[HN Gopher] North Korea hacked him, so he took down its internet
___________________________________________________________________
North Korea hacked him, so he took down its internet
Author : mig39
Score : 323 points
Date : 2022-02-02 17:17 UTC (5 hours ago)
(HTM) web link (www.wired.com)
(TXT) w3m dump (www.wired.com)
| ballenf wrote:
| I would have advised him to stay quiet about this. Not out of
| fear of the North Koreans, but out of fear of our own security
| agencies seeing the activity as interfering in international
| relations. Also the vagueness of our hacking laws probably make
| what he did a crime.
|
| But I also am immensely proud that we have people willing to take
| things into their own hands when needed.
|
| Also, I feel like the 2nd amendment should be interpreted to
| include the right to bear digital arms (strong encryption for a
| start). This will probably take another decade to figure out what
| that would really mean.
| heavyset_go wrote:
| You can't own a firearm if you consume marijuana, so using the
| 2nd amendment for things like encryption might get interesting.
| The 2nd amendment allows for heavy regulation of arms.
| lostgame wrote:
| There's gotta be a _lot_ of rappers breaking that rule. :P
| Dr. Dre, I'm looking at you.
| sbierwagen wrote:
| >You can't own a firearm if you consume marijuana
|
| In what state?
| yostrovs wrote:
| When purchasing a firearm, that is one of the questions in
| the Federal application, and you're not allowed to lie.
| archontes wrote:
| The federal application for a Federal Firearms License,
| the license needed to be a firearm vendor, not the (as
| far as I can tell) non-existent federal license to own
| one?
| jasonladuke0311 wrote:
| There is no "license" to own or possess a firearm, parent
| is referring to the Form 4473, which is used to conduct a
| background check via NICS.
| CircleSpokes wrote:
| It isn't just FFLs. The Gun Control Act (GCA) defines a
| list of people who aren't allowed to ship, transport,
| receive, or possess firearms of ammo. This includes any
| person "who is an unlawful user of or addicted to any
| controlled substance (as defined in section 102 of the
| Controlled Substances Act, codified at 21 U.S.C. SS
| 802);" [1]. Since cannabis is federally illegal still if
| you use it you can't legally even possess (not just own)
| a firearm or ammo.
|
| I think it is a stupid law though. Imagine if we applied
| that logic to other constitutionally protected rights.
| "Anyone who is an unlawful user of or addicted to any
| controlled substance shall not have the right to vote" or
| "Anyone who is an unlawful user of or addicted to any
| controlled substance shall not have the right to due
| process".
|
| [1]https://www.atf.gov/firearms/identify-prohibited-
| persons
| archontes wrote:
| Admittedly, it's hard to kill another person by voting,
| or receiving due process. And we do restrict speech when
| it verges on violence (imminent lawless action, fighting
| words).
| moron4hire wrote:
| But when people do succeed in killing others through the
| vote, it's usually a LOT more than they could have ever
| hoped to do with a firearm.
| gowld wrote:
| > "Anyone who is an unlawful user of or addicted to any
| controlled substance shall not have the right to vote" or
| "Anyone who is an unlawful user of or addicted to any
| controlled substance shall not have the right to due
| process".
|
| Not the same thing at all, because a firearm is directly
| and irrevocably more dangerous while under the influence
| of drugs.
|
| You can debate the tradeoff of "right to bear arms" vs
| "right to regulate arms" (just as voting has gone through
| lots of regulations, some terrible (black people, women),
| some OK or debatable (showing proof residence or
| citizenship somewhere in the process), but it's not
| obvious simply by analogy to other rights.
| throwaway6734 wrote:
| All of them? Marijuana is still a schedule 1 substance
| thenaterator wrote:
| > You can't own a firearm if you consume marijuana [...]
|
| While BATF Form 4473 and the Gun Control Act may lead some to
| conclude that you cannot be "addicted to marijuana" and
| simultaneously legally possess a firearm, consider that many
| laws are on the books that would likely be adjudicated
| unconstitutional. The second amendment concludes with "shall
| not be infringed", and denying somebody their right to
| possess a firearm (for any reason) appears to be an
| infringement of that right, according to the second
| amendment.
|
| > The 2nd amendment allows for heavy regulation of arms.
|
| I'd be curious to hear what leads you to believe this. The
| language of the second amendment is clear, and the founder's
| intentions even more so. If you're developing your view based
| on the term "well-regulated", go do a bit of research on what
| that term meant when the Bill of Rights was authored (hint:
| it's different than what "regulated" is often interpreted to
| mean in 2022).
| [deleted]
| [deleted]
| edm0nd wrote:
| I'm down with the right to own botnets under the 2A.
| DwnVoteHoneyPot wrote:
| How do you create a botnet? By illegally accessing there
| people's equipment?
| bashinator wrote:
| I'm hopeful that the new originalist makeup of the SCOTUS
| means no longer unconstitutionally limiting what's meant by
| "arms". ICBMs for billionaires! /s
| jdonaldson wrote:
| It's hard to see how North Korea is taken seriously by anyone
| these days.
| snowwrestler wrote:
| The 2nd Amendment says the government can't infringe your right
| to possess arms. It does not say that it's legal for you to use
| your arms against others to make a point.
|
| "Digital arms" are legal to possess in the U.S. as far as I
| know. Again, that is not the same thing as legalizing any use
| of them.
| jonp888 wrote:
| Do bear in mind that the way this interpreted under US law is
| considered by most non-Americans to be completely bonkers,
| and is only sustained by strong, uncompromising activist
| pressure.
|
| I doubt the NRA would organize a picket to defend your right
| to run PGP.
| mardifoufs wrote:
| Well, it's an American law, so its validity has no relation
| to how non Americans see it. Also, the activist pressure is
| much stronger and much, much better financed on the anti
| gun side, so that does not make much sense. You can go read
| the recent SCOTUS decisions related to the 2nd amendment;
| their interpretation of the constitution is very, very well
| justified. You can disagree with it, but it's ludicrous to
| say it's all because of extreme activist pressure. The 2nd
| Amendment is pretty clear on its intent, and that's wildly
| agreed on by constitutional experts. Americans usually
| support the right to bear arms too.
|
| I'm not American but if I was and I wanted to limit access
| to guns, I don't think arguing that the courts should
| decide the 2nd amendment doesn't actually give the right to
| bear arms would be the way to go. If you think Americans
| agree with you and don't actually want that part of the
| constitution, judicial activism wouldn't be needed.
| ShrigmaMale wrote:
| No offense but why would I care at all what a non-American
| thinks? They are not governed by this law and so have 0 say
| in what it should be since it is not a rights violation. I
| am only sorry you all live with such a lack of a basic
| right and find it normal.
|
| From the other perspective: gun rights are under constant
| attack from fearmongering media and I find that bonkers.
| All it takes is one (1) psycho POS shooting up a school for
| the media to run a month of coverage claiming that
| everybody should now lose a fundamental right. Ffs most
| people agree that criminal activity doesn't justify
| violatung everybodys rights, why is this specifically
| different? Because the media machine works for a political
| class that wants a disarmed and castrated electorate.
|
| Theres been a creeping advance against them since the 1930s
| with the NFA passing and gun grabbers have been constantly
| demanding more for these 100 years with small concessions
| then larger infringements, racheting toward less gun
| rights. Most of this is enabled by bullshit judicial
| activism that twists 2a for matters of convenience.
| voakbasda wrote:
| Not being able to use arms absolutely is an infringement of
| the right to bear them. I mean, how would it be different if
| we claimed that you can own a gun but not shoot it?
|
| One point that gets lost about the 2nd Amendment is that it
| should be considered an inalienable right. Meaning, it cannot
| be diminished by any law of man. Consequently, most of the
| gun laws can be viewed as fundamentally unconstitutional, and
| any attempts to enforce them are illegal.
|
| Of course, this is a highly unpopular opinion, as most of the
| population has surrendered itself to creeping
| authoritarianism.
| whakim wrote:
| > Not being able to use arms absolutely is an infringement
| of the right to bear them.
|
| That doesn't follow. The right to own something does not
| imply the right to use it.
|
| > One point that gets lost about the 2nd Amendment is that
| it should be considered an inalienable right. Meaning, it
| cannot be diminished by any law of man. Consequently, most
| of the gun laws can be viewed as fundamentally
| unconstitutional, and any attempts to enforce them are
| illegal.
|
| The Constitution does not and cannot bestow inalienable
| rights.
| nickff wrote:
| > _" The Constitution does not and cannot bestow
| inalienable rights."_
|
| The Bill of Rights was never supposed to bestow rights,
| just protect them, as per the preface:
|
| > _" The Conventions of a number of the States, having at
| the time of their adopting the Constitution, expressed a
| desire, in order to prevent misconstruction or abuse of
| its powers, that further declaratory and restrictive
| clauses should be added: And as extending the ground of
| public confidence in the Government, will best ensure the
| beneficent ends of its institution."_
| snowwrestler wrote:
| Obviously there are limits on what you can shoot your guns
| at or crimes like murder, for example, would be legal as
| long as it was accomplished with a gun.
| hsnewman wrote:
| I wouldn't want to be the one who tests this, jail is jail
| regardless if your right or wrong. Getting out of jail isn't
| as quick as you may think.
| decremental wrote:
| Important to note that "digital arms" are not a real thing as
| far as anyone's rights are concerned. God given rights
| probably but as far as encoded in law, not the case.
|
| Also, don't engage in cyber warfare against other nations
| because the feds will come down on you harder than your
| target could hope to[1]. Obviously because it's stupid to put
| your country at risk.
|
| [1] Unless you live in the US and that country is Israel.
| cobookman wrote:
| Would the castle doctrine apply to your digital residency?
| snowwrestler wrote:
| Seems like an imperfect analogy. If you find malware
| running on your computing systems, it is legal to disable
| and delete it. But it's not like the bad guys are
| physically present within your computer, like in a real
| life home invasion.
| imglorp wrote:
| Encryption, at least, is a purely defensive weapon. In the
| historical context of 2A, protecting yourself from your
| government would closely align with the original intent of
| militias protecting locals from a federal king.
| gmfawcett wrote:
| It's an interesting theory until they arrest you. As
| another poster pointed out, crypto used to be considered
| "munitions" under U.S. law.
| imglorp wrote:
| Yeah. After an expensive legal defense, maybe with a
| bunch of expensive appeals, you'd be either wrong, poor,
| and in jail or right, poor, and not in jail.
| blueflow wrote:
| That this article exists it a manifest of his failed OpSec...
| if you are a hacker and you are popular for it, you aren't
| doing a good job.
| earleybird wrote:
| Or, a phrase I like: "If you're as good as you claim, why do
| I (of all people) know about you?"
| enkid wrote:
| He's a pen tester. It's free advertising.
| ohcomments wrote:
| Indeed... I've came across a few hackers in my life and not a
| single one of them wanted to be known / seem as one.
| markdown wrote:
| You know that most hacks don't involve physical access to the
| target device/infrastructure, right?
| Waterluvian wrote:
| The other day I read a (possibly wrong, fictional, or
| dramatized) account of some private group hacking Belorussian
| railways to impede Russian military logistics.
|
| I'm sure this is not new, but to me it is a fascinating
| concept: the modern era equivalent of Partisan soldiers,
| conducting cyber warfare in their jammies.
| mndgs wrote:
| It's a real thing, live and ongoing. They have a Telegram
| channel https://t.me/cpartisans and also a promotional video
| on YouTube for how to defeat Lukashenko, the only dictator in
| Europe: https://youtu.be/UldT78OjlvE
|
| They did manage to induce mess on Belarus railways
| transporting Russian military equipment to Ukrainian border.
| It probably stalled, but still didn't prevent Russian
| military reaching the Ukrainian border through Belarus.
| pessimizer wrote:
| If he were bombing NK infrastructure, would you be prouder?
| oh_sigh wrote:
| Well, the world certainly loves Nelson Mandela.
| pessimizer wrote:
| But doesn't love Osama Bin Laden, although Afghanistan
| certainly suffered more from US involvement than the US has
| suffered from North Korea, whose people it killed millions
| of.
| oh_sigh wrote:
| OBL bombed more than just infrastructure. I wonder how
| the US/world would have felt about him if he decided to
| take out the Statue of Liberty or something like that
| (while it was closed for repairs).
| TedDoesntTalk wrote:
| When did the US kill millions of North Koreans? Do you
| mean the Korean War in the 1950s?
| pessimizer wrote:
| Yes, I'm referencing the event that formed North Korea.
| multiplegeorges wrote:
| Seems like the 4th Amendment already covers the right to use
| strong encryption.
|
| > The right of the people to be secure in their persons, papers
| and effects shall not be violated by unreasonable searches and
| seizures
| Shank wrote:
| The 2nd amendment already has interpretation questions around
| the first half -- the "A well regulated Militia, being
| necessary to the security of a free State," clause. It could go
| in any number of directions, from expanding "arms" to include
| "digital arms" to reducing the right only to "as part of a well
| regulated militia." See:
| https://www.law.cornell.edu/wex/second_amendment
|
| But I wouldn't bet money on the right expanding beyond firearms
| any time soon, given the glacial pace of constitutional law
| review.
| sjg007 wrote:
| Arms vs weapons of mass destruction? Digital arms could fall
| into the latter category.
| x3n0ph3n3 wrote:
| "A healthy breakfast, being necessary for a productive day,
| the right to eat eggs shall not be infringed"
|
| Would you interpret _that_ as meaning we could only eat eggs
| for breakfast?
| winstonewert wrote:
| No, but the supreme court might if it served their
| interests.
| enkid wrote:
| It could be interpreted that it'd be ok to ban eggs in
| other circumstances, certainly. The problem is that it's
| meaning is so ambiguous that you can't properly tell,
| especially when considering the arms they had at the time
| of writing were completely different from what we consider
| arms these days. If the founders said the right to eat eggs
| is not to be infringes, would that mean the government
| would be unable to regulate genetically modified eggs? I
| don't think so.
| rootusrootus wrote:
| > given the glacial pace of constitutional law review
|
| OTOH, the SCOTUS has achieved a political supermajority and
| will probably move much faster with policy changes now.
| butlerm wrote:
| The Supreme Court does not make policy, at most it stops
| other branches from making certain kind of policies, when
| presented an opportunity to do so when resolving an actual
| case or controversy.
| monocasa wrote:
| Stopping certain forms of policy and not others is a way
| to make policy.
| ipaddr wrote:
| Shape policy but not make policy.
| monocasa wrote:
| Shaping policy is making policy, practically.
| ipaddr wrote:
| Shaping material given happens at the end after the
| material is formed.
|
| A judge answers the question someone else asks.
|
| They can deny policy based on existing policy.
| drocer88 wrote:
| "does not" or "should not" ?
| gowld wrote:
| SCOTUS can also roll back existing policy. The power to
| flip a bit is effectively power to make policy.
| duskwuff wrote:
| Not autonomously. The Supreme Court can only hear cases
| which are brought to it -- it cannot "make policy" in the
| absence of a relevant case.
| whatshisface wrote:
| The SC receives an enormous number of cases most of which
| it declines to hear. It has a lot of authority over what
| is brought before it.
| joshgrib wrote:
| I think we definitely need some additional rights listed to
| account for digital. GDPR seems like a good start to give
| people more ownership of their data, but in the US we still
| have basically no data rights or protection against searches of
| digital content that you don't physically host.
| gunfighthacksaw wrote:
| Yea I was wondering about the legality of this cyber self-
| defence, but like many crimes, if the victim (deserving or not)
| does not report it, you'll probably get away scot free.
|
| In the case of NK, they could probably even register a
| complaint and have it ignored, assuming the effort needed to
| locate the perp was greater than the fucks given by the
| appropriate authorities.
|
| Hats off to the author but I would also caution them against
| broadcasting it publicly. The people who would appreciate this
| the most probably use secure channels anyway ;)
| [deleted]
| Maursault wrote:
| > Also the vagueness of our hacking laws probably make what he
| did a crime.
|
| I think it is likely North Korea could charge him with a number
| of crimes that may be extraditable, like cyber "terrorism" (the
| quotes are necessary, right?) The US has extradited at least
| one Russian hacker [1] P4X is also likely now featured in
| intelligence summaries in countries with security treaties with
| North Korea, like China and Russia. Also, it's possible P4X has
| violated the Logan Act.
|
| [1] https://www.justice.gov/usao-ma/pr/russian-national-
| extradit...
| racnid wrote:
| Good luck, we're having enough trouble protecting our normal
| arms.
| wwweston wrote:
| IIRC cryptography has been classified under munitions:
|
| https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
|
| Not sure how that'd interact with 2nd amendment issues (but it
| did come into conflict with the 1st).
| pmalynin wrote:
| We'll it's interesting in this case, because technically
| speaking a peace treaty was never signed and North Korea is in
| the state of war with the United States. So is it really a
| crime to attack a hostile state?
| capableweb wrote:
| > North Korea is in the state of war with the United States
|
| I'm not sure where this comes from, but you're now the second
| person I see on HN to say this
| (https://news.ycombinator.com/item?id=29896969). Is this
| "common knowledge" in the US or something?
|
| Here is what I said the last time:
|
| >> The US and KP are technically still at war (the Korean war
| stopped with a cease fire, not a treaty) and the US and its
| allies levy sanctions on them that hurt.
|
| > Technically, I don't think the US and North Korea ever been
| at war. South Korea and North Korea are technically still at
| war though, as they signed the treaty with each other, not
| the US.
| mlyle wrote:
| None of the US wars since WWII have been formally declared
| wars. They're still wars.
|
| The conflict with North Korea ended with an armistice, not
| a formal treaty. The armistice intended for peace treaty
| discussions to start 3 months later... and they never
| really did.
|
| The US, UN Command, and North Korea are still operating
| under a temporary cease-fire that's now basically 70 years
| old. (I don't think South Korea even signed the armistice).
| wongarsu wrote:
| If you're technically not at war then you can't at the
| same time be technically still at war. Neither side
| declared war against the other or is currently acting
| like they are at war, thus they aren't at war.
| tomphoolery wrote:
| Tell that to the North Koreans :P
| mrbald wrote:
| Looks like every man and his dog is an expert on North
| Koreans. Did it occur to you that most citizen there are
| hostages of the own state and may be fighting hard to get
| a piece of bread on the table? I highly doubt they give a
| shit to the US, or the internet or the hacker wars of any
| kind.
| jerrysievert wrote:
| > I highly doubt they give a shit to the US, or the
| internet or the hacker wars of any kind.
|
| somehow, I don't think that those are the people that are
| being targeted. it's the "elite" who actually have
| internet access, and can also eat.
|
| those who make the decisions, and those who are friends
| of those who make the decisions would be the ones
| affected by the internet being down, not those who can
| barely eat and obviously don't have internet access.
| judge2020 wrote:
| 2016: https://www.reuters.com/article/us-northkorea-
| nuclear-idUSKC...
|
| > The United States rejected a North Korean proposal to
| discuss a peace treaty to formally end the Korean War
| because it did not address denuclearization on the
| peninsula, the State Department said on Sunday.
|
| 2018: https://www.cnn.com/2018/04/27/asia/korean-summit-
| intl/index...
|
| > Then they signed the Panmunjom Declaration for Peace,
| Prosperity and Unification on the Korean Peninsula, which
| commits the two countries to denuclearization and talks to
| bring a formal end to conflict. It was a startling
| conclusion to the first meeting between leaders of the two
| countries in 10 years.
|
| 2021: https://www.reuters.com/world/asia-pacific/south-
| korean-lead...
|
| > "I once again urge the community of nations to mobilize
| its strengths for the end-of-war declaration on the Korean
| Peninsula," Moon said in a speech to the annual gathering
| of the world body.
| vkou wrote:
| Technically speaking, there hasn't been a peace treaty
| between Russia and Japan, either. That doesn't mean we've
| spent the past 77 years waiting with bated breath for yet
| another conflict over the Kuril islands to break out.
| riku_iki wrote:
| They didn't sign peace "treaty", but they signed
| declaration of ending war: https://en.wikipedia.org/wiki/So
| viet%E2%80%93Japanese_Joint_...
| jxidjhdhdhdhfhf wrote:
| Who knows. It seems like anything can be interpreted as a
| crime these days. Hopefully he's got good lawyers advising
| him.
| TedDoesntTalk wrote:
| Agreed. This is immensely foolish on his part. And he can
| rest assured that his identity is known.
|
| One crime does not justify another.
| gowld wrote:
| NK committed a sovereign act of war, not a crime. NK is
| not under common jurisdiction as the victim.
| TedDoesntTalk wrote:
| Individual citizens don't get to define acts of war
| [deleted]
| moron4hire wrote:
| I don't think the North Korean government would have
| standing in a US court.
| landemva wrote:
| Though US government claims standing in UK court to take
| Assange.
| at-fates-hands wrote:
| We signed an extradition treaty in 2003 with the UK:
|
| _The Parties agree to extradite to each other, pursuant
| to the provisions of this Treaty, persons sought by the
| authorities in the Requesting State for trial or
| punishment for extraditable offenses._
|
| https://irp.fas.org/world/uk/extradite.pdf
|
| As I understand it, this was an extension of the original
| 1972 treaty.
| pulse7 wrote:
| Wars can end without peace treaty. Just see the history:
| there were many more wars than peace treaties...
| rhino369 wrote:
| You can't go by technicalities. But even if you go by
| technicalities, we never declared war in the first place it.
| It was a "police action."
|
| I'd imagine it is a crime to attack a state that we are in a
| cease fire with regardless.
| ctdonath wrote:
| Remember: the US Constitution includes "letters of marque"
| clause, empowering Congress to grant citizens' requests to wage
| private warfare against foreign entities. Wish people would
| exercise this option more.
| hawski wrote:
| Encryption was considered a weapon previously, which resulted
| in an export ban.
|
| https://en.m.wikipedia.org/wiki/Export_of_cryptography_from_...
| kmeisthax wrote:
| ...and the parent post's argument was already made by xkcd:
| https://xkcd.com/504/
| rjsw wrote:
| Also resulted in lots of us having to lie on our Visa Waiver
| forms on entry to the US.
| excalibur wrote:
| > Also the vagueness of our hacking laws probably make what he
| did a crime.
|
| Yes, it is most definitely and intentionally illegal. Things
| don't stop being crimes just because the victims are
| communists.
| ipaddr wrote:
| A North Korean law was probably broken. North Korea could ask
| the US to send him over to stand trial and the US could agree
| or ignore the request. No legal framework exists between the
| two countries so the US isn't forced to send them.
|
| Things don't start becoming a crime until laws exist.
| seanw444 wrote:
| I really like that 2nd amendment thought. Very interesting.
| dnautics wrote:
| What he really should do, is petition the us Congress for a
| letter of marque in a closed door session and Congress should
| grant it to him.
| ngcc_hk wrote:
| Right to bear digital arm to fight foreign digital empire ...
| seems fit the spirit. Not sure about the law and 3 letter
| people. Best of luck. Brave soul to fight N Korea. How about
| China.
| AdrianB1 wrote:
| The second does not grant anything, so it's not applicable for
| this case. Consider "digital assault weapons ban" as the
| closest concept.
| darkhorn wrote:
| This is a self defence. If police cannot protect you from bad
| people then you protect yourself from bad people.
| sudobash1 wrote:
| > So after a year of letting his resentment simmer, P4x has taken
| matters into his own hands. "It felt like the right thing to do
| here. If they don't see we have teeth, it's just going to keep
| coming," says the hacker.
|
| Frankly, I feel that international relations are going poorly
| enough without vigilantes poking the bear. And also, I doubt that
| bringing down their network infrastructure will have the desired
| effect of them lessening the cyber-attack capabilities.
| arbitrage wrote:
| NK's capabilities are vastly overblown. Calling it a "bear" is
| part of their disinformation strategy, just like Russia.
|
| You're amplifying their propaganda.
| Shank wrote:
| North Korea's power doesn't come from its technical
| capabilities in terms of nuclear weapon usage against the
| United States. North Korea's power comes from its close
| proximity to South Korea, which is well within striking
| distance, and how the geopolitical ramifications amplify out.
| Even with conventional weapons, a re-ignition of hostilities
| on the Korean peninsula would be disastrous. Relative to
| Russia, which more or less has the ability to trade with the
| world, and has a fairly sustainable economy, North Korea has
| basically nothing.
|
| The whole reason why NK repeatedly tests nuclear and
| conventional strike capabilities is to power project, get
| people to the negotiating table, and try to get
| supplies/food/money from countries in exchange for a halt of
| testing.
| bigcat123 wrote:
| reaperducer wrote:
| _NK 's capabilities are vastly overblown. Calling it a "bear"
| is part of their disinformation strategy, just like Russia._
|
| Calling it a "bear" is utilizing the common expression "Don't
| poke the bear," not an assessment of North Korea's abilities.
| throwaway329183 wrote:
| It's not "don't poke the mouse", if the target isn't
| dangerous there's nothing to fear from poking them
| AnimalMuppet wrote:
| In fairness, the bear poked him first...
| TedDoesntTalk wrote:
| The article says he downloaded a hacking tool for a friend
| into a VM that had a back door. Then goes on to say he was
| "personally targeted". This is ridiculous.
| ssklash wrote:
| NK was specifically targeting prominent security
| researchers, with fake accounts and blogs, then trying to
| get the researchers to open a backdoored Visual Studio
| project. They were absolutely personally targeting people,
| and I don't doubt he was one of them.
| causi wrote:
| _an attempt to draw attention to what he sees as a lack of
| government response to North Korean targeting of US individuals.
| "If no one 's going to help me, I'm going to help myself," he
| says._
|
| Good. I'm sick of foreign policy being determined by spreadsheets
| that say whether defending ourselves or others will be
| profitable.
| DietaryNonsense wrote:
| I see comments saying that he may be interfering with actual
| operations against NK or that now that he has done this they are
| more likely to patch their systems and be more secure,
| contradicting his own intentions.
|
| It's also entirely possible that this action, including the WIRED
| article and it's high visibility, is part of a broader effort and
| strategy. In reality we just won't know in this type of
| situation.
|
| Any casual judgement that talks about how obviously naive this is
| may be a little too shallow.
| pessimizer wrote:
| True. He may not even exist.
| biermic wrote:
| You might be onto something.
| kspacewalk2 wrote:
| However, that something may also not exist.
| slickrick216 wrote:
| Right isn't this just spontaneous "patriotic Russian hackers"
| but with Americans.
| DietaryNonsense wrote:
| A colleague asked me what I meant by this - what use would a
| WIRED article have? etc.
|
| Targets (individuals, interior or gapped networks, etc) can be
| difficult to identify or locate and are even more difficult to
| get access to. Consider that it may be easier to run an
| operation where you intentionally pseudo-identify a security
| researcher engaging in his own attack to draw attention. Better
| yet, this researcher is known to be in possession of valuable
| tools, after all, the article says so.
|
| Maybe P4x exists or is a fiction, but either way there's a
| difficult yet traversable route of information that leads to
| "his" network. Somewhere there's an encrypted volume that
| presumably holds his cherished tools and information. But P4x
| knows that the encryption he's using suffers from undisclosed
| 0day. In fact, the 0day was developed by P4x et al and released
| into the wild to be found and used in just this kind of
| situation. The tools that appear to be protected by researcher
| P4x are actually compromised themselves, meant to be taken. He
| schedules an interview with WIRED, he talks shit and trashes NK
| operations, and plays the cocky and justice hungry hacker
| trope. He chums the water.
|
| There are countless ways that misdirection and narrative can be
| layered to draw your adversary into a worldview that is the
| creation of your own. It's not _just_ floors of camo-clad
| cyberoperaters phishing management types and looking for
| document dumps.
| YPCrumble wrote:
| So in essence this WIRED article could be a distribution
| mechanism for the government to provide compromised hacking
| scripts to third party hackers?
| curiousllama wrote:
| This is a good point. Can't break into the vault without
| tripping the alarm, so you have a bunch of teenagers make a
| bonfire in the lobby.
| neonate wrote:
| https://archive.is/QP2q2
|
| http://web.archive.org/web/20220202184549/https://www.wired....
| okkdev wrote:
| I don't like this
| curtisblaine wrote:
| So now they're probably patching their vulns, or at least they're
| aware of them, resulting in an overall better security for NK.
| anonAndOn wrote:
| PSA: Whether bare knuckle boxing or global hacking, always
| remember the first rule of Fight Club.
| lowbloodsugar wrote:
| What are you talking about?
| egberts1 wrote:
| What fight club?
| jokoon wrote:
| What do they mean "north korea hacked him" ?
|
| Does NK hire hackers? How is it possible for NK to have competent
| hackers?
| malermeister wrote:
| Why wouldn't it be possible for a country of almost 26M people
| to have competent hackers? Just cause they live in a
| dictatorship doesn't mean they're all stupid.
| foepys wrote:
| https://en.wikipedia.org/wiki/Bureau_121
|
| North Korea successfully stole tens of millions by hacking
| banks via SWIFT between 2015 and 20216 and probably several
| hundreds of millions in crypto currency in 2021 alone.
|
| https://www.bbc.co.uk/news/business-59990477
|
| NK apparently has a very capable cyber warfare unit and hacking
| crypto currency wallets/exchanges is a major income for them.
| rootsudo wrote:
| I wonder if it's the same P4 that I was accustomed too on video
| game modding forums and similar places.
|
| Curious indeed. But even going on wired to brag about it, I
| wonder.
| jacquesm wrote:
| I give that about 0.3846% chance.
| genera1 wrote:
| I have a gut feeling, that person responsible for those hacks
| might be working for or at least informing US gov about his
| actions in advance.
|
| Him talking so openly to a major news outlet and warm response of
| us gov officials point towards that
| lgvln wrote:
| This is precisely my first thought as well. It makes for a
| half-decent Hollywood plot but IRL? My guess is there's got to
| be more than what meets the eye. Propaganda piece perhaps?
| californiasurf wrote:
| I think he should crowd source this so we can all work to disrupt
| North Korea.
| ummonk wrote:
| It's good that he went public about it, as this is the sort of
| thing that can cause international tensions when the target
| assumes it's a state-sponsored attack. So many cyberattacks by
| individuals or small crime outfits get misinterpreted as state-
| sponsored because they're "sophisticated".
|
| Things are really easy to misinterpret, like when Ukraine's
| undercover attempt to capture Russian PMC soldiers resulted in
| Belarus thinking Russia was attempting a coup in Belarus.
| throwaway4good wrote:
| This is nothing to celebrate. Would we like random people sitting
| in say North Korea taking cyber revenge over evil regimes they
| don't like?
| Calloutman wrote:
| I mean, they specifically targeted him first. It's not that he
| just didn't like Kim and thought he'd take him down a peg.
| [deleted]
| jelling wrote:
| > "I want them to understand that if you come at us, it means
| some of your infrastructure is going down for a while."
|
| Doing that is one thing, and certainly won't increase your
| personal safety. Doing that and telling the western press to
| embarrass them is insanely stupid. Kim Jong-un is widely believed
| to have ordered the assassination of his half-brother. And you
| want to threaten the infrastructure of his country? Talk about a
| keyboard warrior.
|
| PBS Frontline's special on the assassination:
|
| https://www.pbs.org/video/north-koreas-deadly-dictator-2pobw...
| not2b wrote:
| It's not infrastructure. He attacked a few propaganda sites
| aimed at outside audiences. He didn't get into their internal
| network, which is sealed off from the Internet.
| MichaelZuo wrote:
| It's make one wonder if most of the other posters even
| bothered to read the details.
| [deleted]
| [deleted]
| tehjoker wrote:
| So your tools get stolen and you take down possibly critical
| infrastructure for huge numbers of people? Terrorism.
|
| Imagine someone did that to America in response to the NSA
| hacking them (read, most of the world's population all the time
| since the Bush administration).
|
| We celebrate that when it's done to official enemies.
| boomboomsubban wrote:
| I'd bet that this hacker has personally been targeted by US
| intelligence agencies, if not before this event certainly
| after. Yet somehow I doubt he will attempt to take down the
| entire cointries internet or start a FU USA group.
| pessimizer wrote:
| The North Korean regime just needs to come in from the cold,
| like Gaddafi did, which certainly worked out well for him and
| the Libyan people.
| tehjoker wrote:
| Just to add context for others that aren't familiar, NK
| definitely learned from the Libyan experience. It was after
| Gaddafi got filmed getting bayoneted in the ass for giving up
| the Libyan nuclear program, North Korea learned to never give
| up nuclear weapons and accelerated their program.
| pessimizer wrote:
| That was one short bayonet for a man, and open air slave
| markets for the Libyan people:
| https://www.usatoday.com/story/opinion/2017/11/27/clinton-
| po...
|
| > 'We came, we saw, he died,' she joked. But overthrowing
| Gadhafi was a humanitarian and strategic debacle that now
| limits our options on North Korea.
| emkoemko wrote:
| and asking Iran to give up having missiles etc after
| seeing what they did to Libya?
| kingkawn wrote:
| Did you read the article?
| tehjoker wrote:
| They claim that this only affects "propaganda websites" but I
| honestly do not know how North Koreans use the intranet and
| what kind of access they have outside the country. Do you see
| reporters doing in-depth interviews regularly or NK citizens
| on english language websites? We should be very careful to
| qualify what we actually know about this country as it is a
| regime change target. This means most of what we read in the
| news about it will be war propaganda.
| Kalanos wrote:
| reckless. could have caused missiles accidents or god knows what.
| now those vulnerabilities will be patched. it would have been
| better to report those vulnerabilities to the military so they
| could be used when needed.
| schwanky wrote:
| It's easy to accuse North Korea. They can't practically respond
| to the accusations because they have no outlet anyone reads, and
| if anyone did then nobody would care anyway.
| nkrisc wrote:
| North Korea destroyed their own credibility.
| commoner wrote:
| North Korea has Rodong Sinmun, which has an online edition in
| English. People interested in North Korean politics do read
| this newspaper.
|
| - Website: http://www.rodong.rep.kp/en/
|
| - Wikipedia: https://en.wikipedia.org/wiki/Rodong_Sinmun
| megous wrote:
| Hm. So I actually like the form of north korean websites, if
| these two in this thread are representative of the norm. :)
| No ads, no trackers, 0 resources blocked in uBlock, no CDNs,
| clean design not jumping around, to the point without useless
| stock photos... No modern "design", with thin grayed out
| unreadable fonts. No webfonts, clean html code. Interesting.
| :)
| lelandfe wrote:
| ...unresponsive, loads articles in pop-up windows, uses
| http/1.1 so resources are downloaded serially, has all JS
| in critical path....
| Shank wrote:
| They also have KCNA, which they also use to communicate:
| http://kcna.kp
| lelandfe wrote:
| Implying that the hacking attributed to NK might have been a
| false flag?
| dash2 wrote:
| Indeed another person quoted in the article suggests that the
| hacking might have come from China.
| ncmncm wrote:
| NK trains up and operates hacking groups to generate
| income, not just to be unpleasant. So, guessing that would
| mean NK is renting out hacking services to China. Other
| ways to generate income from hacking is operating a
| ransomware gang, renting out botnets, and gathering banking
| passwords to use in draining accounts. We may assume they
| are involved in all of the above.
| eclipsenet wrote:
| That's the wrong takeaway from that bit though I think. I
| believe they are saying that China and other states are the
| actors on behalf of NK not that they are using NK as
| patsies ... granted that may also be true. International
| politics and espionage is a weird domain.
| ummonk wrote:
| I think the implication is that these are North Korean
| hackers stationed in China, not that China is doing it on
| their behalf.
| mrkstu wrote:
| I would imagine the intelligence services aren't happy he's
| providing them free pen-test services. He's taking potential
| tools out of their toolbox when they may need/want them in a
| future time of conflict.
| gunfighthacksaw wrote:
| So if the reds start parachuting down over your community you
| should just sit pretty lest you interfere with your military's
| operations?
|
| The equivalence is not a false one in my eyes because a
| cyberattack against a US national's systems should be seen as
| an attack on a US national's property.
| netsharc wrote:
| ummonk wrote:
| If they send a small aircraft onto your territory you
| shouldn't light it up with all your SAMs and take it down,
| because that will allow them to locate your SAMs for SEAD.
| biermic wrote:
| So that guy downloaded some random "hacking tool" a friend of
| his found, and no shit it had a backdoor. He was never
| directly targeted by the North Koreans.
| throwaway9986 wrote:
| kelvin0 wrote:
| Wow, the 'Reds' is a term which I had not seen in a while,
| feels like I'm watching an early 80's cold war movie.
| jacquesm wrote:
| I can see where the reference comes from, there isn't all
| that much to pick if you want to use a color:
|
| https://abcnews.go.com/International/north-koreas-parade-
| big...
| dc-programmer wrote:
| The article says he's exploiting known (ancient)
| vulnerabilities
| mrkstu wrote:
| Yes, he's exhausting their quiver of easy/cheap and instead
| they'd be forced to waste zero days right up front.
| dc-programmer wrote:
| At this point I would assume that foreign states have
| malware hooked deep enough into all the systems that the
| only way to eradicate them would be with an incinerator.
| Plus even after (if?) they update their software I doubt
| you'd need zero days to get back in. Im interested to see
| what the upgrade path is for the Red Star OS is though lol
| zentiggr wrote:
| Well, if they're not going to use them to find and shut
| down the NK hackers, then they should step aside for those
| who will.
|
| (Of course, there could be deeper ops from the CISA side,
| but if their only cost is having to lose older vulns, so be
| it.)
| mrkstu wrote:
| The difference of course being, is that they don't want
| to shut them down during a time of relative peace.
| Getting them to harden their presence now is
| strategically a waste.
|
| In the extremis they can always bring in the orbital
| cannons and overwhelm them of course.
| nr2x wrote:
| Where's the GoFundMe link?
___________________________________________________________________
(page generated 2022-02-02 23:01 UTC)