North Korea’s new front: cyberheists
North Korea’s new front: cyberheists
In the face of sanctions over its banned nuclear and ballistic missile programs, the cash-strapped North is deploying an army of well-trained hackers with an eye on a lucrative new source of hard currency, they say.
Its cyberwarfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for “The Interview,” a satirical film that mocked its leader, Kim Jong-Un.
But it has rapidly expanded from political to financial targets, such as the central bank of Bangladesh and Bitcoin exchanges around the world, with Washington this week blaming it for the WannaCry ransomware that wreaked havoc earlier this year.
And a South Korean cryptocurrency exchange shut down on Tuesday after losing 17 percent of its assets in a hacking — its second cyberattack this year, with the North accused of being behind the first.
According to multiple South Korean reports citing Seoul’s intelligence agency, North Korean hackers approach workers at digital exchanges by posing as beautiful women on Facebook, striking online conversations and eventually sending files containing malicious code.
They also bombard executives with emails posing as job seekers sending resumes — with the files containing malware to steal personal and exchange data.
Moon Jong-Hyun, director at Seoul cybersecurity firm EST Security, said the North had stepped up online honeytrap tactics targeting Seoul’s government and military officials in recent years.
“They open Facebook accounts and maintain the online friendship for months before backstabbing the targets in the end,” Moon told a cybersecurity forum, adding many profess to be studying at a US college or working at a research think tank.
Simon Choi, director of Seoul cybersecurity firm Hauri, has accumulated vast troves of data on Pyongyang’s hacking activities and has been warning about potential ransomware attacks by the North since 2016.
The United States has reportedly stepped up cyberattacks of its own against Pyongyang.
But Choi told AFP: “The North’s hacking operations are upgrading from attacks on ‘enemy states’ to a shady, lucrative moneymaking machine in the face of more sanctions.”
Pyongyang’s hackers have showed interest in Bitcoin since at least 2012, he said, with attacks spiking whenever the cryptocurrency surges — and it has soared around 20-fold this year.
US cybersecurity firm FireEye noted that a lack of regulations and “lax anti-money laundering controls” in many countries make digital currencies an “attractive tactic” for the North.
Cryptocurrencies, it said in a September report, were “becoming a target of interest by a regime that operates in many ways like a criminal enterprise.”
It documented three attempts by the North to hack into Seoul cryptocurrency exchanges between May and July as a way to “fund the state or personal coffers of Pyongyang’s elite.”
In October, Lazarus, a hacking group linked with the North, launched a malicious phishing campaign targeting people in the bitcoin industry with a fake but lucrative job offer, according to US cybersecurity firm Secureworks.
Hacking attacks targeting digital currencies are only the latest in the long list of alleged online financial heists by the North.
The North is blamed for a massive $81 million cyber-heist from the Bangladesh Central Bank (BCB) in 2016, as well as the theft of $60 million from Taiwan’s Far Eastern International Bank in October.
Although Pyongyang has angrily denied the accusations — which it described as a “slander” against the authorities — analysts say the digital footprints left behind suggest otherwise.
The attack on the BCB was linked to “nation-state actors in the North,” cybersecurity firm Symantec said, while the Taiwanese bank theft had some of the “hallmarks” of Lazarus, according to the British defense firm BAE Systems.
Proceeds from such actions are laundered through casinos in the Philippines and Macau or money exchanges in China, said Lim Jong-In, a cyber-security professor at Korea University in Seoul, making it “virtually impossible” to trace.
The global WannaCry ransomware attack in May infected some 300,000 computers in 150 nations, encrypting their files and demanding hundreds of dollars from their owners for the keys to get them back.
Experts say that young hacking talents are handpicked at school to be groomed at elite Kim Chaek University of Technology or Kim Il Sung Military University in Pyongyang, and now number more than 7,000.
They were once believed to be operating mostly at home or neighboring China, but analysis by cybersecurity firm Recorded Future noted “significant physical and virtual North Korean presences” in countries as far away as Kenya and Mozambique.
FireEye CEO Kevin Mandia put the North among a quartet of countries — along with Iran, Russia and China — that accounted for more than 90 percent of cybersecurity breaches the firm dealt with.
Its hackers, he said, were “interesting to respond to and hard to predict.”
Monsoon in Bangladesh adds to Rohingya refugees’ plight
- Bangladesh government has established 40 diarrheal training centers in the refugee camps to deal with the outbreak of diarrhea among the refugees.
- Authorities in Bangladesh have taken urgent steps to face the emergencies: 169 medical centers equipped with doctors and medical staff are providing treatment to the Rohingyas.
DHAKA: As the monsoon starts showering in the Rohingya refugee camps of Cox’s Bazar, water-borne disease makes a fresh attack on the inhabitants of the congested bases.
According to World Health Organization (WHO) situation update report, last week 873 Rohingya patients were identified with Acute Watery Diarrhea (AWD) — nearly double the average number of AWD patients in recent weeks.
Aid agencies are feared to have more waterborne disease patients in the mid-monsoon.
“My son has suffered from diarrhea for the past two days,” said Morium Begum, a Rohingya refugee living in Balukhali camp, while waiting in the queue for the doctor at a health center. Her three-year-old boy, Ahmed Musa, looks very pale and ailing because of dehydration.
Another girl, Halima Khatun, 6, has suffered from high fever for the past four days.
“I visited the doctor with my daughter in this camp two days ago. They have prescribed Halima some medicines, but her condition has not improved,” said her mother, Khadiza Begum, while visiting an NGO-run health center at Kutupalang camp in Ukhia, Cox’s Bazar.
Authorities in Bangladesh have taken urgent steps to face the emergencies: 169 medical centers equipped with doctors and medical staff are providing treatment to the Rohingyas.
“We are maintaining a very close coordination with all the government and NGO-run medical centers to address any emergency and humanitarian crisis,” says Dr. Abdul Mannan, Upazilla health officer of Ukhia, where most of the refugees now live in makeshift houses.
“We have noticed a significant rise in waterborne diseases during this month of monsoon, which include fever, diarrhea, respiratory problems for the children and older people, skin diseases, and jaundice,” added Mannan.
Describing the situation as “so far under control,” he said emergency response teams were always on “standby mode” with ambulances to carry the distressed Rohingyas to the nearby hospitals.
Anticipating the crisis, the Bangladesh authority has hired another team of 40 doctors to provide emergency treatment. They are also on “standby” and will be deployed on a needs basis in the crucial areas, said Cox’s Bazar district civil surgeon Abdus Salam.
“To deal with the diarrhea patients, we have established 40 diarrhea training centers within the camp areas. In addition, all our paramedic staff are provided with special training on the treatment of diarrhea patients.”
According to the latest situation report of Inter-Sector Coordination Group (ISCG), last week the refugees in Cox’s Bazar district experienced 95mm rain. During this period 116 shelters were damaged by rain and heavy wind.
Although authorities in Bangladesh have relocated 32,000 refugees to a safer place, the ISCG said, there are still around 215,000 refugees living on the hill slopes at great risk of landslides and monsoon floods. Of them, 42,000 are living at “highest risk.” By the end of this month, another 3,500 refugees will be shifted to safer zones, according to the ISCG report.