Exclusive | Watch out. North Korean hackers are coming for your bitcoin
- As sanctions on its nuclear programme leave Pyongyang strapped for cash, North Korean cyber thieves are turning their attention to individual investors
North Korean hackers have taken to stealing cryptocurrency from individual investors as part of a new strategy by Pyongyang to blunt the impact of international sanctions.
“Previously, hackers directly attacked exchanges,” Simon Choi, the founder of the cyber warfare research group IssueMakersLab, said. “They targeted staff at the exchanges, but now they are attacking cryptocurrency users directly.”
Kwon Seok-chul, CEO of South Korean cybersecurity firm Cuvepia, said his company had detected more than 30 cases since April in which suspected North Korean hackers had preyed on people holding cryptocurrency.
How did barely connected North Korea become a hacking superpower?
“They are just simple wallet users investing in cryptocurrency,” said Kwon, adding that some cases had probably gone undetected and that the true number may be well over 100.
“In fact, when cryptocurrencies are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into cryptocurrencies.”
The hackers typically send victims an email with a text file which, when opened, infects the computer with a malicious code that gives them control of the machine.
Choi said the shift towards attacking individuals might be a response to exchanges and financial institutions strengthening security against cyberattacks.
North Korean hackers blamed for wave of cyberattacks on banks
“They’ve already had successes and are continuing to progress, but during that time, the exchanges have become used to the attacks and boosted their security somewhat,” he said. “Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.”
Although antivirus software entrepreneur John McAfee famously claimed to have created an “unhackable” wallet for bitcoin, it and other cryptocurrencies have become a lucrative commodity for cyber thieves across the globe. An investigation carried out by Reuters last year found that more than US$6 billion worth of bitcoin had been stolen from exchanges since 2011.
Choi said most of the recent victims of North Korean hackers had been relatively wealthy South Koreans such as company CEOs.
“They believe that if they target CEOs of wealthy firms and heads of organisations, more so than ordinary people, they can take advantage of billions of won in virtual currencies,” he said.
North Korea is widely thought to have cultivated one of most formidable hacking armies in the world under its shadowy spy agency, the Reconnaissance General Bureau.
Sony Pictures Entertainment looks to North Korea for cyberattack source
Luke McNamara, an analyst at California-based cybersecurity firm FireEye, said the hackers behind these attacks could have gleaned information that allowed them to target individual cryptocurrency users.
“It’s possible from previous intrusions they’ve been able to collect information related to the email addresses, usernames of the people using these exchanges,” he said.
McNamara said North Korea had shown an aptitude for getting to know its targets, one of the most effective weapons in a hacker’s arsenal.
“When they understand and know the targets, when they are able to craft lures specific to those organisations or entities that they are going after – to me, that says they are effective at what they are doing.”
Podcast: death or rebirth for bitcoin and what China is doing about it