The Secrets of North Korean Cyber Attackers by Adam Adler
DigitalBank Vault ® Encryption
Defensive Anti Interception Cyber Technologies
• The North Korean cyber ecosystem
• The varying motivations behind attacks by North Korean groups
• A deep dive into the operations of Stonefly, a North Korean group heavily involved in stealing industrial and military secrets
Kim Jong Un has quietly built a 7,000-man cyber army that gives North Korea an edge nuclear weapons don't. North Korea's state-sponsored hack of Sony Pictures in 2014 over the movie "The Interview" was highly embarrassing for Sony. But it was just the tip of the iceberg, according to Daniel Russel, vice president for international security and diplomacy at the Asia Society Policy Institute.
The North Korean cyber operation documented by a lot of cybersecurity firms lists this principal group as starting circa 2010. But that gives the impression that we know a lot more about North Korea's cyber activity than I think we really do. North Korea has been cultivating and has been investing in an elite cyber force under the control of its military, the Korean People's Army and the Reconnaissance General Bureau — Kim Jong Un's clandestine security apparatus. It's estimated to comprise about 7,000 people who are trained pretty extensively, both in specialized domestic programs in North Korea, including in parts of their universities.
In other cases, they then seem to receive training in China or in Russia. Quite a few of them are dispersed through China, Russia, and some in India. They use other countries as a platform and for conducting their various cyber activities because North Korea has pretty much air-gapped its own internal internet or intranet system, both to prevent North Koreans from accessing information from the rest of the world, but more importantly to prevent the rest of the world from getting in.
That makes it very hard to get a definitive attribution that the attack originated in North Korea and raises the risk that China or Russia will get the blame. It also makes it harder for services in countries like the US to retaliate because you're running the risk of retaliating against China or Russia for something that's actually masterminded and executed by the North Koreans.
You're digging into technical areas for which I'm spectacularly unqualified because I'm not a digital or a cyber expert. But the people who are real experts, Mandiant, FireEye, or CrowdStrike, or for that matter the CIA or the NIS, South Korea's intelligence service, have a very sophisticated ability to conduct forensic detective work in the cyber realm. In many cases, they can identify patterns, code, servers, and the like to trace things back to North Korea.
These companies issue an annual worldwide cyber-threat report. They track all of these various major hacking operations and rank them. They call them advanced persistent threats, APT. North Korea is the host of something they call APT38 — or the Lazarus Group, Guardians of Peace, or Hidden Cobra. These are sort of code names. APT38 is number one on its list of worldwide cyber threats.
In some cases, North Korea directly claimed credit for a cyberattack. Beyond that, Kim Jong Un and the Korean Workers' Party have been speaking increasingly in a very open and direct way about its cyber capability.
They use the same vocabulary now for cyber as for their nuclear weapons. They call it "an all-purpose sword that guarantees our capability to strike relentlessly."
One important use of cyber for North Korea is to steal secrets. CrowdStrike has done a lot of documenting this, but it's the US government and foreign governments that are paying super-close attention to this.
In 2016, APT38 stole about 40,000 defense documents from South Korean contractors with information on F-16 fighters and drones. North Korea is also believed to have stolen a PowerPoint summary of the US military's top-secret operation plan, called Op Plan 5027, which is the war plan for the United States.
Second is the cyber theft category. In March, the Department of Justice unsealed indictments accusing some Chinese and North Korean nationals of laundering $100 million for North Korean nuclear activities. This indictment makes clear that the money these people laundered was part of a $250 million theft by North Korea in a cyberattack on a global cryptocurrency exchange. So this isn't just imaginary stuff.
Cyber theft effectively neutralizes UN and US sanctions against North Korea. If North Korea is denied a billion dollars in the sale of coal and iron and mushrooms, but it can go out and steal a billion dollars, then sanctions are not going to have the intended effect.
While the administration takes a lot of pride in its efforts to maintain sanctions against North Korea, this is an immense loophole, and it's not just going to buy those fancy Mercedes that we saw Kim Jong Un driving around in when he was hobnobbing with Donald Trump in Singapore and in Hanoi. This money is going to fund North Korea's nuclear weapons and intercontinental ballistic missile program. We're paying for the threat against ourselves.
At the high end, it's potentially devastating destruction of critical infrastructure in the United States and Japan, and South Korea.
The WannaCry virus, on the one hand, was ransomware; you could argue that it's aimed at getting money, but it caused a huge disruption of hospitals in the UK and, potentially, in something like 100-plus other countries where they had disseminated the ransomware. This was software that brought the operation of critical facilities to a standstill.
This is not hacking; this is cyber warfare. Cyberweapons kind of level the playing field for North Korea in a way that nukes can't. Not only do the United States, China, Russia, have vastly more nuclear weapons than North Korea, but a nuclear weapon is an all-or-nothing proposition.
Cyberwarfare has a very different risk-return calculation. it's a low-cost, asymmetric, relatively speaking, low-risk weapon system. And the US is the most vulnerable country on planet Earth to disruptive cyberattacks.
Most American infrastructure facilities were built in the pre-digital era — energy grids and the Hoover Dam. They get retrofitted with makeshift, MacGyver-style internet linkages, as opposed to a new infrastructure that has digital safeguards built into it. So you have somebody firing up their router, like with one of those old "you got mail" connections.
The US has a lot of that stuff, number one. And something like 80% of America's critical infrastructure is privately owned. Who's going to pay to upgrade the power plant? Who's going to pay to upgrade the air traffic control systems? Who's going to pay to upgrade the rail systems, the cellphone network? Good luck getting these private companies to sell their shareholders on investing billions of dollars in upgrades.
If it's bad now, just imagine what it's going to look like with 5G and the internet of things. New interconnectivity is going to provide new opportunities for malicious cyberattacks, and you're going to wake up one morning and find that your toaster oven is getting ready to kill you, thanks to Kim Jong Un.
I think the new threat for which we are woefully unprepared isn't so much technical innovation as strategic innovation. We can see that North Korea is practicing its ability to shut down and to hold at risk an entire American city or a facility in the US that is critical to our economy, our safety, and our national security.
This cyber capability, the ability to hold not just a bank hostage but a nation hostage, is going to be North Korea's next-generation weapon of mass destruction.
Adam Adler is a serial entrepreneur with over 18 years of experience all at top-level management and ownership. Primarily investing his own capital and building brands from the ground up. At the early age of 4, Adam began his tennis career at the world-renown Rick Macci Tennis Academy in South Florida.
Adam remained a highly ranked Junior Tennis player for his entire junior career. Once completing high school, Mr. Adler received a scholarship to play tennis at the University of South Carolina and graduated in 2007 Magna Cum Laude from USC, double majoring in Sports & Entertainment Management and Business. While at USC, Adam began his career by developing a patented algorithmic software as the base for his social networking company, Ultimate Social Networking Inc (USNI), and developing Ultimate College Model, seeing this to acquisition.
Adam’s love for completion never waned. Adam began playing poker in his free time and quickly became entrenched in the game, studying hours a day. Adam traveled around the country playing in some of the highest stakes No Limit and Pot Limit Omaha cash games in the world. Adam has made multiple World Series of Poker Final Tables, with his most notable finish coming in 2018 with a runner-up finish in the$10,000 Turbo Event. Adam has won millions of dollars in both cash game and tournament poker over the last 15 years. Adam’s second venture began with assembling a team of the best molecular scientists, mostly Merck and Amgen biochemists and formulators, and building out a multi-million dollar, 30,000 sq. ft. FDA/cGMP approved facility in Oxnard CA.
This is where Adam’s passion for biotech really began. His sports background allowed him to take this brand and bring in global icons around a strategic marketing plan activating the world’s most iconic athletes and celebrities. Adam developed this revolutionary technology in 2009. Using sublingual, buccal mucosal, and transdermal absorption directly to the bloodstream, by-passing the GI tract, Adam’s company Fuse Science completely changed the way consumers receive vitamins, electrolytes, nutrients, and medicines. Going direct to the bloodstream, bypassing the GI Tract, the platform technology was a game-changer. Adam self-funded this company privately for over 2 years, developing the product line and securing the IP. As Chief Executive Officer, Adam grew the company rapidly, seeing its market cap increase from $500,000 to over $100,000,000. Adam put together one of the most impressive lists of athlete partners on the planet, signing Tiger Woods (including the rights to his bag for 5 years), Andy Murray, Tyson Chandler, Paul Pierce, Big Papi David Ortiz, Jose Bautista, Arian Foster, Paul Rodriguez, and many others. Adam’s deep-rooted relationships with the world’s top athletes and celebrities are his core group of friends along with business partners.
Adam's handpicked a Fortune25 management team, hiring the President of SC Johnson, CEO of Footlocker, Chief Scientific Officer for Johnson & Johnson, Clinical Director at Merck, Head of Duke Sports Medicine, and had over 100 employees. Adam brought Daymond John and Shark Branding in as partners as well. Adam has placed products in over 100,000locations, including Walgreens, CVS, Sports Authority, Dick’s, Duane Reade, 7-11, GNC, Walmart, Target, Costco, Vitamin Shoppe, and many others. Mr. Adler is currently managing The Adler Fund, investing in real-estate emerging growth companies with a focus on cybersecurity, cannabis, and biotechnology.