FBI fingers the Norks it wants to pinch for Sony hack, WannaCry attacks The US government has formally accused the North Korean government of being behind the Sony Pictures hack, the WannaCry ransomware that crippled the UK's National Health Service and other organizations, and a series of online bank heists including $81m stolen from Bangladesh's national bank. The state-sponsored attacks were …
Have been caught 'in transit' and ended up in chains..... You can't ever risk taking a flight that might cause you to transit anywhere near a US territory, or could get re-routed there in bad weather or due to an alleged <cough> apparent technical fault. That cuts down on a lot of airline transport destinations and fun travel options etc...
Several top Russian hackers were caught this way. So you have to be incredibly careful if you're a hacker with form against the US.
Especially since direct US Allies (EU / UK / Israel etc) will also happily detain and extradite hackers as well. Basically Park will be on no-fly watch-list forever. Although presumably he has the NK Govt / Chinese Govt contacts to get a new name and passport...
Not only can North Korea make him a new identity with great ease, but most North Koreans, including, I assume, this guy, only get to leave the country if it is specifically approved by the government, which almost always means only to China. I wouldn't be surprised to hear that he'll be staying there for the rest of his life, from where he can keep working on all the same stuff. If you don't have the choice to go on holiday, you can't be caught on your way.
well, if our intelligence service is as good as I assume they are, it's theoretically possible to send a small team of people into N. Korea and just haul the guy outta there, and back to the USA. I'm thinking divers, submarine, Seal Team, etc.. That'd piss off Kimmy though, so the more likely path will be diplomatic, with that guy's face on the list of 'bad things you people in N. Korea are doing' for as long as necessary.
/me points out that my old boat had a 'diver chamber' on its back for YEARS throughout the 90's and 2000's, and there's really only one purpose for something like that: clandestine injection and retrieval of divers and/or Seal teams into a hostile area where you need to be stealthy getting in and getting out. So yeah.
On the first pass through this, it looks like the strongest association is based on the shared use of common proxies. While the account and key re-use in other attacks certainly is a strong indicator of collusion at least later on, does this establish timeline that provides stronger link to the beginning of the Sony attack? This appears consistent with a timeline were an outside crew could have breached Sony's systems and sold the access along to another interested party. This would dovetail with some of the statements of the hackers and the change in tone and demands after the initial attacks. The US gov weighed in early on and said it was North Korea, but has not provided much detail up to this point, leaving some of us to speculate the basis of that assertion, and how credible it was.
Not sure if it matters from a legal perspective in the narrow case of culpability for the named North Korean national, who is not going to show up at next years Def Con in all likelihood. But there may be a crew of hackers outside North Korea that started the Phish, or worked with the North Korean national during the attacks. If that is the case blacklisting one North Korean hacker is just a symbolic gesture.
There's about zero chance any of these indictments will ever come to fruition. They are just "security theater" for the government, exposing their investigative methods so the next attackers will not make the same mistakes.
Any guesses on when the first US government hacker gets "extraordinarily renditioned" off the streets and put on display?
"a section titled “Umbrage” that details the CIA’s ability to impersonate cyber-attack techniques used by Russia and other nation states."
https://www.wired.com/2017/03/wikileaks-cia-dump-gives-russian-hacking-deniers-perfect-ammo/
Nuff said...
Apparently, Eternal Blue was "stolen"
That's the best alibi ever, my dog ate my hacking tool and shat it out in NK
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
