North Korean Hackers Are Stealing Military Secrets, Say US and Allies

North Korean hackers have conducted a global cyber espionage campaign to try to steal classified military secrets to support Pyongyang's banned nuclear weapons programme, the United States, Britain and South Korea said in a joint advisory on Thursday. From a report: The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, have targeted or breached computer systems at a broad variety of defence or engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems, the advisory said. "The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India," the advisory said.

It was co-authored by the U.S. Federal Bureau of Investigation (FBI), the U.S. National Security Agency (NSA) and cyber agencies, Britain's National Cyber Security Centre (NCSC), and South Korea's National Intelligence Service (NIS). "The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes," said Paul Chichester at the NCSC, a part of Britain's GCHQ spy agency. The FBI also issued an arrest warrant for one of the alleged North Korean hackers, and offered a reward of up to $10 million for information that would lead to his arrest. He was charged with hacking and money laundering, according to a poster uploaded to the FBI's Most Wanted website on Thursday.

Wow. North Korea would do something like that?

[mmell]

Why is a nation like that even permitted to exist?

(and I'm almost afraid to ask) - how did the U.S. Federal Bureau of Investigation (FBI), the U.S. National Security Agency (NSA) and cyber agencies, Britain's National Cyber Security Centre (NCSC), and South Korea's National Intelligence Service (NIS) find this out? I assume they managed somehow to get their hands on some North Korean military secrets, or did North Korea announce this at a press conference I missed?

Mind you, I'm still all for nuking North

Re:

[olsmeister]

Most of the NK people are clueless and powerless, and do not deserve to be nuked. What we should consider doing is targeted assassinations of high ranking officials. In mysterious and untraceable ways.

Re:

[gweihir]

Getting somebody into North Korea with the skills and equipment to do that is probably massively harder than to get them close enough to a candidate for US president and takle a shot ...

Touche'.

[mmell]

N/T

Re:

[cusco]

I assume you'd be just fine with it if they started doing the same?

Re:

[zlives]

of course, its called rules of engagement.

Re:

[zlives]

being sarcastic here, o internet what has happened to you to require this.

Correction

[mmell]

"They're just like is" is absolutely more than adequate justification for their immediate and absolute destruction. Bad enough the Russians are just like us and the Chinese are rapidly getting that way (hey, they're slow learners).

Re:

[cayenne8]

Is there no way for the greater free world to basically cyber-fence North Korea in?

Is there no way to basically "disconnect" them from the rest of the greater world and internet?

Who is allowing them to connect to the backbones, etc?

Re:

[gweihir]

You do not need a lot of bandwidth to do targeted hacking. It is essentially impossible to keep them out. A brief look at a map also shows shared borders with China and Russia. Do you want to disconnect them as well?

Re:

[mmell]

Blocking LACNIC and AFRINIC is easy; the old IPv4 scheme had that covered and I've been doing it to my email for years; R-T (and I forgot where China's at) were both pretty difficult to locate because of all the one-off subnets they have scattered through the (straightforward but too-finite) 32-bit address space and I can only block a sizeable percentage of either conveniently. Now it's IPv6 and certain v4 limitations no longer apply, only physical disconnection will do now. Good luck with that, let me kn

Re:

[ctilsie242]

All you need is a connection to a part of the Internet, and between SSH clients, seed boxes, VPN connections, proxies, one can have free reign from there. If everyone blocks North Korea at routers, China and Russia will happily give them a proxy from their IP space that changes.

If North Korea was just alone in the world, that is one thing, but even with that, money talks, and given enough cash, they would get a proxy out. However, NK has two superpowers behind them who will be more than happy to provide I

Re:

[cusco]

All of North Korea's internet access goes though the Great Firewall of China, unless they've got a few slow satellite accounts now. You've touched on why the whole "North Korean Super Hacker Army" trope is such a ridiculous claim, they have almost no bandwidth, fewer computers in the entire country than are on an average college campus and most of those are cast-offs surplus from the Chinese, no trainers to speak of, a severely restricted set of IP addresses, and no computing classes from which to select t

Re:

[cusco]

China is a threat to the world? You're frightened of a country with one single overseas military base? That's as absurd as the fear that Russia, with an economy roughly the size of Mexico, is somehow going to take over all of Europe.

Meanwhile the US has over 750 military bases in over 80 countries worldwide, including a number in countries who want to eject them but they just refuse to leave (Iraq, Syria, Cuba, Chad, Central African Republic). The US spends more on its military than the entire rest of th

This was only supposed to be done by (the) US!

[thesjaakspoiler]

and now those North Koreans are doing it too?
How dare they.

Re:

[jonfr]

Because of "Peace of Westphalia" that did put in place the current border system and nation system. This was put into effect in the year 1648 after the 30 year wars and other wars that happened at the same time in Europe.

https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[RockDoctor]

Why is a nation like that even permitted to exist?

Because they have nukes.

There might be an objection that "so what, they can't deliver it to our mainland". Which is not necessarily true. They might not have a missile delivery system which "we" are set up to counter (for values of "we" that clearly wouldn't include America's "allies"), but does that mean they don't have a delivery system which "we" are not set up to counter. For example, delivery over a period of months by shipping container, to an anonym

Re:

[Ferocitus]

Mind you, I'm still all for nuking North Korea out of existence; but we should at least find something valid to complain about before we do. "They're just like us" is hardly a justification to begin carpet-bombing the northern half of the Korean Peninsula.

You're a subhuman cunt.

Okay, who's being asked awkward questions?

[Rosco P. Coltrane]

So the military readily admits it and its suppliers are incapable of keeping state secrets secret? Who's being investigated over this?

My tax dollars pays for incompetent IT. I don't see this as North Korea being very good at hacking so much as the US being incapable of stopping them. I want to see head rolls - including, probably, at Amazon, since we gave them $9bn to provide secure cloud services [cnn.com] and apparently they failed at that.

Of course, no heads will roll, as all that money is just pork and has nothing to do with getting efficient IT.

Re:

[CommunityMember]

I don't see this as North Korea being very good at hacking so much as the US being incapable of stopping them.

Actually, North Korea, and Iran (as another example), are considered to have some very good hackers/spies. The intelligence/capabilities to be a good hacker is not limited by some arbitrary nation boundary lines.

Re:

[cusco]

Only Americans with the memory capacity of a gold fish failed to recognize the pattern.

So the majority of voters. I'm not reassured.

Actually I think the most dangerous weapon in the US arsenal is the Madison Avenue advertising agencies, which are essentially mind-control organizations. They hire the best researchers in the world on mass psychological manipulation, and they're not just selling soap. When the mass media consists of four companies who work as an effective monopoly together to create the nar

Re:Okay, who's being asked awkward questions?

[LazarusQLong]

it only takes one.

Some years ago, someone brought a flash drive in from home that (they claim they did not know) was infected. that put the malware on the NIPRnet. At that time it was already illegal to use personal stuff on government computers, in the DoD, but this person did it, maybe they got confused.

That jeopardized the whole network and took months to clean up from. In all of the networks run by the DoD there are rules that are to be followed... the things that some politicians have done in the past few administrations would have gotten me locked up, unless President Obama decided to pardon me, but I digress.

. It only takes one person who thinks the rules don't apply to them, or that they believe they are smarter than these 'arbitrary' rules. Now your network is compromised.

Re:

[Rosco P. Coltrane]

Okay.

That answers the how. My question was who: who's being arrested? Who's going to the slammer? Will Amazon be sued or fined? Will their multi-billion contract renegotiated or rescinded? Will we-the-taxpayers get our money back?

Also, while I agree with you that it only takes one rogue, when it happens repeatedly, it becomes a systemic failure.

Re:

[LazarusQLong]

it happens from time to time. it isn't always a rogue, though sometimes it is... mostly it appears to be people just not following the rules. Why? I can't fathom why. Maybe they think they know better? .

Re:

[LazarusQLong]

there is probably going to be an investigation, those contractors involved will probably receive a strike. DISA will most likely require their systems to be cleaned and certified all over again.

Things aren't as simple as what you suggest. For example, if Electric Boat (do they still make our subs? I don't recall) screws up halfway through building a sub and their networks are compromised, the sub is half built. who else could takeover at that point and finish that sub? The last i knew, electric boat was p

Re:

[AmiMoJo]

Why would secure machines even allow usb t devices to be connected? On Windows you can lock it down to a set of pre approved devices, so random flash drives won't be accepted.

Re:

[LazarusQLong]

these are not secure machines, they are specifically non-secure machines, cleared only for unclass/CUI data, that I am speaking of.

in the article it says, "As was the case with that hack, APT45 used common phishing techniques and computer exploits to trick officials at the firms they were targeting into giving away access to their internal computer systems, Thursday’s advisory said." so the attacks that gained access were more in the realm of gullibility or ignorance of high placed officials... You

Re:

[RockDoctor]

One assumes that DoD (etc) desktops, laptops, etc already run OS which have been hacked or configured so their response to plugging in a USB device is "huh, what is this? I don't know how to deal with this shit? I'm calling an Administrator, and three burly, unimaginative squaddies."

Sure, it's inconvenient. And if there's a use-case for JoeSpecialUser to have access to USB mass storage (ditto, firewire, optical disc ...), then there's a use case for JoeSpecialUser to do so on a special machine, under the

Re:

[LazarusQLong]

for non-lab computers I believe most in the DoD are on windows. Yippee. For the people up the food chain a certain amount, they tend (as far as I have seen) to think the rules apply to the little people. Not them. We are allowed USB connected stuff, I have a backup HD as well as an optical drive both that connect via USB for example. But that they were issued me by the Navy, and the only one I will therefore use for official work... It appears to me that many people feel limited by this sort of thing, and t

Re:

[RockDoctor]

[Reads first person evidence on Slashdot.] [Goes to move "US DoD" into "security theatre" file.] Oh, it's already filed under "security theatre".

Re:

[LazarusQLong]

once, long, long, long ago, I criticized a contract that had been written for some service or other. The contractor forwarded my criticism to the contracting officer. That contracting officer wrote me a long, informative email... It was a very good explanation for me of what the happens. Another time, I was detailed to review the 'certification' portion of a contract, that portion was about 10,000 pages. I was not normally in that job, so the other people in the (locked/sealed) room (all, who like myself,

Re:

[RockDoctor]

... never having watched a congressional hearing since the films of McCarthy being a dangerous idiot in public ... it doesn't sound as if they've got any better.

Question - what - apart from serving from the pork barrel - have your government got to do with promotions in any branch of the military? Seems to me like an ideal opportunity to dish up pork in a corrupt manner. Do people in America actually (sorry - it's hard to type straight while rocking with suppressed laughter) trust "their" politicians? What

Re:

[LazarusQLong]

As far as I know, military promotions up through Captain/Colonel are done without Congress, but for Admirals/Generals (all four grades of them) I think Congress does it. I could be wrong there, I was only an enlisted man and didn't concern myself with how my officers got promoted.

I am sure someone will misread my comment and correct me in the most insulting way possible.

Re:

[cusco]

AWS has never been hacked from the outside, that I've ever heard of. If someone gets on the Pentagram's network and uses that access to worm their way into the archives that's a US government problem. AWS provides the resources and the secure tunnels to get to them, once someone is in that tunnel there's nothing they can do about it.

Something's fishy.

[nightflameauto]

Something like this strikes me as pure propaganda. Not because I don't think they're trying to steal secrets from us. But because it's really, really, REALLY stupidly absurd. This would be like the biggest bully in grade school standing in front of the class and claiming that the weakest kid in class, the one that had back surgery last month and is barely able to walk still, stole his lunch money.

Why does America insist on demanding the world recognize how weak we are now? "Hey, everybody! Just wanted you to know that we're now so inept that North Korea, the place that can barely get a rocket into the air, has stolen military secrets from us." Um, What? And let me add, The Fuck.

Re:

[HBI]

Actually, their rockets are not necessarily bad. They are considered a serious threat, though something called a "Nodong" sounds like the eunuch of missiles.

Re:

[gweihir]

Indeed. "We are so inept, we cannot even protect our nuclear secrets from people coming over the open Internet!" is not something you want to announce to the world.

Re: Something's fishy.

[50000BTU_barbecue]

Finally someone sensible. A nuclear bomb is WWII technology. It's vacuum tube era.
The only military secrets I can think of are the Pantone color codes of the manufacturer's logos.

Re:

[AmiMoJo]

Election coming up. Time to pitch for essential budget increases to protect national security.

Re:

[dinfinity]

It might be a factor, but it's also a good reminder for various CSOs to do their job. It's also informative on how these specific actors work and how to defend against and recognize that work:
https://www.cisa.gov/news-even... [cisa.gov]

If some anti-missile defense company finds evidence of such hacks in their systems, it is at least very good to know that their anti-missile tech is probably going to be less effective when used against the North Koreans (although said company also needs a pretty firm talking to if the

Re:

[nightflameauto]

Honestly, creating advisories like this are exactly what an organisation like the CISA should do.

If it's real, I agree. Unfortunately, my trust issues when it comes to such things doesn't allow me to jump directly to belief just because they said it. Our government and its agencies lie constantly. Especially if, as pointed out elsewhere, it can lead to budget increases.

Re:

[nightflameauto]

Election coming up. Time to pitch for essential budget increases to protect national security.

You know, I hadn't thought of such a simple answer, but that seems to be as believable a cause as any.

Re:

[AmiMoJo]

It's an old trick. No candidate is to going to react to reports of national security issues by saying they will keep funding levels the same.

Once again

[smooth wombat]

a broad variety of defence or engineering firms,

Private industry doing it better than the government. Keep up the good work folks.

Maybe secure them better?

[gweihir]

Hackers breaking in always has two sides: Hacking attempts and crappy software that is not resilient against them.

Re:

[zlives]

but i need tiktok (insert appropriate girder here) challenge

So what are we going to do about it?

[denny_deluxe]

I mean really? This shit has been going on for decades, and nobody is ever taken to task for it. So why even bother reporting about it?

Re:

[John.Banister]

China is making North Korea obsolete. It used to be that the USA liked that the crazy people in Pyongyang would encourage Japan and South Korea to want some American military presence. But these days China is plenty of threat without needing any from North Korea. I have read that South Korea really doesn't want to spend the money it would take to re-unite after a defeat of the North, so maybe little will continue to happen.

Shocker

[Local ID10T]

Spies gonna spy. It's their job.

It's why we have people in counter intelligence who's job is to stop the spies.

We also have people in computer security who's job is to secure computer systems -although they deal mostly with generic problems more than dedicated spy-hackers.

It is good to remind people that this shit happens, but ... life goes on, deal with it.

Pity me, I'm a victim

[NotEmmanuelGoldstein]

... the lengths that DPRK state-sponsored actors are willing to go ...

My 100 Billion dollar department was attacked, I'm a victim. No, don't look at the billion bullets and thousand rockets in my warehouse. Who woulda thought people I don't like are smarter than me? This is the military, we don't want smarter people.

Why aren't they scared of my giant missiles? I don't wanna do software QA and penetration testing. Or to be precise, the people I throw billions of dollars at, don't want to do that, it's so expensive.

Stop sharing everything over the internet

[jonfr]

Here's an idea. Stop putting everything on network connected computers. Keep secure stuff, secure by keeping it offline and off the internet. If needs to be on the internet. Keep it encrypted on all levels, on encrypted computers with encrypted RAM and CPU functions.

Re:

[RockDoctor]

I'm not quite sure how "encrypted RAM" would, or could, work. But more importantly, "why?".

Data gets into and out of RAM via mass storage and/ or network interfaces. If you've secured those, then what would be the point of encrypting your RAM? By the time someone has got the RAM out of the main system and into a machine capable of reading the RAM's content;s it will have missed hundreds, thousands or millions of refresh cycles, and be rapidly approaching random numbers.

(Sideline : Is there a random number