North Korea’s new front: cyberheists

Pedestrians are reflected on a screen showing exchange rates of cryptocurrencies at an exchange in Seoul on December 20, 2017. A South Korean cryptocurrency exchange shut down on December 19, after losing 17 percent of its assets in a hacking -- its second cyberattack this year, with North Korea accused of being behind the first. / AFP / JUNG Yeon-Je / TO GO WITH AFP STORY: NKorea-politics-cybercrime-hacking, FOCUS BY Jung Ha-Won
Updated 20 December 2017
0

North Korea’s new front: cyberheists

SEOUL: The messages are alluring, the pictures are attractive. But the women seeking to beguile South Korean Bitcoin executives could actually be hackers from Pyongyang in disguise, experts warn.
In the face of sanctions over its banned nuclear and ballistic missile programs, the cash-strapped North is deploying an army of well-trained hackers with an eye on a lucrative new source of hard currency, they say.
Its cyberwarfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for “The Interview,” a satirical film that mocked its leader, Kim Jong-Un.
But it has rapidly expanded from political to financial targets, such as the central bank of Bangladesh and Bitcoin exchanges around the world, with Washington this week blaming it for the WannaCry ransomware that wreaked havoc earlier this year.
And a South Korean cryptocurrency exchange shut down on Tuesday after losing 17 percent of its assets in a hacking — its second cyberattack this year, with the North accused of being behind the first.
According to multiple South Korean reports citing Seoul’s intelligence agency, North Korean hackers approach workers at digital exchanges by posing as beautiful women on Facebook, striking online conversations and eventually sending files containing malicious code.
They also bombard executives with emails posing as job seekers sending resumes — with the files containing malware to steal personal and exchange data.
Moon Jong-Hyun, director at Seoul cybersecurity firm EST Security, said the North had stepped up online honeytrap tactics targeting Seoul’s government and military officials in recent years.
“They open Facebook accounts and maintain the online friendship for months before backstabbing the targets in the end,” Moon told a cybersecurity forum, adding many profess to be studying at a US college or working at a research think tank.

Simon Choi, director of Seoul cybersecurity firm Hauri, has accumulated vast troves of data on Pyongyang’s hacking activities and has been warning about potential ransomware attacks by the North since 2016.
The United States has reportedly stepped up cyberattacks of its own against Pyongyang.
But Choi told AFP: “The North’s hacking operations are upgrading from attacks on ‘enemy states’ to a shady, lucrative moneymaking machine in the face of more sanctions.”
Pyongyang’s hackers have showed interest in Bitcoin since at least 2012, he said, with attacks spiking whenever the cryptocurrency surges — and it has soared around 20-fold this year.
US cybersecurity firm FireEye noted that a lack of regulations and “lax anti-money laundering controls” in many countries make digital currencies an “attractive tactic” for the North.
Cryptocurrencies, it said in a September report, were “becoming a target of interest by a regime that operates in many ways like a criminal enterprise.”
It documented three attempts by the North to hack into Seoul cryptocurrency exchanges between May and July as a way to “fund the state or personal coffers of Pyongyang’s elite.”
In October, Lazarus, a hacking group linked with the North, launched a malicious phishing campaign targeting people in the bitcoin industry with a fake but lucrative job offer, according to US cybersecurity firm Secureworks.

Hacking attacks targeting digital currencies are only the latest in the long list of alleged online financial heists by the North.
The North is blamed for a massive $81 million cyber-heist from the Bangladesh Central Bank (BCB) in 2016, as well as the theft of $60 million from Taiwan’s Far Eastern International Bank in October.
Although Pyongyang has angrily denied the accusations — which it described as a “slander” against the authorities — analysts say the digital footprints left behind suggest otherwise.
The attack on the BCB was linked to “nation-state actors in the North,” cybersecurity firm Symantec said, while the Taiwanese bank theft had some of the “hallmarks” of Lazarus, according to the British defense firm BAE Systems.
Proceeds from such actions are laundered through casinos in the Philippines and Macau or money exchanges in China, said Lim Jong-In, a cyber-security professor at Korea University in Seoul, making it “virtually impossible” to trace.
The global WannaCry ransomware attack in May infected some 300,000 computers in 150 nations, encrypting their files and demanding hundreds of dollars from their owners for the keys to get them back.
Experts say that young hacking talents are handpicked at school to be groomed at elite Kim Chaek University of Technology or Kim Il Sung Military University in Pyongyang, and now number more than 7,000.
They were once believed to be operating mostly at home or neighboring China, but analysis by cybersecurity firm Recorded Future noted “significant physical and virtual North Korean presences” in countries as far away as Kenya and Mozambique.
FireEye CEO Kevin Mandia put the North among a quartet of countries — along with Iran, Russia and China — that accounted for more than 90 percent of cybersecurity breaches the firm dealt with.
Its hackers, he said, were “interesting to respond to and hard to predict.”


Islamic scholar Tariq Ramadan faces rape accuser in court

Updated 18 September 2018
0

Islamic scholar Tariq Ramadan faces rape accuser in court

  • Ramadan was charged in France in February with raping two women in hotels in 2009 and 2012
  • Swiss prosecutors have also opened an investigation into allegations that he raped a woman in a Geneva hotel in 2008

PARIS: Prominent Islamic scholar Tariq Ramadan was due to face one of his rape accusers in a French court Tuesday as he seeks bail after seven months in custody on charges he furiously denies.
Ramadan, a frequent TV commentator, was a professor at Oxford University until he was forced to take leave when the rape allegations surfaced at the height of the “Me Too” movement late last year.
The Swiss citizen, whose grandfather founded Egypt’s Muslim Brotherhood, was charged in France in February with raping two women in hotels in 2009 and 2012.
Swiss prosecutors have also opened an investigation into allegations that he raped a woman in a Geneva hotel in 2008, local media reported Sunday.
Ramadan, 56, has repeatedly sought bail arguing that being in prison is making it more difficult for him to receive treatment for multiple sclerosis.
In a video posted on Facebook Monday, his son Sami said his father had been “presumed guilty since the start” and that he appeared frail during a recent visit. “He needs assistance and a walking frame to move,” he said in the video.
But judges have ruled that he has adequate care in the prison hospital at Fresnes in the southern Paris suburbs.
On Tuesday, he will come face-to-face with the disabled woman who accuses him of attacking her in the eastern French city of Lyon in 2009.
She remains anonymous but is known in the media as “Christelle.”
Ramadan was initially due to face her at a hearing in mid-July but it was postponed after Christelle’s lawyers said she was unwell.
Ramadan, a married father of four who has dismissed the allegations against him as a smear campaign, has denied any sexual contact with Christelle.
At a previous hearing she described a scar on Ramadan’s groin as proof they had a sexual encounter, but his lawyers have argued she could have obtained this detail from one of his former mistresses.
He has said he engaged in a flirtatious exchange of messages with the woman and met her for around half an hour in the hotel lobby, while she maintains that he raped and beat her in his room.
His other French accuser, a Muslim fundamentalist turned secular activist named Henda Ayari, went public with her allegations last October.
She said she was encouraged to speak out by the global torrent of sexual harassment and abuse stories unleashed by the allegations against Hollywood mogul Harvey Weinstein.
Both she and Christelle said they approached Ramadan, one of the best-known Islamic scholars in Europe, seeking religious advice.
Ramadan’s lawyers have pointed to inconsistencies in Ayari’s account of the alleged attack.
Another woman, French former call girl Mounia Rabbouj, has accused Ramadan of raping her several times in France as well as in London and Brussels between 2013 and 2014, but he has not been charged over those allegations.
He maintains he had a consensual affair with Rabbouj, describing relations that were “feisty” and involved “domination.”