This is a little hard. I just read an article on the Military hacks by North Korea, it doesn’t fit. Let me explain with a little time line.
2012
The Dutch had a press tour in North Korea. The Koreans confiscated temporary their camera’s and the Dutch were howling with laughter, they still had their iPhones and Android equivalents. They kept on filming. The Korean officers had no idea what a smartphone was, as such the Dutch had all the footage.
2014
Sony get hacked and soon thereafter we get all kinds of ‘leaked’ information. In addition within a year (I have no specific date) we get an amalgamated
The FBI later clarified more details of the attacks, attributing them to North Korea by noting that the hackers were “sloppy” with the use of proxy IP addresses that originated from within North Korea. At one point the hackers logged into the Guardians of Peace Facebook account and Sony’s servers without effective concealment. FBI Director James Comey stated that Internet access is tightly controlled within North Korea, and as such, it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government. The National Security Agency assisted the FBI in analysing the attack, specifically in reviewing the malware and tracing its origins; NSA director Admiral Michael S. Rogers agreed with the FBI that the attack originated from North Korea. A disclosed NSA report published by Der Spiegel stated that the agency had become aware of the origins of the hack due to their own cyber-intrusion on North Korea’s network that they had set up in 2010, following concerns of the technology maturation of the country.
The sources were the New York Times, Times magazine, The verge and CNBC. I had issues with the release of information, but my issues were speculative and based on the Dutch field trip to Korea
2017
In ‘The Good, the Bad, and North Korea’ (at https://lawlordtobe.com/2017/09/30/the-good-the-bad-and-north-korea/) I wrote “I got this photo from a CNN source, so the actual age was unknown, yet look at the background, the sheer antiquity that this desktop system represents. In a place where the President of North Korea should be surrounded by high end technology, we see a system that seems to look like an antiquated Lenovo system, unable to properly play games from the previous gaming generation, and that is their high technology?” This is my second opposition. Between 2012 and 2017 they had apparently gained the ability to produce their own smartphone. This is realistic.
2024
Now we get “North Korean hackers have conducted a global cyber espionage campaign to try to steal classified military secrets to support Pyongyang’s banned nuclear weapons programme, the United States, Britain and South Korea said in a joint advisory on Thursday.
The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, have targeted or breached computer systems at a broad variety of defence or engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems, the advisory said” (at https://www.reuters.com/world/north-korean-hackers-are-stealing-military-secrets-us-allies-say-2024-07-25/).
My issue (still speculation) is two fold. In the first we get to se that the Sony Hack was apparently not North Korea, but the Guardians of peace (the Lazarus group). We see references to “links to” and a small byte that they are “Originally a criminal group”. It is my speculation that these criminal ‘masterminds’ are either Russian or Chinese. They cater to North Korea as it allows them to act freely and I would expect them to share whatever intel they get with North Korea.
Even if these formerly known criminals were behind this setting, the whole picture doesn’t add up. I reckon that we all work at our own speed, however when we see Reuters give us “one elite group of North Korean hackers had successfully breached systems at NPO Mashinostroyeniya, a rocket design bureau based in Reutov, a small town on the outskirts of Moscow.” I do not debunk that setting, but over the timeline I have seen (many might have seen it), it is possible that this last statement is a smokescreen. Was it breached or were the Russians willing to hand over that ‘victory’ to make them sound more of a threat? In addition when we see “The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, have targeted or breached computer systems at a broad variety of defence or engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems” I mostly worry about the state of cyber security at our own shores. That they get breached by China or Russia is understandable, They are on par in technology with us. North Korea is not. It is like a hacker with an 80282 AT computer, a processor from 1982 coming up to a server with a Xeon processor stating ‘gimme your data’ It is like a swimmer slamming a great white shark with a BB gun. Utterly ineffective. That is merely the hardware, These hackers would have lacked at least a decade of hacking skills. The NSA and GCHQ would be running circles around them. No, I believe that this is another player making North Korea their patsy.
Now consider that all (or some) of my speculations are wrong. I get that, this is realistically possible, we still get the stage that the time line doesn’t fit. It is like going from an Apricot PC, to an IBM Q System One in a little over 7 years, without the required resources mind you. The other, more realistic, option is that defence and engineering firms have made a booboo and failed their cyber security requirements and now all avenues are racing to hide these facts.
Can North Korea get to this point? Yes, that is possible, but it seems to me that ‘western’ criminals are using that place to hide their actions and loot whatever they can, whilst they part time hack into places and hand these secrets over to North Korea. OK, I am still speculating. However, remember that building in Russia filled with hackers? Russian forces had to intervene there. It seems to me that these hackers would like another place to work from. It doesn’t make China innocent either. They might have the same issues and these hackers also need a place to work from. In this story, I merely come to the speculated conclusion that the term ‘North Korean Hacker’ is almost an newly seen oxymoron.
In all this the cogs are not aligned. In 1776 native American Indians got their hands on rifles. It took time to get good with them. In 1877 Satsuma Rebellion, led by Saigo Takamori faced Japanese forces with modern weapons, it took them time to adequately use these weapons. With the complexity of a system the time line expands. The timeline expands even more when excellence of a system is required. As such I feel that these technology skills do not fit the abilities of the North Koreans. But that is merely my point of view.
Have a great Friday, another 150 minutes until I have breakfast.
Lawrence van Rijn - Law Lord to be 