and unregulated cryptocurrency, North Korean hackers can avoid most of the sanctions.

In October 2018, cyber security provider Group-IB pointed out in the report that since January 2017, Lazarus has received huge sums of $571 million from attacking cryptocurrency exchanges.

Today, attacks on exchanges are becoming more and more difficult, and North Korean hackers are considering individual investors with poor security.

South Korean police said last year that North Korean attackers attempted to defraud 25 employees of four exchanges through phishing attacks, but fortunately they were not fooled. In addition, a South Korean network security company said that since April last year, his company has found more than 30 cases of North Korean hackers stealing personal assets.

These hackers usually fake the names of some well-known exchanges to send emails to users , let users jump to fake exchange URLs, or download clients with their own viruses. As long as you log in to the account, the background will automatically steal account information.

North Korean hackers are born for the country. As investors, we can't predict when the hacker will shoot next time, but it can prevent problems before they happen:

1. Try to put the coin in your wallet

2. Select the transaction made by the big deal

3. Don't point to emails and links from unknown sources

Source: Block wave