[HN Gopher] North Korea hacked him, so he took down its internet ___________________________________________________________________ North Korea hacked him, so he took down its internet Author : mig39 Score : 323 points Date : 2022-02-02 17:17 UTC (5 hours ago) (HTM) web link (www.wired.com) (TXT) w3m dump (www.wired.com) | ballenf wrote: | I would have advised him to stay quiet about this. Not out of | fear of the North Koreans, but out of fear of our own security | agencies seeing the activity as interfering in international | relations. Also the vagueness of our hacking laws probably make | what he did a crime. | | But I also am immensely proud that we have people willing to take | things into their own hands when needed. | | Also, I feel like the 2nd amendment should be interpreted to | include the right to bear digital arms (strong encryption for a | start). This will probably take another decade to figure out what | that would really mean. | heavyset_go wrote: | You can't own a firearm if you consume marijuana, so using the | 2nd amendment for things like encryption might get interesting. | The 2nd amendment allows for heavy regulation of arms. | lostgame wrote: | There's gotta be a _lot_ of rappers breaking that rule. :P | Dr. Dre, I'm looking at you. | sbierwagen wrote: | >You can't own a firearm if you consume marijuana | | In what state? | yostrovs wrote: | When purchasing a firearm, that is one of the questions in | the Federal application, and you're not allowed to lie. | archontes wrote: | The federal application for a Federal Firearms License, | the license needed to be a firearm vendor, not the (as | far as I can tell) non-existent federal license to own | one? | jasonladuke0311 wrote: | There is no "license" to own or possess a firearm, parent | is referring to the Form 4473, which is used to conduct a | background check via NICS. | CircleSpokes wrote: | It isn't just FFLs. The Gun Control Act (GCA) defines a | list of people who aren't allowed to ship, transport, | receive, or possess firearms of ammo. This includes any | person "who is an unlawful user of or addicted to any | controlled substance (as defined in section 102 of the | Controlled Substances Act, codified at 21 U.S.C. SS | 802);" [1]. Since cannabis is federally illegal still if | you use it you can't legally even possess (not just own) | a firearm or ammo. | | I think it is a stupid law though. Imagine if we applied | that logic to other constitutionally protected rights. | "Anyone who is an unlawful user of or addicted to any | controlled substance shall not have the right to vote" or | "Anyone who is an unlawful user of or addicted to any | controlled substance shall not have the right to due | process". | | [1]https://www.atf.gov/firearms/identify-prohibited- | persons | archontes wrote: | Admittedly, it's hard to kill another person by voting, | or receiving due process. And we do restrict speech when | it verges on violence (imminent lawless action, fighting | words). | moron4hire wrote: | But when people do succeed in killing others through the | vote, it's usually a LOT more than they could have ever | hoped to do with a firearm. | gowld wrote: | > "Anyone who is an unlawful user of or addicted to any | controlled substance shall not have the right to vote" or | "Anyone who is an unlawful user of or addicted to any | controlled substance shall not have the right to due | process". | | Not the same thing at all, because a firearm is directly | and irrevocably more dangerous while under the influence | of drugs. | | You can debate the tradeoff of "right to bear arms" vs | "right to regulate arms" (just as voting has gone through | lots of regulations, some terrible (black people, women), | some OK or debatable (showing proof residence or | citizenship somewhere in the process), but it's not | obvious simply by analogy to other rights. | throwaway6734 wrote: | All of them? Marijuana is still a schedule 1 substance | thenaterator wrote: | > You can't own a firearm if you consume marijuana [...] | | While BATF Form 4473 and the Gun Control Act may lead some to | conclude that you cannot be "addicted to marijuana" and | simultaneously legally possess a firearm, consider that many | laws are on the books that would likely be adjudicated | unconstitutional. The second amendment concludes with "shall | not be infringed", and denying somebody their right to | possess a firearm (for any reason) appears to be an | infringement of that right, according to the second | amendment. | | > The 2nd amendment allows for heavy regulation of arms. | | I'd be curious to hear what leads you to believe this. The | language of the second amendment is clear, and the founder's | intentions even more so. If you're developing your view based | on the term "well-regulated", go do a bit of research on what | that term meant when the Bill of Rights was authored (hint: | it's different than what "regulated" is often interpreted to | mean in 2022). | [deleted] | [deleted] | edm0nd wrote: | I'm down with the right to own botnets under the 2A. | DwnVoteHoneyPot wrote: | How do you create a botnet? By illegally accessing there | people's equipment? | bashinator wrote: | I'm hopeful that the new originalist makeup of the SCOTUS | means no longer unconstitutionally limiting what's meant by | "arms". ICBMs for billionaires! /s | jdonaldson wrote: | It's hard to see how North Korea is taken seriously by anyone | these days. | snowwrestler wrote: | The 2nd Amendment says the government can't infringe your right | to possess arms. It does not say that it's legal for you to use | your arms against others to make a point. | | "Digital arms" are legal to possess in the U.S. as far as I | know. Again, that is not the same thing as legalizing any use | of them. | jonp888 wrote: | Do bear in mind that the way this interpreted under US law is | considered by most non-Americans to be completely bonkers, | and is only sustained by strong, uncompromising activist | pressure. | | I doubt the NRA would organize a picket to defend your right | to run PGP. | mardifoufs wrote: | Well, it's an American law, so its validity has no relation | to how non Americans see it. Also, the activist pressure is | much stronger and much, much better financed on the anti | gun side, so that does not make much sense. You can go read | the recent SCOTUS decisions related to the 2nd amendment; | their interpretation of the constitution is very, very well | justified. You can disagree with it, but it's ludicrous to | say it's all because of extreme activist pressure. The 2nd | Amendment is pretty clear on its intent, and that's wildly | agreed on by constitutional experts. Americans usually | support the right to bear arms too. | | I'm not American but if I was and I wanted to limit access | to guns, I don't think arguing that the courts should | decide the 2nd amendment doesn't actually give the right to | bear arms would be the way to go. If you think Americans | agree with you and don't actually want that part of the | constitution, judicial activism wouldn't be needed. | ShrigmaMale wrote: | No offense but why would I care at all what a non-American | thinks? They are not governed by this law and so have 0 say | in what it should be since it is not a rights violation. I | am only sorry you all live with such a lack of a basic | right and find it normal. | | From the other perspective: gun rights are under constant | attack from fearmongering media and I find that bonkers. | All it takes is one (1) psycho POS shooting up a school for | the media to run a month of coverage claiming that | everybody should now lose a fundamental right. Ffs most | people agree that criminal activity doesn't justify | violatung everybodys rights, why is this specifically | different? Because the media machine works for a political | class that wants a disarmed and castrated electorate. | | Theres been a creeping advance against them since the 1930s | with the NFA passing and gun grabbers have been constantly | demanding more for these 100 years with small concessions | then larger infringements, racheting toward less gun | rights. Most of this is enabled by bullshit judicial | activism that twists 2a for matters of convenience. | voakbasda wrote: | Not being able to use arms absolutely is an infringement of | the right to bear them. I mean, how would it be different if | we claimed that you can own a gun but not shoot it? | | One point that gets lost about the 2nd Amendment is that it | should be considered an inalienable right. Meaning, it cannot | be diminished by any law of man. Consequently, most of the | gun laws can be viewed as fundamentally unconstitutional, and | any attempts to enforce them are illegal. | | Of course, this is a highly unpopular opinion, as most of the | population has surrendered itself to creeping | authoritarianism. | whakim wrote: | > Not being able to use arms absolutely is an infringement | of the right to bear them. | | That doesn't follow. The right to own something does not | imply the right to use it. | | > One point that gets lost about the 2nd Amendment is that | it should be considered an inalienable right. Meaning, it | cannot be diminished by any law of man. Consequently, most | of the gun laws can be viewed as fundamentally | unconstitutional, and any attempts to enforce them are | illegal. | | The Constitution does not and cannot bestow inalienable | rights. | nickff wrote: | > _" The Constitution does not and cannot bestow | inalienable rights."_ | | The Bill of Rights was never supposed to bestow rights, | just protect them, as per the preface: | | > _" The Conventions of a number of the States, having at | the time of their adopting the Constitution, expressed a | desire, in order to prevent misconstruction or abuse of | its powers, that further declaratory and restrictive | clauses should be added: And as extending the ground of | public confidence in the Government, will best ensure the | beneficent ends of its institution."_ | snowwrestler wrote: | Obviously there are limits on what you can shoot your guns | at or crimes like murder, for example, would be legal as | long as it was accomplished with a gun. | hsnewman wrote: | I wouldn't want to be the one who tests this, jail is jail | regardless if your right or wrong. Getting out of jail isn't | as quick as you may think. | decremental wrote: | Important to note that "digital arms" are not a real thing as | far as anyone's rights are concerned. God given rights | probably but as far as encoded in law, not the case. | | Also, don't engage in cyber warfare against other nations | because the feds will come down on you harder than your | target could hope to[1]. Obviously because it's stupid to put | your country at risk. | | [1] Unless you live in the US and that country is Israel. | cobookman wrote: | Would the castle doctrine apply to your digital residency? | snowwrestler wrote: | Seems like an imperfect analogy. If you find malware | running on your computing systems, it is legal to disable | and delete it. But it's not like the bad guys are | physically present within your computer, like in a real | life home invasion. | imglorp wrote: | Encryption, at least, is a purely defensive weapon. In the | historical context of 2A, protecting yourself from your | government would closely align with the original intent of | militias protecting locals from a federal king. | gmfawcett wrote: | It's an interesting theory until they arrest you. As | another poster pointed out, crypto used to be considered | "munitions" under U.S. law. | imglorp wrote: | Yeah. After an expensive legal defense, maybe with a | bunch of expensive appeals, you'd be either wrong, poor, | and in jail or right, poor, and not in jail. | blueflow wrote: | That this article exists it a manifest of his failed OpSec... | if you are a hacker and you are popular for it, you aren't | doing a good job. | earleybird wrote: | Or, a phrase I like: "If you're as good as you claim, why do | I (of all people) know about you?" | enkid wrote: | He's a pen tester. It's free advertising. | ohcomments wrote: | Indeed... I've came across a few hackers in my life and not a | single one of them wanted to be known / seem as one. | markdown wrote: | You know that most hacks don't involve physical access to the | target device/infrastructure, right? | Waterluvian wrote: | The other day I read a (possibly wrong, fictional, or | dramatized) account of some private group hacking Belorussian | railways to impede Russian military logistics. | | I'm sure this is not new, but to me it is a fascinating | concept: the modern era equivalent of Partisan soldiers, | conducting cyber warfare in their jammies. | mndgs wrote: | It's a real thing, live and ongoing. They have a Telegram | channel https://t.me/cpartisans and also a promotional video | on YouTube for how to defeat Lukashenko, the only dictator in | Europe: https://youtu.be/UldT78OjlvE | | They did manage to induce mess on Belarus railways | transporting Russian military equipment to Ukrainian border. | It probably stalled, but still didn't prevent Russian | military reaching the Ukrainian border through Belarus. | pessimizer wrote: | If he were bombing NK infrastructure, would you be prouder? | oh_sigh wrote: | Well, the world certainly loves Nelson Mandela. | pessimizer wrote: | But doesn't love Osama Bin Laden, although Afghanistan | certainly suffered more from US involvement than the US has | suffered from North Korea, whose people it killed millions | of. | oh_sigh wrote: | OBL bombed more than just infrastructure. I wonder how | the US/world would have felt about him if he decided to | take out the Statue of Liberty or something like that | (while it was closed for repairs). | TedDoesntTalk wrote: | When did the US kill millions of North Koreans? Do you | mean the Korean War in the 1950s? | pessimizer wrote: | Yes, I'm referencing the event that formed North Korea. | multiplegeorges wrote: | Seems like the 4th Amendment already covers the right to use | strong encryption. | | > The right of the people to be secure in their persons, papers | and effects shall not be violated by unreasonable searches and | seizures | Shank wrote: | The 2nd amendment already has interpretation questions around | the first half -- the "A well regulated Militia, being | necessary to the security of a free State," clause. It could go | in any number of directions, from expanding "arms" to include | "digital arms" to reducing the right only to "as part of a well | regulated militia." See: | https://www.law.cornell.edu/wex/second_amendment | | But I wouldn't bet money on the right expanding beyond firearms | any time soon, given the glacial pace of constitutional law | review. | sjg007 wrote: | Arms vs weapons of mass destruction? Digital arms could fall | into the latter category. | x3n0ph3n3 wrote: | "A healthy breakfast, being necessary for a productive day, | the right to eat eggs shall not be infringed" | | Would you interpret _that_ as meaning we could only eat eggs | for breakfast? | winstonewert wrote: | No, but the supreme court might if it served their | interests. | enkid wrote: | It could be interpreted that it'd be ok to ban eggs in | other circumstances, certainly. The problem is that it's | meaning is so ambiguous that you can't properly tell, | especially when considering the arms they had at the time | of writing were completely different from what we consider | arms these days. If the founders said the right to eat eggs | is not to be infringes, would that mean the government | would be unable to regulate genetically modified eggs? I | don't think so. | rootusrootus wrote: | > given the glacial pace of constitutional law review | | OTOH, the SCOTUS has achieved a political supermajority and | will probably move much faster with policy changes now. | butlerm wrote: | The Supreme Court does not make policy, at most it stops | other branches from making certain kind of policies, when | presented an opportunity to do so when resolving an actual | case or controversy. | monocasa wrote: | Stopping certain forms of policy and not others is a way | to make policy. | ipaddr wrote: | Shape policy but not make policy. | monocasa wrote: | Shaping policy is making policy, practically. | ipaddr wrote: | Shaping material given happens at the end after the | material is formed. | | A judge answers the question someone else asks. | | They can deny policy based on existing policy. | drocer88 wrote: | "does not" or "should not" ? | gowld wrote: | SCOTUS can also roll back existing policy. The power to | flip a bit is effectively power to make policy. | duskwuff wrote: | Not autonomously. The Supreme Court can only hear cases | which are brought to it -- it cannot "make policy" in the | absence of a relevant case. | whatshisface wrote: | The SC receives an enormous number of cases most of which | it declines to hear. It has a lot of authority over what | is brought before it. | joshgrib wrote: | I think we definitely need some additional rights listed to | account for digital. GDPR seems like a good start to give | people more ownership of their data, but in the US we still | have basically no data rights or protection against searches of | digital content that you don't physically host. | gunfighthacksaw wrote: | Yea I was wondering about the legality of this cyber self- | defence, but like many crimes, if the victim (deserving or not) | does not report it, you'll probably get away scot free. | | In the case of NK, they could probably even register a | complaint and have it ignored, assuming the effort needed to | locate the perp was greater than the fucks given by the | appropriate authorities. | | Hats off to the author but I would also caution them against | broadcasting it publicly. The people who would appreciate this | the most probably use secure channels anyway ;) | [deleted] | Maursault wrote: | > Also the vagueness of our hacking laws probably make what he | did a crime. | | I think it is likely North Korea could charge him with a number | of crimes that may be extraditable, like cyber "terrorism" (the | quotes are necessary, right?) The US has extradited at least | one Russian hacker [1] P4X is also likely now featured in | intelligence summaries in countries with security treaties with | North Korea, like China and Russia. Also, it's possible P4X has | violated the Logan Act. | | [1] https://www.justice.gov/usao-ma/pr/russian-national- | extradit... | racnid wrote: | Good luck, we're having enough trouble protecting our normal | arms. | wwweston wrote: | IIRC cryptography has been classified under munitions: | | https://en.wikipedia.org/wiki/Export_of_cryptography_from_th... | | Not sure how that'd interact with 2nd amendment issues (but it | did come into conflict with the 1st). | pmalynin wrote: | We'll it's interesting in this case, because technically | speaking a peace treaty was never signed and North Korea is in | the state of war with the United States. So is it really a | crime to attack a hostile state? | capableweb wrote: | > North Korea is in the state of war with the United States | | I'm not sure where this comes from, but you're now the second | person I see on HN to say this | (https://news.ycombinator.com/item?id=29896969). Is this | "common knowledge" in the US or something? | | Here is what I said the last time: | | >> The US and KP are technically still at war (the Korean war | stopped with a cease fire, not a treaty) and the US and its | allies levy sanctions on them that hurt. | | > Technically, I don't think the US and North Korea ever been | at war. South Korea and North Korea are technically still at | war though, as they signed the treaty with each other, not | the US. | mlyle wrote: | None of the US wars since WWII have been formally declared | wars. They're still wars. | | The conflict with North Korea ended with an armistice, not | a formal treaty. The armistice intended for peace treaty | discussions to start 3 months later... and they never | really did. | | The US, UN Command, and North Korea are still operating | under a temporary cease-fire that's now basically 70 years | old. (I don't think South Korea even signed the armistice). | wongarsu wrote: | If you're technically not at war then you can't at the | same time be technically still at war. Neither side | declared war against the other or is currently acting | like they are at war, thus they aren't at war. | tomphoolery wrote: | Tell that to the North Koreans :P | mrbald wrote: | Looks like every man and his dog is an expert on North | Koreans. Did it occur to you that most citizen there are | hostages of the own state and may be fighting hard to get | a piece of bread on the table? I highly doubt they give a | shit to the US, or the internet or the hacker wars of any | kind. | jerrysievert wrote: | > I highly doubt they give a shit to the US, or the | internet or the hacker wars of any kind. | | somehow, I don't think that those are the people that are | being targeted. it's the "elite" who actually have | internet access, and can also eat. | | those who make the decisions, and those who are friends | of those who make the decisions would be the ones | affected by the internet being down, not those who can | barely eat and obviously don't have internet access. | judge2020 wrote: | 2016: https://www.reuters.com/article/us-northkorea- | nuclear-idUSKC... | | > The United States rejected a North Korean proposal to | discuss a peace treaty to formally end the Korean War | because it did not address denuclearization on the | peninsula, the State Department said on Sunday. | | 2018: https://www.cnn.com/2018/04/27/asia/korean-summit- | intl/index... | | > Then they signed the Panmunjom Declaration for Peace, | Prosperity and Unification on the Korean Peninsula, which | commits the two countries to denuclearization and talks to | bring a formal end to conflict. It was a startling | conclusion to the first meeting between leaders of the two | countries in 10 years. | | 2021: https://www.reuters.com/world/asia-pacific/south- | korean-lead... | | > "I once again urge the community of nations to mobilize | its strengths for the end-of-war declaration on the Korean | Peninsula," Moon said in a speech to the annual gathering | of the world body. | vkou wrote: | Technically speaking, there hasn't been a peace treaty | between Russia and Japan, either. That doesn't mean we've | spent the past 77 years waiting with bated breath for yet | another conflict over the Kuril islands to break out. | riku_iki wrote: | They didn't sign peace "treaty", but they signed | declaration of ending war: https://en.wikipedia.org/wiki/So | viet%E2%80%93Japanese_Joint_... | jxidjhdhdhdhfhf wrote: | Who knows. It seems like anything can be interpreted as a | crime these days. Hopefully he's got good lawyers advising | him. | TedDoesntTalk wrote: | Agreed. This is immensely foolish on his part. And he can | rest assured that his identity is known. | | One crime does not justify another. | gowld wrote: | NK committed a sovereign act of war, not a crime. NK is | not under common jurisdiction as the victim. | TedDoesntTalk wrote: | Individual citizens don't get to define acts of war | [deleted] | moron4hire wrote: | I don't think the North Korean government would have | standing in a US court. | landemva wrote: | Though US government claims standing in UK court to take | Assange. | at-fates-hands wrote: | We signed an extradition treaty in 2003 with the UK: | | _The Parties agree to extradite to each other, pursuant | to the provisions of this Treaty, persons sought by the | authorities in the Requesting State for trial or | punishment for extraditable offenses._ | | https://irp.fas.org/world/uk/extradite.pdf | | As I understand it, this was an extension of the original | 1972 treaty. | pulse7 wrote: | Wars can end without peace treaty. Just see the history: | there were many more wars than peace treaties... | rhino369 wrote: | You can't go by technicalities. But even if you go by | technicalities, we never declared war in the first place it. | It was a "police action." | | I'd imagine it is a crime to attack a state that we are in a | cease fire with regardless. | ctdonath wrote: | Remember: the US Constitution includes "letters of marque" | clause, empowering Congress to grant citizens' requests to wage | private warfare against foreign entities. Wish people would | exercise this option more. | hawski wrote: | Encryption was considered a weapon previously, which resulted | in an export ban. | | https://en.m.wikipedia.org/wiki/Export_of_cryptography_from_... | kmeisthax wrote: | ...and the parent post's argument was already made by xkcd: | https://xkcd.com/504/ | rjsw wrote: | Also resulted in lots of us having to lie on our Visa Waiver | forms on entry to the US. | excalibur wrote: | > Also the vagueness of our hacking laws probably make what he | did a crime. | | Yes, it is most definitely and intentionally illegal. Things | don't stop being crimes just because the victims are | communists. | ipaddr wrote: | A North Korean law was probably broken. North Korea could ask | the US to send him over to stand trial and the US could agree | or ignore the request. No legal framework exists between the | two countries so the US isn't forced to send them. | | Things don't start becoming a crime until laws exist. | seanw444 wrote: | I really like that 2nd amendment thought. Very interesting. | dnautics wrote: | What he really should do, is petition the us Congress for a | letter of marque in a closed door session and Congress should | grant it to him. | ngcc_hk wrote: | Right to bear digital arm to fight foreign digital empire ... | seems fit the spirit. Not sure about the law and 3 letter | people. Best of luck. Brave soul to fight N Korea. How about | China. | AdrianB1 wrote: | The second does not grant anything, so it's not applicable for | this case. Consider "digital assault weapons ban" as the | closest concept. | darkhorn wrote: | This is a self defence. If police cannot protect you from bad | people then you protect yourself from bad people. | sudobash1 wrote: | > So after a year of letting his resentment simmer, P4x has taken | matters into his own hands. "It felt like the right thing to do | here. If they don't see we have teeth, it's just going to keep | coming," says the hacker. | | Frankly, I feel that international relations are going poorly | enough without vigilantes poking the bear. And also, I doubt that | bringing down their network infrastructure will have the desired | effect of them lessening the cyber-attack capabilities. | arbitrage wrote: | NK's capabilities are vastly overblown. Calling it a "bear" is | part of their disinformation strategy, just like Russia. | | You're amplifying their propaganda. | Shank wrote: | North Korea's power doesn't come from its technical | capabilities in terms of nuclear weapon usage against the | United States. North Korea's power comes from its close | proximity to South Korea, which is well within striking | distance, and how the geopolitical ramifications amplify out. | Even with conventional weapons, a re-ignition of hostilities | on the Korean peninsula would be disastrous. Relative to | Russia, which more or less has the ability to trade with the | world, and has a fairly sustainable economy, North Korea has | basically nothing. | | The whole reason why NK repeatedly tests nuclear and | conventional strike capabilities is to power project, get | people to the negotiating table, and try to get | supplies/food/money from countries in exchange for a halt of | testing. | bigcat123 wrote: | reaperducer wrote: | _NK 's capabilities are vastly overblown. Calling it a "bear" | is part of their disinformation strategy, just like Russia._ | | Calling it a "bear" is utilizing the common expression "Don't | poke the bear," not an assessment of North Korea's abilities. | throwaway329183 wrote: | It's not "don't poke the mouse", if the target isn't | dangerous there's nothing to fear from poking them | AnimalMuppet wrote: | In fairness, the bear poked him first... | TedDoesntTalk wrote: | The article says he downloaded a hacking tool for a friend | into a VM that had a back door. Then goes on to say he was | "personally targeted". This is ridiculous. | ssklash wrote: | NK was specifically targeting prominent security | researchers, with fake accounts and blogs, then trying to | get the researchers to open a backdoored Visual Studio | project. They were absolutely personally targeting people, | and I don't doubt he was one of them. | causi wrote: | _an attempt to draw attention to what he sees as a lack of | government response to North Korean targeting of US individuals. | "If no one 's going to help me, I'm going to help myself," he | says._ | | Good. I'm sick of foreign policy being determined by spreadsheets | that say whether defending ourselves or others will be | profitable. | DietaryNonsense wrote: | I see comments saying that he may be interfering with actual | operations against NK or that now that he has done this they are | more likely to patch their systems and be more secure, | contradicting his own intentions. | | It's also entirely possible that this action, including the WIRED | article and it's high visibility, is part of a broader effort and | strategy. In reality we just won't know in this type of | situation. | | Any casual judgement that talks about how obviously naive this is | may be a little too shallow. | pessimizer wrote: | True. He may not even exist. | biermic wrote: | You might be onto something. | kspacewalk2 wrote: | However, that something may also not exist. | slickrick216 wrote: | Right isn't this just spontaneous "patriotic Russian hackers" | but with Americans. | DietaryNonsense wrote: | A colleague asked me what I meant by this - what use would a | WIRED article have? etc. | | Targets (individuals, interior or gapped networks, etc) can be | difficult to identify or locate and are even more difficult to | get access to. Consider that it may be easier to run an | operation where you intentionally pseudo-identify a security | researcher engaging in his own attack to draw attention. Better | yet, this researcher is known to be in possession of valuable | tools, after all, the article says so. | | Maybe P4x exists or is a fiction, but either way there's a | difficult yet traversable route of information that leads to | "his" network. Somewhere there's an encrypted volume that | presumably holds his cherished tools and information. But P4x | knows that the encryption he's using suffers from undisclosed | 0day. In fact, the 0day was developed by P4x et al and released | into the wild to be found and used in just this kind of | situation. The tools that appear to be protected by researcher | P4x are actually compromised themselves, meant to be taken. He | schedules an interview with WIRED, he talks shit and trashes NK | operations, and plays the cocky and justice hungry hacker | trope. He chums the water. | | There are countless ways that misdirection and narrative can be | layered to draw your adversary into a worldview that is the | creation of your own. It's not _just_ floors of camo-clad | cyberoperaters phishing management types and looking for | document dumps. | YPCrumble wrote: | So in essence this WIRED article could be a distribution | mechanism for the government to provide compromised hacking | scripts to third party hackers? | curiousllama wrote: | This is a good point. Can't break into the vault without | tripping the alarm, so you have a bunch of teenagers make a | bonfire in the lobby. | neonate wrote: | https://archive.is/QP2q2 | | http://web.archive.org/web/20220202184549/https://www.wired.... | okkdev wrote: | I don't like this | curtisblaine wrote: | So now they're probably patching their vulns, or at least they're | aware of them, resulting in an overall better security for NK. | anonAndOn wrote: | PSA: Whether bare knuckle boxing or global hacking, always | remember the first rule of Fight Club. | lowbloodsugar wrote: | What are you talking about? | egberts1 wrote: | What fight club? | jokoon wrote: | What do they mean "north korea hacked him" ? | | Does NK hire hackers? How is it possible for NK to have competent | hackers? | malermeister wrote: | Why wouldn't it be possible for a country of almost 26M people | to have competent hackers? Just cause they live in a | dictatorship doesn't mean they're all stupid. | foepys wrote: | https://en.wikipedia.org/wiki/Bureau_121 | | North Korea successfully stole tens of millions by hacking | banks via SWIFT between 2015 and 20216 and probably several | hundreds of millions in crypto currency in 2021 alone. | | https://www.bbc.co.uk/news/business-59990477 | | NK apparently has a very capable cyber warfare unit and hacking | crypto currency wallets/exchanges is a major income for them. | rootsudo wrote: | I wonder if it's the same P4 that I was accustomed too on video | game modding forums and similar places. | | Curious indeed. But even going on wired to brag about it, I | wonder. | jacquesm wrote: | I give that about 0.3846% chance. | genera1 wrote: | I have a gut feeling, that person responsible for those hacks | might be working for or at least informing US gov about his | actions in advance. | | Him talking so openly to a major news outlet and warm response of | us gov officials point towards that | lgvln wrote: | This is precisely my first thought as well. It makes for a | half-decent Hollywood plot but IRL? My guess is there's got to | be more than what meets the eye. Propaganda piece perhaps? | californiasurf wrote: | I think he should crowd source this so we can all work to disrupt | North Korea. | ummonk wrote: | It's good that he went public about it, as this is the sort of | thing that can cause international tensions when the target | assumes it's a state-sponsored attack. So many cyberattacks by | individuals or small crime outfits get misinterpreted as state- | sponsored because they're "sophisticated". | | Things are really easy to misinterpret, like when Ukraine's | undercover attempt to capture Russian PMC soldiers resulted in | Belarus thinking Russia was attempting a coup in Belarus. | throwaway4good wrote: | This is nothing to celebrate. Would we like random people sitting | in say North Korea taking cyber revenge over evil regimes they | don't like? | Calloutman wrote: | I mean, they specifically targeted him first. It's not that he | just didn't like Kim and thought he'd take him down a peg. | [deleted] | jelling wrote: | > "I want them to understand that if you come at us, it means | some of your infrastructure is going down for a while." | | Doing that is one thing, and certainly won't increase your | personal safety. Doing that and telling the western press to | embarrass them is insanely stupid. Kim Jong-un is widely believed | to have ordered the assassination of his half-brother. And you | want to threaten the infrastructure of his country? Talk about a | keyboard warrior. | | PBS Frontline's special on the assassination: | | https://www.pbs.org/video/north-koreas-deadly-dictator-2pobw... | not2b wrote: | It's not infrastructure. He attacked a few propaganda sites | aimed at outside audiences. He didn't get into their internal | network, which is sealed off from the Internet. | MichaelZuo wrote: | It's make one wonder if most of the other posters even | bothered to read the details. | [deleted] | [deleted] | tehjoker wrote: | So your tools get stolen and you take down possibly critical | infrastructure for huge numbers of people? Terrorism. | | Imagine someone did that to America in response to the NSA | hacking them (read, most of the world's population all the time | since the Bush administration). | | We celebrate that when it's done to official enemies. | boomboomsubban wrote: | I'd bet that this hacker has personally been targeted by US | intelligence agencies, if not before this event certainly | after. Yet somehow I doubt he will attempt to take down the | entire cointries internet or start a FU USA group. | pessimizer wrote: | The North Korean regime just needs to come in from the cold, | like Gaddafi did, which certainly worked out well for him and | the Libyan people. | tehjoker wrote: | Just to add context for others that aren't familiar, NK | definitely learned from the Libyan experience. It was after | Gaddafi got filmed getting bayoneted in the ass for giving up | the Libyan nuclear program, North Korea learned to never give | up nuclear weapons and accelerated their program. | pessimizer wrote: | That was one short bayonet for a man, and open air slave | markets for the Libyan people: | https://www.usatoday.com/story/opinion/2017/11/27/clinton- | po... | | > 'We came, we saw, he died,' she joked. But overthrowing | Gadhafi was a humanitarian and strategic debacle that now | limits our options on North Korea. | emkoemko wrote: | and asking Iran to give up having missiles etc after | seeing what they did to Libya? | kingkawn wrote: | Did you read the article? | tehjoker wrote: | They claim that this only affects "propaganda websites" but I | honestly do not know how North Koreans use the intranet and | what kind of access they have outside the country. Do you see | reporters doing in-depth interviews regularly or NK citizens | on english language websites? We should be very careful to | qualify what we actually know about this country as it is a | regime change target. This means most of what we read in the | news about it will be war propaganda. | Kalanos wrote: | reckless. could have caused missiles accidents or god knows what. | now those vulnerabilities will be patched. it would have been | better to report those vulnerabilities to the military so they | could be used when needed. | schwanky wrote: | It's easy to accuse North Korea. They can't practically respond | to the accusations because they have no outlet anyone reads, and | if anyone did then nobody would care anyway. | nkrisc wrote: | North Korea destroyed their own credibility. | commoner wrote: | North Korea has Rodong Sinmun, which has an online edition in | English. People interested in North Korean politics do read | this newspaper. | | - Website: http://www.rodong.rep.kp/en/ | | - Wikipedia: https://en.wikipedia.org/wiki/Rodong_Sinmun | megous wrote: | Hm. So I actually like the form of north korean websites, if | these two in this thread are representative of the norm. :) | No ads, no trackers, 0 resources blocked in uBlock, no CDNs, | clean design not jumping around, to the point without useless | stock photos... No modern "design", with thin grayed out | unreadable fonts. No webfonts, clean html code. Interesting. | :) | lelandfe wrote: | ...unresponsive, loads articles in pop-up windows, uses | http/1.1 so resources are downloaded serially, has all JS | in critical path.... | Shank wrote: | They also have KCNA, which they also use to communicate: | http://kcna.kp | lelandfe wrote: | Implying that the hacking attributed to NK might have been a | false flag? | dash2 wrote: | Indeed another person quoted in the article suggests that the | hacking might have come from China. | ncmncm wrote: | NK trains up and operates hacking groups to generate | income, not just to be unpleasant. So, guessing that would | mean NK is renting out hacking services to China. Other | ways to generate income from hacking is operating a | ransomware gang, renting out botnets, and gathering banking | passwords to use in draining accounts. We may assume they | are involved in all of the above. | eclipsenet wrote: | That's the wrong takeaway from that bit though I think. I | believe they are saying that China and other states are the | actors on behalf of NK not that they are using NK as | patsies ... granted that may also be true. International | politics and espionage is a weird domain. | ummonk wrote: | I think the implication is that these are North Korean | hackers stationed in China, not that China is doing it on | their behalf. | mrkstu wrote: | I would imagine the intelligence services aren't happy he's | providing them free pen-test services. He's taking potential | tools out of their toolbox when they may need/want them in a | future time of conflict. | gunfighthacksaw wrote: | So if the reds start parachuting down over your community you | should just sit pretty lest you interfere with your military's | operations? | | The equivalence is not a false one in my eyes because a | cyberattack against a US national's systems should be seen as | an attack on a US national's property. | netsharc wrote: | ummonk wrote: | If they send a small aircraft onto your territory you | shouldn't light it up with all your SAMs and take it down, | because that will allow them to locate your SAMs for SEAD. | biermic wrote: | So that guy downloaded some random "hacking tool" a friend of | his found, and no shit it had a backdoor. He was never | directly targeted by the North Koreans. | throwaway9986 wrote: | kelvin0 wrote: | Wow, the 'Reds' is a term which I had not seen in a while, | feels like I'm watching an early 80's cold war movie. | jacquesm wrote: | I can see where the reference comes from, there isn't all | that much to pick if you want to use a color: | | https://abcnews.go.com/International/north-koreas-parade- | big... | dc-programmer wrote: | The article says he's exploiting known (ancient) | vulnerabilities | mrkstu wrote: | Yes, he's exhausting their quiver of easy/cheap and instead | they'd be forced to waste zero days right up front. | dc-programmer wrote: | At this point I would assume that foreign states have | malware hooked deep enough into all the systems that the | only way to eradicate them would be with an incinerator. | Plus even after (if?) they update their software I doubt | you'd need zero days to get back in. Im interested to see | what the upgrade path is for the Red Star OS is though lol | zentiggr wrote: | Well, if they're not going to use them to find and shut | down the NK hackers, then they should step aside for those | who will. | | (Of course, there could be deeper ops from the CISA side, | but if their only cost is having to lose older vulns, so be | it.) | mrkstu wrote: | The difference of course being, is that they don't want | to shut them down during a time of relative peace. | Getting them to harden their presence now is | strategically a waste. | | In the extremis they can always bring in the orbital | cannons and overwhelm them of course. | nr2x wrote: | Where's the GoFundMe link? ___________________________________________________________________ (page generated 2022-02-02 23:01 UTC)