Oct 4, 2018

How to foil North Korea's bank-robbing hackers

Photo: Pyeongyang Press Corps/Pool/Getty Images

For several years, North Korea has been conducting a spree of bank robberies online. A new report from FireEye makes clear that a recent attempt to "name and shame" a North Korean government-affiliated hacker did nothing to curtail the digital heists, and sanctions have only made Pyongyang more eager to steal money. But experts think the U.S. still has other levers it can pull.

Why it matters: While the Trump administration is trying to play nice with Kim Jong-un ("We fell in love," said Trump at a rally Saturday night), the continuing heist campaign has attempted to steal more than $1 billion total.

Background: After years of crippling sanctions, the Kim regime began using part of its cyber program to generate the cash North Korea needed to run. According to FireEye, North Korea began robbing banks in 2014, shortly after being sanctioned for its third nuclear test.

  • Since then, the pile of international sanctions has only grown, including some for cyberattacks. Those sanctions appear to have encouraged more North Korean thefts.

The FireEye report, released Wednesday, is an argument that North Korea's bank hackers are separate and distinct from the country's other hacking ventures.

  • The bank robbers, which FireEye calls "APT38," operate by hacking a victim and requesting large transfers over the SWIFT interbank messaging system. "The attack ends in destructive, disk-whipping malware. They want to destroy systems not only to delete evidence, but to give them time to launder funds," said Nalani Fraser, threat intelligence manager at FireEye.
  • APT38 is one of a number of financial crime operations in North Korea. Other hackers, for example, rob cryptocurrency exchanges.

Name and shame: In September, the Trump administration publicly named, sanctioned and announced plans to charge North Korean Park Jin Hyok for, among other things, helping develop the WannaCry malware.

  • The tactic, often called "naming and shaming," did not decrease APT38 attacks.

The diplomatic play: Trump could make financial attacks a deal breaker in nuclear negotiations with North Korea, suggested Andrew Grotto, former senior director for cybersecurity policy to Presidents Obama and Trump and a current fellow at Stanford's Center for International Security and Cooperation.

  • "The Trump administration pulled out of the Iran deal in part because it didn’t address other issues, like hacking," he said. "If they’re consistent, they would try to address bank robbery."

The legal moves: Grotto notes financial crimes require an external, international network of collaborators — from money launderers to people who identify soft targets to attack. If we can't arrest hackers in North Korea, we could arrest confederates elsewhere.

  • Since North Korea lacks the internet infrastructure needed to launch cyberattacks, many of its attacks are launched from other countries. Michael Daniel, former White House cybersecurity coordinator and the current president and CEO of the Cyber Threat Alliance, believes the U.S. could press countries to cough up North Koreans.

Returning fire: And, said Daniel, the United States could use cyber means to disrupt the networks.

Or all of the above: "It would likely be a complex mix of tactics," said Daniel.

Go deeper

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 8 p.m. ET: 1,595,350 — Total deaths: 95,455 — Total recoveries: 353,975Map.
  2. U.S.: Total confirmed cases as of 8 p.m. ET: 461,437 — Total deaths: 16,478 — Total recoveries: 25,410Map.
  3. Public health latest: U.S. has expelled thousands of migrants under a CDC public health orderDr. Anthony Fauci said social distancing could reduce the U.S. death toll to 60,000.
  4. Business latest: The Fed will lend up to $2.3 trillion for businesses, state and city governments — After another 6.6 million jobless claims, here's how to understand the scale of American job decimation.
  5. States latest: FEMA has asked governors to decide if they want testing sites to be under state or federal control.
  6. World latest: Lockdowns have led to a decline in murders in some of the world's most violent countries — Boris Johnson is moved out of the ICU but remains in hospital with coronavirus.
  7. In Congress: Senate in stalemate over additional funding for small business relief program.
  8. 1 SNL thing: "Saturday Night Live" will return to the air this weekend with a remotely produced episode.
  9. What should I do? Hydroxychloroquine questions answeredPets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk.
  10. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Federal court temporarily blocks coronavirus order against some abortions

Gov. Greg Abbott. Photo: Tom Fox-Pool/Getty Images

A federal judge ruled Thursday that clinics in Texas can immediately offer medication abortions — a pregnancy termination method administered by pill — and can also provide the procedure to patients nearing the state's time limits for abortions.

Driving the news: The decision comes after federal appeals court ruled 2-1 on Tuesday in favor of an executive order by Republican Gov. Greg Abbott that prohibits abortions during the coronavirus outbreak.

Go deeperArrowUpdated 1 hour ago - Politics & Policy

The view from the other side of the coronavirus peak

We'll soon be crowding into cafes it's 1954 in Rapallo, Italy. Photo: LIFE Picture Collection via Getty

Europeans and Americans are desperate to move beyond the worst of the crisis and return to something approximating normality, but the World Health Organization is cautioning that moving too fast will undermine the sacrifices made so far.

Where things stand: Nearly every country on Earth is still seeing their caseload increase, and a recent uptick in Singapore shows that apparent victory over the virus can be fleeting. But several countries are providing reason for optimism.

Go deeperArrow2 hours ago - World