back to article FBI fingers the Norks it wants to pinch for Sony hack, WannaCry attacks

The US government has formally accused the North Korean government of being behind the Sony Pictures hack, the WannaCry ransomware that crippled the UK's National Health Service and other organizations, and a series of online bank heists including $81m stolen from Bangladesh's national bank. The state-sponsored attacks were …

  1. NoneSuch
    Big Brother

    They'll be wanted for a while. I doubt these lads will be sucessfully extradited or taking a holiday in San Francisco soon.

  2. Anonymous Coward
    Anonymous Coward

    You'd be amazed at how many hackers ....

    Have been caught 'in transit' and ended up in chains..... You can't ever risk taking a flight that might cause you to transit anywhere near a US territory, or could get re-routed there in bad weather or due to an alleged <cough> apparent technical fault. That cuts down on a lot of airline transport destinations and fun travel options etc...

    Several top Russian hackers were caught this way. So you have to be incredibly careful if you're a hacker with form against the US.

    Especially since direct US Allies (EU / UK / Israel etc) will also happily detain and extradite hackers as well. Basically Park will be on no-fly watch-list forever. Although presumably he has the NK Govt / Chinese Govt contacts to get a new name and passport...

  3. doublelayer

    Re: You'd be amazed at how many hackers ....

    Not only can North Korea make him a new identity with great ease, but most North Koreans, including, I assume, this guy, only get to leave the country if it is specifically approved by the government, which almost always means only to China. I wouldn't be surprised to hear that he'll be staying there for the rest of his life, from where he can keep working on all the same stuff. If you don't have the choice to go on holiday, you can't be caught on your way.

  4. bombastic bob Silver badge
    Devil

    Re: You'd be amazed at how many hackers ....

    well, if our intelligence service is as good as I assume they are, it's theoretically possible to send a small team of people into N. Korea and just haul the guy outta there, and back to the USA. I'm thinking divers, submarine, Seal Team, etc.. That'd piss off Kimmy though, so the more likely path will be diplomatic, with that guy's face on the list of 'bad things you people in N. Korea are doing' for as long as necessary.

    /me points out that my old boat had a 'diver chamber' on its back for YEARS throughout the 90's and 2000's, and there's really only one purpose for something like that: clandestine injection and retrieval of divers and/or Seal teams into a hostile area where you need to be stealthy getting in and getting out. So yeah.

  5. Anonymous Coward
    Anonymous Coward

    Still looking for the smoking gun

    On the first pass through this, it looks like the strongest association is based on the shared use of common proxies. While the account and key re-use in other attacks certainly is a strong indicator of collusion at least later on, does this establish timeline that provides stronger link to the beginning of the Sony attack? This appears consistent with a timeline were an outside crew could have breached Sony's systems and sold the access along to another interested party. This would dovetail with some of the statements of the hackers and the change in tone and demands after the initial attacks. The US gov weighed in early on and said it was North Korea, but has not provided much detail up to this point, leaving some of us to speculate the basis of that assertion, and how credible it was.

    Not sure if it matters from a legal perspective in the narrow case of culpability for the named North Korean national, who is not going to show up at next years Def Con in all likelihood. But there may be a crew of hackers outside North Korea that started the Phish, or worked with the North Korean national during the attacks. If that is the case blacklisting one North Korean hacker is just a symbolic gesture.

  6. David 164

    So North Korea premiere hacker was allowed to wander into and out of North Korea.. An was allowed to take other jobs. He even has a CV! All seem a bit suspect to me. An if they had all of this info why wasn't a trap laid to capture him next time he was allowed to leave North Korea.

  7. fm+theregister

    I would assume the shit hit the fan, ppl went after him, he was tipped off to not leave the country, the guys after him realized that, then decide to post a search warrant.

  8. Anonymous Coward
    Anonymous Coward

    How long until a US Government hacker gets the same treatment?

    There's about zero chance any of these indictments will ever come to fruition. They are just "security theater" for the government, exposing their investigative methods so the next attackers will not make the same mistakes.

    Any guesses on when the first US government hacker gets "extraordinarily renditioned" off the streets and put on display?

  9. Anonymous Coward
    Anonymous Coward

    Re: How long until a US Government hacker gets the same treatment?

    "Any guesses on when the first US government hacker gets "extraordinarily renditioned" off the streets and put on display?"

    February 15, 1995?

  10. bombastic bob Silver badge
    Meh

    Re: How long until a US Government hacker gets the same treatment?

    if ANY of our intelligence and military hackers "get caught" like that, they DESERVE it. Just sayin'

  11. FlamingDeath Bronze badge
    Facepalm

    Re: How long until a US Government hacker gets the same treatment?

    Did you really just use the words intelligence and military in the same sentence?

  12. Anonymous Coward
    Anonymous Coward

    really?

    Try reading up on "Sources: Security Firm Norse Corp. Imploding"

  13. FlamingDeath Bronze badge
    Big Brother

    UMBRAGE

    "a section titled “Umbrage” that details the CIA’s ability to impersonate cyber-attack techniques used by Russia and other nation states."

    https://www.wired.com/2017/03/wikileaks-cia-dump-gives-russian-hacking-deniers-perfect-ammo/

    Nuff said...

    Apparently, Eternal Blue was "stolen"

    That's the best alibi ever, my dog ate my hacking tool and shat it out in NK

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018