The commotion in Bangladesh over missing $1B was bigger not so much because of money missing, but how it went undetected, and covered up.
BAL goondas preemptively abducted country's leading computer security guy, beaten him half dead, and made him shut-up for a mere prospect of him being involved into investigation.
Note that a billion dollar didn't go missing - they attempted to steal a billion dollar but only managed to get $81 million, out of which roughly a quarter has been recovered by Bangladesh.
As the article points out, the cover-up started at the highest level, with the governor of the central bank himself not informing the government or law agencies as soon as the news reached him. He tried to hire some other security agencies to trace and retrieve the money, (probably hoping to salvage some of his reputation and following the old maxim that it is better to seek forgiveness than permission). He ofcourse had to resign the next day.
I am sure the law went overboard while investigating a case of this maginitude with huge public pressure on them - it's pretty common in Asia for the police to even resort to torture.
Here is proof that being technically capable is not so useful if you don't have corporate/governmental/legal knowledge and "street smarts"
People (especially the technically inclined) have a rose-coloured view of how things should work. And yes if the company is up to date on security practices your vulnerability reports will be welcome.
If not, well... (Not saying it should be like this, I'm saying drawing attention to yourself needlessly is not the wisest thing, especially if you don't have a plan B)
Hah; check the comments in linked thread about "Trump Effectively Inciting Violent Action among his supporters". Let's put aside our individual perspectives and interpretations on events of 2021 for a moment - either way it's fascinating that comment is from 2016 :O
Not spoken about here is the fact that Lazarus __did__ make off with well over a billion dollars in funds by hacking numerous cryptocurrency exchanges around Asia and got away with it, too.
Oh, and this is just KuCoin they're talking about here. They stole well over $3 billion more from several other exchanges in 2017-2018. All the exchange hacks back then on the various Asian exchanges are attributed to them. Really likely they made off with upward of $5 billion in today's terms of all sorts of altcoins.
>In the ensuing years, tech security firms have attributed many more cryptocurrency attacks to North Korea. They claim the country's hackers have targeted exchanges where cryptocurrencies like Bitcoin are swapped for traditional currencies. Added together, some estimates put the thefts from these exchanges at more than $2bn.
“But North Korea is better than that. They would not steal all the other movies and not grab The Interview. I am convinced that this is an inside job.”
Surely the fact that The Interview was the one movie they did not want to "grab" indicates that there was something about that movie. Perhaps they grabbed the others to spread them freely on pirate sites, but didn't want to spread The Interview because their whole aim was to make sure no one could ever see it.
The article uses the phrase 'It was "well-known in the intel community"' from an FBI agent to prove a North Korean connection. They aren't doubting the FBI at all in this story, it's less cheap entertainment more blatant propaganda.
It's well known among people who pay attention to these sorts of things, but a lot of otherwise well educated people seem to think that all of North Korea is a primitive backwater stuck in the 50s lacking any kind of technical sophistication.
Tangential question: in order to become educated/expert in some field (e.g. IT) one needs the freedom of doing research, free access to information, Internet, thus exposure to "western"/civilized values, human rights, etc... So how NK "produces" such experts behind the iron curtain?
Exposure to “Western”/civilized values? What are you even talking about?
Yes you can learn to be a script kiddy and plan heists without having the pledge of allegiance as part of a balanced breakfast. Books and random websites and stuff!
Not to mention that people from NK or China don’t just explode from logic errors after discovering Facebook.
And yes people have ways of getting around internet blocking stuff for “reasons”. They get exposed to minion memes and come out without being totally radicalized.
> > one needs the freedom of doing research, free access to information, Internet, thus exposure to "western"/civilized values, human rights, etc
> What are you even talking about?
Charitably, I assume they're talking about something like [0], although calling that ""western"/civilized values" is giving western civilization more credit than it deserves if recent sociopolitics (Facebook included) is any indication.
I mean "lets purge our academics of non-believers" is a practice applied in basically every society, for time immemorial.
The non-charitable reading is that they're implying that "access to information" is the blocker from NKers just rising up and accepting "western" norms, and _if only they knew how amazing society could be_, they would change their minds.
It's the same brainworms as the liberal "oh, if only you knew all the facts then you would agree with me". It implies some sort of objective truth that western society has found, yet these societies haven't.
Educated people in NK know about voting and democracy. It's not some super well-kept secret to keep the masses down. Censorship is just applied in much more banal ways (preventing too much embarassing information about people in power from spreading, and making it hard for any form of opposition to organize itself)
> "lets purge our academics of non-believers" is a practice applied in basically every society, for time immemorial.
> > although calling that ""western"/civilized values" is giving western civilization more credit than it deserves
> The non-charitable reading is
<shrug> You asked what they were talking about; I gave a educated guess for the strongest plausible interpretation of what[0] they were saying, since it seemed non-obvious (certainly they did a poor job of expressing it if so).
> So in order to train its cyber-warriors, the regime sends the most talented computer programmers abroad, mostly to China.
There they learn how the rest of the world uses computers and the internet: to shop, to gamble, to network and to be entertained. It's there, experts say, that they are transformed from mathematical geniuses into hackers.
The hackers have a lot more access to information than regular citizens because they need it to do their job, but it would be interesting to know how that affects the defection rate.
Probably higher than your average citizen without access to classified information, but not high enough to make defection a common occurrence that significantly hampers intelligence work. Some hackers may be disillusioned with the system, but most are socially conditioned to accept it as better than the alternative, imposed by external enemies and pressures, or not their problem. Defection is also not unique to authoritarian countries, see Snowden.
Even in a nonauthoritarian country, defecting means you'll never return again to see your friends and family anyways. Given that, defectors probably consider making a political stand more important than their personal connections regardless of what happens after they leave. Not everybody has a loving family and close friends they can't give up.
You can't return but what is preventing them to come to your new home. Snowden's girlfriend moved to Russia and I think any of his family members can visit him if they want.
I meant that if he was willing to put his family through that much trouble, they probably weren't that close in the first place. In which case, what does or doesn't happen to family left behind isn't a large factor in deciding to defect.
I very much doubt North Korea produces a ton of experts on their own.
China is likely happy to supply experts and teaching, though, as long as they are used to disrupt China's opposition. Provides a layer of plausible deniability for China.
I feel like as somebody that works in tech, infosec media tends to feel too dense, or overdramatised (nothing against the BBC writers, I don't expect them to be super technical)
The best middleground I found was Sandworm by Andy Greenberg. Does anybody know of similar works?
>In January 2015, an innocuous-looking email had been sent to several Bangladesh Bank employees. It came from a job seeker calling himself Rasel Ahlam. His polite enquiry included an invitation to download his CV and cover letter from a website. In reality, Rasel did not exist - he was simply a cover name being used by the Lazarus Group, according to FBI investigators. At least one person inside the bank fell for the trick, downloaded the documents, and got infected with the viruses hidden inside.
>Once inside the bank's systems, Lazarus Group began stealthily hopping from computer to computer, working their way towards the digital vaults and the billions of dollars they contained.
I'd say when you want elite level hackers, then try those: https://ctftime.org/ like
More Smoked Leet Chicken, Dragon Sector or Plaid Parliament of Pwning
> thieves had gained access to a key part of Bangladesh Bank's systems, called Swift
Eh, what? I recall that to get access to SWIFT, you would require a SWIFT USB stick. How would a hacker be able to access SWIFT without the USB stick? This story doesn't smell right to me.
The commotion in Bangladesh over missing $1B was bigger not so much because of money missing, but how it went undetected, and covered up.
BAL goondas preemptively abducted country's leading computer security guy, beaten him half dead, and made him shut-up for a mere prospect of him being involved into investigation.