Yup, it is weird and you will see what I talk about soon enough. You see, not unlike the Sony fiasco, some players are all about blaming the one we all see as a boogeyman, it happens and it lulls us all to sleep. Yet when the BBC gave us 18 hours ago ‘North Korea hackers stole $400m of cryptocurrency in 2021, report says’ (at https://www.bbc.com/news/business-59990477) I took a little time to mull a few things over. You see, it is nice that we are given a (state) hacker and a setting what apparently gave them $400,000,000, yet the danger is different. For me it started with the Sony hack, it gave me an idea to create a new hack that was never done before and the nice part is that it could be implemented in several ways and in several places. Yet then I started to think: “How can a nation observed by so many agencies pull this off, all whilst we saw evidence, journalist supported evidence, that military officers in North Korea had NEVER seen a smartphone, or one of its base functionalities?” This thought matters, because that lack tends to seep through the fabric of ANY organisation (to some degree). So I felt certain that the Sony hack was never done by North Korea, and several accredited and more capable cyber people than me felt the same way.
So here when I see “From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” Chainalysis said in a report” I feel that I am in a stage where I am watching a blame game develop, all whilst the fault is somewhere else. And there is more, the report the BBC talks about gives us “These complex tactics and techniques have led many security researchers to characterise cyber actors for the Democratic People’s Republic of Korea (DPRK) as advanced persistent threats (APTs). This is especially true for APT 38, also known as “Lazarus Group,” which is led by DPRK’s primary intelligence agency, the US- and UN-sanctioned Reconnaissance General Bureau. While we will refer to the attackers as North Korean-linked hackers more generally, many of these attacks were likely carried out by the Lazarus Group in particular.” It is an issue, because “cyber actors for the Democratic People’s Republic of Korea (DPRK) as advanced persistent threats (APTs)” implies an infrastructure, one that a lot of open nations do not get to have. I am not stating North Korea is innocent (well, they might be of this), I am stating that someone wants us to think it is North Korea, so that others stop looking in THEIR direction. You see, the reference to the Lazarus group (one I personally take offence with) and the DPRK gives a rather large voice, but in that it could only be if senior ranking North Korean officers knew what a smart phone was and that part is weird as some journalists who were in North Korea (2019, I believe) saw the opposite. This does not make sense. As such we cannot ignore hackers, optionally hackers who for a fee took shelter in or near North Korea, yet that puts them in the most watched part of the internet by at least half a dozen players. Personally it makes much more sense if they were working from China.
And now we get to the good stuff. This is seen in “Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report on last year’s cyber attacks added. A United Nations panel that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes as a way to avoid international sanctions.” I reckon that laundering is not beyond the abilities of North Korea. Yet the setting of “accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes” something that is possible, but the knowledge North Korea has stops this, moreover, their ballistic programmes are set upon failure after failure. Which with $400,000,000 in merely 7 operations sounds goofy to say the least.
It is my personal feeling that the hackers might be anywhere but in or near North Korea. The Sony hack is optionally a slice of evidence towards that. Consider that Russia has now Arrested REvil, yet no one is wondering how this group had “more than 426 million rubles (£4m), including about £440,000 worth of crypto-currency”, including 20 premium cars. These things get noticed, as such I believe that REvil had some massive levels of protection, a setting North Korea cannot do, it is too unbalanced. With REvil, there was a Russian valve of protection, a state player that is on the top tier, a place where North Korea has no access. When you see these elements questions rise and a lot more questions rise that one would expect. So who did steal that $400,000,000? I have no idea, but consider that someone offering North Korea in its current state is offering $100,000,000 for denying the blame, is that good business practice? It would allow the perpetrators months to set safe 75% and a nice settlement in a very nice place. I would definitely consider such a move and with the world searching, getting the not look in the wrong place is a good place to start.
In all this, I could be wrong, but am I? How much evidence of advanced computer technology (outside of Olympus has fallen) regarding North Korea have we seen? We saw the images of a North Korean president and his top staff looking amazed at a 3 year old Dell computer, one we see in many households. Where is the advanced hardware needed to remain undetected? All questions in addition to the dozens watching their every digital move. If they get away under these conditions, they would be more able than the NSA, DGSE, or FSB. How likely is that? When you look at the larger frame, too much of this is weird. On the other hand, it gave me the idea to create the Hop+1 listening systems, just a little idea I had to scare the Pentagon a little (I need my amusement too). So perhaps this will set me on track for another piece of IP, I have done more with less, so here is hoping.