Reuters: Unity 180. Cybercrime in North Korea

May

22

2017

Unit 180 is likely to be responsible for launching some of the most daring and successful cyber attacks.
Google + LinkedIn Facebook Twitter
The main intelligence service in North Korea is running a special cell called Unit 180, which is likely to be responsible for launching some of the most daring and successful cyber attacks, Reuters reported on Sunday, quoting dissidents, officials and Internet security experts.

In recent years, North Korea has been accused of a series of cyber attacks, mostly on financial networks in the United States, South Korea and about a dozen other countries.

Reuters quoted security researchers as saying they had found technical evidence that could link North Korea to the global ransom attack known as WannaCry, which hit more than 300,000 computers in 150 countries earlier this month. Pyongyang called the accusation “absurd”.

The core of the charges against North Korea lies in its links with a group of cybercriminals called Lazarus, linked to an electronic theft of $ 81 million from the Bangladesh Central Bank last year and the 2014 attack on Sony’s Hollywood studio.

The US government has accused North Korea of ​​the attack on Sony and some US officials have said prosecutors are gathering evidence to try to convict Pyongyang of the theft of the Bangladesh Central Bank. No conclusive evidence has been provided and no one has been charged so far. North Korea also denied it was behind the attacks.

North Korea is one of the world’s most closed countries and it is difficult to get any details about its clandestine operations. However, experts studying the isolated and dissident state that ended up in South Korea or the West provided some information.

Kim Hyong Kuang, a former North Korean computer science professor who fled to the south in 2004 and still has sources inside North Korea, says Pyongyang’s cyber attacks aimed at raising money are probably regulated by Unit 180 of the General Bureau of Investigation, the main foreign intelligence agency.

“Unit 180 is working to penetrate financial institutions … and withdraw funds from bank accounts,” Kim told Reuters. Kim has said that some of his former students have joined North Korea’s strategic electronic command, which is its electronic army. “The hijackers are traveling abroad in search of a place where Internet services are better than North Korea so as not to leave a trace behind them.”

He said they were likely to travel in disguise as employees of commercial companies and in the overseas branches of North Korean companies or joint ventures in China or Southeast Asia.

James Pyongyang, a North Korean expert at the Center for Strategic and International Studies in Washington, said Pyongyang used cybercrime for the first time as a spy and then a political distraction against targets in South Korea and the United States. “Then they changed after Sony using the hack to support criminal activities to win a hard currency for the regime.”

The Pentagon said in a report to Congress last year that North Korea was likely to “consider the Internet as a cost-effective, easy-to-deny tool that could be used with little risk of reprisals because its networks are largely separate from the Internet.” “It is likely to use Internet infrastructure in third countries,” the report says.

South Korean officials say they have plenty of evidence of North Korea’s e-war operations. “North Korea is launching cyber attacks across third countries to cover the impact of the attacks and to use its information and infrastructure in communications technology,” South Korean Deputy Foreign Minister Ann Chung-jee told Reuters in written comments.

Apart from the Bangladesh Bank’s theft, he said, suspicions have also been raised about Pyongyang in attacks on banks in the Philippines, Vietnam and Poland.

In June last year, police said the North had hacked more than 140,000 computers in 160 South Korean companies and a government agency and planted malicious code in a long-term plan to lay the foundation for a massive cyber attack on the south. North Korea is also suspected of launching cyber attacks on a South Korean nuclear power plant in 2014, although it denied any role in the attack.

Simon Choy, an e-security researcher at Hawry Anti-Virus in Seoul, said the attack occurred from a base in China.

Yao Dong-riol, a former South Korean police researcher who studied northern tactics in spying for 25 years, says Malaysia is also a base for North Korea’s electronic operations. “They are ostensibly doing business or IT programming companies,” Yu told Reuters. Some of them manage sites and sell games and gambling programs. ”

A previous investigation by Reuters this year showed two Malaysian IT companies with ties to the North Korean intelligence agency, although there was no sign that either of them was involved in cybercrime.

Unit 180 is one of several groups specializing in cyber warfare in the North Korean intelligence community, said Michael Madden, a North Korea-based expert on leadership. “People are being recruited from high schools and are getting advanced training in some elite training institutions … and they have a certain degree of independence in their missions,” he told Reuters, adding that they may work from hotels in China or Eastern Europe.

In the United States, officials said there was no conclusive evidence that North Korea was behind the spread of the virus (Wana Krai), but there was no reason to accept it. “Whether they are linked to the ransom or not, does not change their status as a real cyber threat,” said a senior administration official, who asked not to be named.

“Their capabilities are steadily improving over time,” said Dmitry Albrovic, co-founder of US defense firm Craddrake. And we consider them a risk factor capable of causing significant damage to US private networks and government.

Viewing:-127

In: Technology & Gadgets Asked By: [17459 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »