Behind the rise of North Korean hackers: the 121 game, the hacker forces and the red star system

Home > Sci-Tech

Behind the rise of North Korean hackers: the 121 game, the hacker forces and the red star system

2017-05-17 00:26:08 1019 ℃

The | Popov

This is North Korea a few days a playfully.

While many of the world's population was hit by the blue letinous edodes virus (WannaCry) scare, only North Korea was safe. Astronauts working at the international space station are not surprised. They circle the earth every 1.5 hours, and the northern part of the peninsula is usually dark.

As one of the rich social diseases in developed countries, computer viruses are almost a sweet annoyance for North korea. Think of a country where electricity and the Internet are not universal (1024 words are omitted here). However, the plot quickly reversed.


Extortion virus is not sophisticated, "want to cry", only to the bill 70 thousand U. S. dollars

Symantec (Symantec) and Kabasiji laboratories (Kaspersky Lab5 15) said that an organization called Lazarus had used partial coding of earlier versions of the ransomware virus. Researchers from several companies confirmed that the group operated for North korea. Kabasiji issued a report last month, said, Lazarus in recent years to Taiwan, India, Indonesia and other 18 financial institutions launched an attack in an attempt to steal huge sums of money.

Considering the recent international organizations to increase sanctions against North Korea, extortion virus is likely to become a new means of enrichment in North korea. The Central Intelligence Agency says North Korea is the world's most "open economy". It is estimated that in 2015 the country's economy stood at about 205 billion 900 million yuan. Data show that as of 2014, North Korea owed more than $62 billion 800 million in international trade debt, the major creditor countries for the United States, Germany, France and japan.

However, from the current situation, KPI completed the situation is not ideal. President Trump's national security adviser Boset said not long ago, the ransomware virus involving a total of 150 countries and approximately 300 thousand computer infected, but the user in order to unlock the computer hacker ransom paid to less than $70 thousand.

In the realm of computer viruses, ransomware may be classified as a mild herbivorous animal, with the biggest difference from other viruses in manipulation and intoxication. One kind of blackmail software simply locks the victim's computer, while the other systematically encrypts the files on the victim's hard drive. All extortion software will require victims to pay ransom to retrieve control of the computer, or to retrieve the decryption key that the victim can not obtain by himself, so as to decrypt the file.

The virus first started in Russia and later spread to the world. Historically more well-known extortion software, such as Reveton, CryptoLocker, CryptoLocker.F, CryptoWall and so on. Apple's computer, which has always been a safe bet, could not escape it. KeRanger, the first ransomware software to run on the X OS operating system, appeared in 2016, masquerading as.DMG executable files as RTF files, and had a three day incubation period.

Extortion viruses are often used in the name of law enforcement agencies to intimidate victims of computers and find illegal actions such as pornography, pirated media, or illegal operating systems. Ransom is the ultimate goal of such viruses, and in order to escape law enforcement, the victims are usually required to pay ransom in bitcoins. Only WinLock received $about 15000000 illegally for ransom in 2010.


The 121 game and the mysterious North Korean hacker Corps

North Korea is believed to have built a hacker unit in 1980s.

South Korea's defense ministry said the report, the hacker army since 1986, college computer courses for five years at Kim Il-Sung military university, then deployed in the general staff of the Department of defense command automation and reconnaissance bureau bureau, the computer war, the computer system intrusion in South Korea, the United States and Japan, the purpose is to gather information or launch computer attack.

Subject to North Korea's own Internet infrastructure is weak, there are a number of hacker army secret stronghold set in overseas. The 121 unit of the Korean people's army, believed to be the unit responsible for hacking, was established in the late 1990s, with about 1800 people under the military intelligence agency, the reconnaissance administration, which began operations in 2005.

New York Times reported that North Korea hackers network huge, there are 1700 hackers, and there are more than 5000 trainees, executives and other support personnel. To avoid suspicion, North Korean hackers usually operate in mainland China, Southeast Asia and Europe, and are closely monitored by their supervisors.

North Korean hackers have two main objectives, one is to obtain funding, and two is to obtain intelligence.

Computer security software maker Symantec believes that this year's attacks are all pointing to North Korea by hackers -- including the 2014 SONY film company network attacks, malicious software attacks by the Bank of Poland in 2016, and the same year, the Central Bank of Bangladesh stolen $81 million.

Financial institutions are a key target of North Korean hackers. Kabasiji, a well known network security company in Russia, pointed out that the Lazarus organization, which is involved in several attacks, was found to be in the 1 IP addresses in North korea. Kabasiji researchers believe that North Korean hackers have attacked action of financial institutions in Taiwan and Costa Rica, Ethiopia, Gabon, India, Indonesia, Kenya, Iraq, Malaysia, Nigeria, Poland, Thailand and Uruguay and other countries and regions.

"We can see the IP addresses they use," said James Comey, director of the Federal Bureau of investigation. "These IP addresses are from North Korea. They made a mistake.". This is a clear proof of who launched the cyber attack, and although we did not see anyone who launched the attack, we could know where to start the cyber attack. "

North Korean hackers have also successfully hacked into the military network of South korea. South Korean military admitted that September 2016 in early May this year, South Korean hackers break Han Jun computer network hub Defense Integrated Data Center, information will be stolen, including dealing with the full-scale war on the Korean Peninsula's "operation plan 5027" and other confidential documents, while South Korea's military know 20 days later found information was stolen.

In addition, South Korean police disclosed in April 2016, North Korea has through the implantation of malicious code, invasion of 160 South Korean government and the SK and Han Jin (Hanjin) group of more than 140 thousand computers. According to statistics, North Korea's cyber attacks on South Korea up to more than 1.5 times a day every day.

North Korea hacker attacks, but also bitcoin security problems worse. Yonhap News estimates that hackers stole $88100 in Bitcoin between 2013 and 2015. "Since 2012, North Korea has jumped onto the stage of Bitcoin extortion," says Hauri In, South Korea's cyber security firm. "


Red Star OS, Guangming, and 1024 IP addresses

Compared with the aggressiveness of the North Korean hacker troops, the folk Internet is very primitive.

Until 2012, the BBC reporter found that there was only one Internet cafe in Pyongyang. There, the computer is not familiar with the windows boot screen and sound, but rather the North Korean self operating system called the red star, a North Korean Linux deep customized version. The old version of the Red Star operating system is almost the same as the Windows, and the new version of the interface is exactly like the apple OS X, and the browser used is Naenara (based on Firefox revision).

North Korea is built for the local people to use the LAN - Guangming before and after 2000, the Korean domestic users only need to call the branch for network application procedures, you can access through the telephone line, browse Korean portal, but also English version. This website mainly provides official news services, such as voice of Korea, and the state newspaper "Labor News", there is also the Korean version of Facebook, however, can only release information and some information on the birthday wishes above.

Korea main website

BBC reports that North Korea's official web site has an quirks that each page needs to contain a special program. The effect of this program may be too straightforward but very important, it is the font name of all Kim Jeong-eun on the page will automatically display the text larger than the other. Although the difference is not large, it is prominent enough. "

CNN reported in 2014 that there were only 1024 known IP addresses throughout the country, and not every IP address was for one computer only. According to estimates, in 2014, North Korea's Internet traffic in the country is only equivalent to 1000 U. S. high speed network of family traffic.

Foreigners in North Korea can access the real internet. "Global Times" reported that the North Korean reporters use the wired internet in Pyongyang (North Korea currently prohibited the use of Wifi), the monthly monthly fee of about $545, the charging unit for the North Star Joint Venture Club, speed theory is 2M.

An Egyptian company helped North Korea build the 3G network around 2008, covering most of the major cities, The Associated Press reported. In 2013, North Korea allowed foreigners through the 3G network to access the Internet, mobile phone net monthly fee of about $14, a month free 50M traffic, the charging unit for the Korean Koryolink company and the excess part according to 1 yuan per trillion yuan fee.

An article in the "modern international relations" magazine published in 2014 noted that North Korea is facing "network development dilemma": "once access to the Internet, keep its ideological purity, unity and appeal of the difficulty and costs are increasing, constitute a challenge to the regime's ability to persuade. "

The more feasible way for North Korea in the future is to build a mosquito network: to enjoy the Internet as much as possible, to shield and filter the negative influence as much as possible, and to maintain the stability of the regime.