Archive for the ‘Computing/IT’ Category

North Korean state attempting to curtail ideological contamination of citizens abroad with TV box

Wednesday, June 10th, 2020

Benjamin Katzeff Silberstein

North Koreans living abroad are increasingly pressured to buy the Manbang IPTV boxes, to ensure that they can keep watching domestic TV and follow the riveting reports of Kim Jong-un’s guidance visits and other activities while abroad, Daily NK reports:

North Korean authorities are pressuring overseas residents of China to purchase a domestically-made IPTV set-top box as part of efforts to strengthen ideological education, Daily NK has learned.

“The North Korean embassy to China is selling IPTV set-top boxes to embassy staff and trade representatives at RMB 2,000 [around USD 282] per box. There is a lot of pressure to buy the boxes, which places a substantial burden on those who have recently been struggling to make ends meet,” a China-based source told Daily NK on June 8.

North Korea has been developing and selling a set-top box called “Manbang” since 2016. Manbang is capable of playing TV broadcasts in real-time along with videos-on-demand (VODs).

The state-run outlet DPRK Today described Manbang as an “IT platform” that allows businesses or households subscribed to North Korea’s intranet network to view various broadcasts real-time, as well as re-watch programs that have already aired.

The source pointed out that forcing North Korean citizens abroad to purchase the set-top box has more to do with strengthening ideological education than making money.

“The set-top box allows North Korean authorities to provide educational programs to North Koreans living in China, including embassy staff and traders,” the source told Daily NK. “[The reason the authorities are pressuring people to buy the devices] is because they think that there are declining levels of loyalty and ideological fervor among those living in China.”

The recent push to sell the devices may also be part of efforts by North Korean authorities to provide overseas residents with devices capable of broadcasting only North Korean programs. Many North Koreans living abroad reportedly watch foreign TV in secret.

North Korean authorities are also checking to see whether people living in China are watching the various ideological education programs provided by the state, according to the source.

“The leadership has instructed that criticism sessions should include discussions on whether people are using the set-top boxes,” the source told Daily NK, adding, “North Korean officials will even go as far as calling up individuals to ask about the broadcasts and make sure they are being watched.”

Manbang features reports on North Korean leader Kim Jong Un’s activities, as well as dramatized versions of Kim Il Sung’s memoirs. Videos relating to Kim family history are also available in the device’s VOD platform.

(Source: Mun Dong Hui, “N. Korean citizens in China pressured to buy IPTV set-top boxes,” Daily NK, June 10th, 2020.)

Share

The prospects for commercial, mobile banking in North Korea

Friday, August 3rd, 2018

By Benjamin Katzeff Silberstein

A couple of days ago, Korea Times ran an interesting interview with Kim Young-hui of Korea Development Bank (KDB), on the prospects of commercial and mobile banking in North Korea. Kim was optimistic regarding the prospects for mobile banking to take off soon in North Korea:

“I think it could happen in the near future, within a year at most,” said Kim, Senior Research Fellow at KDB’s Korean Peninsula New Economy Center.

Kim’s forecast is based on the latest edition of the North Korean quarterly journal Economic Research, issued in June, which was about establishing a mobile banking system for smartphone users. The contents of the quarterly were reported by Yonhap.

“A commercial bank should be established first to enable customers to use mobile banking services,” she said. “Once it is established, individuals will be able to make transactions through their smart phones through their own bank accounts.”

In North Korea, the concept of individuals opening a bank account is alien.

Most of North Korean residents deposit their money with individual money traders, making it hard for the North Korean regime to account for the money it prints, Kim said.

Although North Korea established the Commercial Bank Law in 2006, it still does not have a separate commercial bank regulatory system. There are some “commercial” banks, but they only deal with foreign currency, not domestic currency, Kim said.

The Commercial Bank Law enables loan services for individuals, while working with domestic currency as well as foreign currency.

North Korea under Kim Jong-un is now trying to open up to the global economy as he declared in November that the completion of nuclear weapon development left him with one mission of economic development in his Byeongjin policy.

The new smartphone-based financial service would enable North Korean residents to check (their) bank accounts, withdraw cash, transfer money as well as pay at shops. The tool is a smartphone, an “indispensable information communication tools.”

The report also urged the mobile telecommunication organizations in the country to establish a communication infrastructure that can provide information on the purchase of goods while notifying financial transactions to mobile banking users. The infrastructure, once established, will also enable confirming of payments and settlements to both buyers and sellers.

“Unlike other countries where a series of steps have been taken before introducing mobile banking, North Korea is skipping them since smartphones are already prevalent in the country,” the researcher said.

The report also proposed the development and introduction of RFID (Radio Frequency Identification) and NFC (Near Field Communication) technologies as well as the installation of necessary devices to make payment using smart phones at stores and other facilities more quick and accurate.

Full article and source:
‘North Korea will soon open commercial bank, mobile banking’
Jung Da-min
Korea Times
2018-08-01

A few thoughts on this:

First, on methodology, I’m not entirely convinced that one can or should read the North Korean journal that this assessment is based on, Kyungje Yungoo (경제연구) as a blueprint for what policies are in place or will come in the future. For years, and particularly under Kim Jong-un, the journal has run a multitude of articles on private incentives and profits within enterprises and firms, and on topics such as the role of various technologies within the economy, with no large-scale, public policy announcement following. To be sure, much has already changed in the economic realm within most spheres of what the journal covers, but there doesn’t seem to be a clear line between articles there and consistent, thorough changes in economic management. Rather, Kyungje Yungoo is perhaps best read as a map of what topics of conversation and debate (yes, debate) are acceptable in the academic and policy realms in the country. In other words, the regime is clearly thinking about commercial banking and ways to make it work, but that doesn’t mean it’s necessarily on the horizon in the immediate future (which it could well be).

Second, on the issue itself: North Korea’s financial sector is seriously underdeveloped. The lack of a solid banking system is a huge stumbling block for economic development, as assets that could otherwise be used to fuel growth through investments often sit idle. (For those interested in the issue, I wrote about it in this report for the Center for a New American Security a couple of months ago). Part of the problem is that even if the state did take initiatives to create some form of commercial banking sector, public trust in the state is deeply eroded. The government isn’t really an entity that most people want to hand their hard-earned savings to, because economic policy has historically been so erratic and often changes on a whim. Look, for example, at the market crackdowns of the past few months. Much is done by decree and order rather than by law. And the laws that do exist don’t really mean much if there’s no credible mechanism to enforce them. Should the government institutions simply allow for the institutionalization of private, commercial banking, rather than participate in the game themselves, that would be a different story, but the history of economic development in North Korea shows that that’s usually not how things work.

Third: it does make sense that there could be a lot of leap-frogging in sectors like banking in North Korea, given the increasing prevalence of smartphones and other technology. So there’s certainly room for optimism here too.

Share

South Hamgyong Sci-Tech Library

Monday, April 2nd, 2018

This information has already been published in RFA (in Korean), so here is the English version:

Pictured below is the Sci-Tech Complex in Pyongyang:

It is one of the most iconic buildings of the Kim Jong-un era. On the inside, it is an educational facility for science and technology, the development of which is a cornerstone of economic policy under Kim Jong-un. On the outside, the building (designed to look like a beryllium atom [four electrons]) is a showcase piece for the new style of design and architecture characteristic of the Kim Jong-un era.

In true North Korean style, which aims to establish equality across each province, it is possible that new “Sci-Tech Libraries” (과학기술도서관), based on the model complex in Pyongyang, are being constructed in each of North Korea’s provinces. I have to say “probably” because I am only aware of one new Sci-Tech Library in Hamhung, and I cannot say the plan is to build them across the country until I see them in other provinces.

According to Google Earth imagery (see below), the South Hamgyong Sci-Tech Library was built on the site of the former South Hamgyong Cultural Exhibition House sometime between 2016-2-26 (Top) and 2016-11-30 (Bottom).

Here are before and after ground-level photos:

The new building appears to be a mixture of architectural styles seen in Ryomyong  and Mirae Scientists Street. It contains two features resembling stylized hydrogen atoms, or planets with rings, on the roof. There is also a statue of a helium atom (two electrons) in front of the building.

The completion of this facility was not announced in the official media as far as I am aware, so this slipped by me until I stumbled on a broadcast image of a library card that featured the new building.

It is possible that this is a unique facility and that it will not be replicated in other parts of the country. Hamhung has a number of specialized research and production facilities (including the largest branch of the State Academy of Science outside of Pyongyang), and this could be a facility meant to nurture the particular industries of the area. However, it could also be the first Sci-Tech Library at the provincial level, and more are on the way. We will have to wait and see.

North Korea has been regularly featuring provincial-level “Sci-Tech Exhibitions” in the official media. The Pyongyang exhibitions are held in the Sci-Tech Complex, so perhaps the provincial exhibitions will be held in Sci-Tech Libraries such as these in the future.

North Korea was already in the process of updating local libraries (도서관) into “Miraewon” (미래원–roughly translated as “Future Complexes”). I am unsure if this will continue, or if new libraries will be re-branded as “Sci-Tech Libraries”…

Share

Some Kwangmyong Intranet screen shots on KCTV

Monday, February 19th, 2018

According to KCTV evening news (2018-1-31) [via KCNA Watch], the North Korean intranet service, Kwangmyong,  is being managed by the Kwangmyong Information Technology Research Institute (광명정보기술연구원) under the Central Science and Technology Information Agency (중앙과학기술통보사). According to the broadcast, the network is being improved (faster and easier to use search engine and databases) to fulfill a growing need by North Korean youth and workers to have access to the latest technology.

The broadcast featured screenshots of some of the Intranet content. I am unsure if this content has been rolled out for use by the public, or if it remains under development.

Picture 1:

This screen shot is for a service called “Learning ‘Paduk'” (AKA “Go”).

Picture 2:

This screen shows various topical journals or books the institute publishes ranging from light industry to animal husbandry.

Picture 3:

This screen shows various sports that one can learn about through the search engine: Volleyball, table tennis, swimming, tennis, and badminton.

Picture 4:

The fourth screen is a ‘Women’s Health Handbook’.

Picture 5:

This fifth screen shows programs available such as Chinese-North Korean and English-North Korean translators.

Picture 6:

The sixth screen is an ad for North Korea’s Kindle

Picture 7:

This last screen shot is an extension of the sixth picture, showing the Kwangmyong Technical Encyclopedia, Biyak(multi-lingual dictionary), multi-lingual picture dictionary, and Kwangmyong Sports Encyclopedia

Share

New E-Commerce Website ‘Manmulsang’ Launched

Thursday, December 8th, 2016

Institute for Far Eastern Studies (IFES)
2016-12-7

A new shopping website, ‘Manmulsang’, has been launched in North Korea. The North Korean site, announced that there is “recently in our republic a new shopping website [e-commerce] offering a wide variety of commercial services through the state computer network and mobile telecoms network.”

According to the site, Manmulsang was developed by Yonpung Commercial Information Technology Company, and allows users to find information about domestically produced and imported products, as well as to read information about the economic activities of vendors registered on the website. Additionally, it has features including an ‘e-shop’, ‘economic information’, ‘upload product’, ‘announcements’, ‘my products’, ‘restaurant information’ and ‘food order’.

There are hundreds of products available in the ‘e-shop’, with the site saying “this site has new and special service features that distinguish it from sites that have existed before: it allows users to read domestic and foreign economic information – economic information services – and to order food via food order services.”

North Korea has demonstrated an interest in e-commerce since 2005. In an article entitled ‘The features of e-commerce and issues with its development’ published in Sahoegwahakwon hakbo [Social Science Studies Review] (Issue 2, 2005), the author, North Korean professor Ri Haeng Ho, says “With the rapid development of information technology, new phenomena are evident that were not previously visible in the economy”. In the article, Ri introduces the features, advantages and tasks related to e-commerce.

Ri also says that “beyond the development of e-commerce, commercial distribution is expanding into previously unimaginable areas. . . . Trade is expanding through the internet, and e-markets are being launched, providing information relevant to the market price of traded goods and thus facilitating trade.” Thus, Ri states e-transactions are characterized by the openness of commercial activity, the centrality of small, specialized retailers, and the emergence new specialist brokerage services.

Ri also argued that “the introduction of e-commerce will, with the aid of information technology, maximize effectiveness in commercial transactions, reduce production costs and raise profit. . . . E-commerce can cut waste and maximize cost reduction.”

As advantages he listed: (1) saving manpower and time through overcoming physical distance, standards and divisions; (2) reducing prices through using virtual shops; and (3) minimize unnecessary production and waste.

Ri goes on to emphasize that while company-company and company-individual transactions are highly active, there is a need to expand electronic payment systems, deal with tax payment issues, revise relevant laws, and establish computer security systems.

An article entitled “General Understanding of e-commerce” carried in Social Science Studies Review (Issue 3, 2005) also asserts that “In order to creatively apply the results of e-commerce transactions to our country’s specific trade conditions and circumstances, there is a need to deepen research into e-commerce transactions.”

At the same time, the Swiss Agency for Development and Cooperation (SDC) opened the Pyongyang Business School in July 2005, and the school has taught e-commerce, advertising and public relations management, new product development and marketing strategy, among other subjects, to North Korean government cadres, trade company personnel, and foreign trade research institution personnel, most of whom are in their forties and fifties.

Share

Attempts to Introduce Cutting-edge IT

Wednesday, November 2nd, 2016

Institute for Far Eastern Studies (IFES)

In its column from Pyongyang published on October 24, Chosun Sinbo (a North Korean newspaper in Japan) reports that using North Korean information technology, new attempts have been made starting this year to stimulate collectivistic competition.

The newspaper could not conceal its excitement saying that the aim was the global cutting edge, with efforts being the ‘National Information Technology Results Exhibition’ causing a “sensation.”

According to the report, ‘National Information Technology Results Exhibition 2016’ was held in the Three Revolutions Exhibition Hall, and was entitled “Self-strength First and the Fires of Collectivist Competition, Global Competitiveness.”

The report described the purpose of the exhibit as follows: “the units introducing and extolling the achievements of the country in IT technology and industry, showing the domestically produced, advanced information technology products will cause other units to learn and catch up, stimulating collectivist competition, and driving forward ‘our style of modernization and information technology’.”

A full 260 units displayed 1,000 products at the exhibit.

The newspaper informed readers that “in capitalist countries it is mainly companies that develop, produce and sell information technology products that participate in such exhibits; but in Korea there is a greater range of participants. . . . Beyond IT sector units, committees, ministerial and central institutions, educational and scientific research institutions, factories and other workplaces were all in attendance.”

Certificates and medals were awarded to ‘the top ten IT Companies’ and ‘top ten IT products’.

The newspaper reports that “Korea’s own OS, Red Star 3.0, based on Linux, was also named a ‘Top ten IT product’. . . . Red Star can be seen as a core product in the drive to bring in ‘our form of IT’, and is being widely used across public institutions, with it being popular among students too, who are sensitive to new things.”

Moreover, the newspaper boasted that “the OS, developed by the Red Star Research Institute, is distributed as freeware . . . realizing the push to bring information technology through collective means rather than through an economy of commodities and private ownership.”

The newspaper also expressed the hope that, “collectivist competition, characteristically socialist competition in a country aiming to development and strengthen . . . IT is the area expected to produce the fastest development, with endless leaps and innovations.”

Share

Push for the Development of IT Industry in North Korea

Tuesday, October 18th, 2016

Institute for Far Eastern studies (IFES)

North Korea is pushing the development of the IT industry. The “2016 National IT Achievements Exhibit” demonstrates the current state of affairs in the industry.

On October 5th, the official organ of the Workers Party of Korea (WPK), Rodong Sinmun, reported in detail of this exhibit. It said, “The exhibit was held under the theme of ‘self-strength-first, collective competition, and global competitiveness’.” In addition, it also reported, “The goal of the exhibit is to introduce and promote the accomplishments of the IT industry and push forward with modernization of IT technology in our own style and hold steadfast to every unit and part of science and technology as our lifeline.”

According to the news, the exhibit displayed 1,000 technical products from 260 units. There were new product presentations, discussions on the usage of products, security industry competition, and cutting-edge product exchange service, which was divided into four areas that included the IT enterprise and information security.

Units with exemplary IT—top ten IT companies, and top ten IT products—were selected based on the technical achievements and economic effectiveness.

At the opening ceremony, the Vice-Chairman of the WPK Central Committee Kim Ki Nam said, “The Party line on the science and technology is fully realized and we seized the global fortresses of cutting-edge technological sectors including IT. Now, many factories and work places of the people’s economy, enterprises have transformed to become a standard of the knowledge economy era.”

He also said, “This exhibit is an important step towards the development of globally competitive IT technology and raised the overall standard of the IT industry.” He also encouraged, “the participants to fully accept the achievements and experiences of leading units.”

Such emphasis on the development of IT can be associated with the recent reports from the Party Central Committee at the 7th Party Congress back in May, and the decision adopted by the Party Congress. According to these documents, a strong science-technology state means “a country that has reached the cutting-edge global standards in science and technology and a country where all sectors including the economy, national defense, and culture rapidly advance through the leading role played by science and technology.”

In North Korean terms, a state strong in science and technology not only encompasses IT, nanotechnology, biotech, and nuclear technologies, but also reaches global research standards in fields including machine engineering, metallurgical engineering, thermal engineering, and material engineering, (i.e., major fields of engineering), as well as the basic sciences like mathematics, physics, chemistry and biology. Furthermore, the aim is to produce and launch more working satellites in order to contribute to the construction of a ‘major space power’ with space science and technology capabilities.

In addition, a state strong in science and technology has placed science and technology as the main locomotive behind economic development to resolve essential problems of energy, steel, chemical products and food. Science and technology also plays the leading role in modernizing the economy and IT.

This means through the advancement of science and technology, it is attempting to resolve energy issues through the development of nuclear power and environmentally friendly energy. It also involves the development of technologies like Juche steel production technology (the production of steel that minimizes the use of imported fuel) in order to localize raw material and equipment production that is currently import-dependent as well as achieve modernization of light industry and agricultural production through scientific and industrial methods.

Share

DPRK Cyber attacks 2016

Friday, May 27th, 2016

UPDATE 1 (2016-5-26): DPRK Linked to attacks on Swift. According to the New York Times:

Security researchers have tied the recent spate of digital breaches on Asian banks to North Korea, in what they say appears to be the first known case of a nation using digital attacks for financial gain.

In three recent attacks on banks, researchers working for the digital security firm Symantec said, the thieves deployed a rare piece of code that had been seen in only two previous cases: the hacking attack at Sony Pictures in December 2014 and attacks on banks and media companies in South Korea in 2013. Government officials in the United States and South Korea have blamed those attacks on North Korea, though they have not provided independent verification.

On Thursday, the Symantec researchers said they had uncovered evidence linking an attack at a bank in the Philippines last October with attacks on Tien Phong Bank in Vietnam in December and one in February on the central bank of Bangladesh that resulted in the theft of more than $81 million.

“If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea,” said Eric Chien, a security researcher at Symantec, who found that identical code was used across all three attacks.

“We’ve never seen an attack where a nation-state has gone in and stolen money,” Mr. Chien added. “This is a first.”

The attacks have raised alarms in the global banking industry because the thieves gained access to Swift, a Brussels-based banking consortium that runs what is considered the world’s most secure payment messaging system. Swift’s system is used by 11,000 banks and companies to move money from one country to another — one reason that it is a tempting target for criminals.

Swift has warned publicly that the attacks are part of a broad coordinated assault on banks, though it has not assigned blame. It has also emphasized that it was the banks’ connection points to its network — and not the core Swift messaging network itself — that the attackers were able to breach. Also, American bankers have noted that the security lapses all occurred at banks in third-world countries, which may give some comfort to banking customers in the United States.

Security researchers and American government officials have tied thousands of attacks to nations in the past. They have linked the United States and Israel to an attack that destroyed Iranian centrifuges, and the Chinese military and contractors to attacks that stole military and trade secrets from thousands of foreign entities.

Continue reading the main story
RELATED COVERAGE

Hackers’ $81 Million Sneak Attack on World Banking APRIL 30, 2016

Details Emerge on Global Bank Heists by Hackers MAY 13, 2016

Once Again, Thieves Enter Swift Financial Network and Steal MAY 12, 2016
But the latest spate of attacks on banks in Bangladesh and Southeast Asia would be the first time, security researchers say, that a nation has used malicious code to steal purely for financial profit.

The idea that Pyongyang had turned to digital theft would not be surprising. North Korea’s economy has been ravaged by sanctions, food shortages and other deprivations. Pyongyang does not publish economic data, but estimates have put North Korea’s gross domestic product between $12 billion and $40 billion, tiny when compared with South Korea’s economic output of more than $1.4 trillion.

In the attack at Bangladesh’s central bank in February, the thieves tried to transfer $1 billion in funds from an account at the Federal Reserve Bank of New York. Fed officials became suspicious of the some of requested transfers and released only $81 million to accounts in the Philippines.

“If you presume it’s North Korea, $1 billion is almost 10 percent of their G.D.P.,” Mr. Chien said. “This is not small change for them.”

Symantec researchers said it was possible that the bank in the Philippines containing the North Korean code was also involved in the Bangladesh bank scheme and the attempted breach on the Vietnamese bank. The researchers would not identify the Philippines bank and did not say whether the thieves had been successful in transferring funds. Researchers were able to confirm only that the attackers had managed to breach the bank and install identical code strings on the bank’s computer systems — the same code that they discovered in Bangladesh, Vietnam and the two previous attacks at Sony in 2014 and South Korea in 2013.

Mr. Chien noted that the attackers not only used identical numbers but wrote the code in the same, unusual sequence across all three attacks.

Mr. Chien said the evidence pointed to all three attacks being the work of the “Lazarus Group,” a name his team gave to the attackers behind the Sony and South Korean attacks.

Officials have pointed to North Korea’s threat of “merciless countermeasures” against Sony if the studio released “The Interview,” a movie by Seth Rogen and Evan Goldberg that made fun of North Korea and includes a fictional assassination of its leader. F.B.I. analysts also note critical mistakes North Korean hackers made, such as logging into their attack servers from known North Korean Internet addresses and even logging into both their Facebook account and Sony’s servers from the same computers.

In the months since evidence of the attacks involving the Swift network started to emerge, investigators have been looking for commonalities at numerous other potential breaches. It remains unclear whether these breaches are connected to the ones in Bangladesh and Vietnam, but they too have occurred in or around Southeast Asia.

There is no evidence to date that the thieves have gone after large American or European banks, though new possible attacks are being reported weekly. Last week, evidence emerged that Banco del Austro, an Ecuadorean bank, was infiltrated by hackers who were also able to sneak onto the Swift network. The thieves transferred several million dollars to accounts around the world, according to a lawsuit the bank filed in federal court in the United States against Wells Fargo, which facilitated one of the transfers.

Researchers have yet to unearth any of the code used in the Ecuador attack, but banking analysts say it is probably no coincidence that these attacks are happening in the developing world, where security measures tend not to be as tight as they are in financial hubs like New York and London.

Swift has issued numerous warnings in recent weeks urging banks to step up their security protocols. Analysts worry that the breaches could have a chilling effect on global finance; larger banks may become reluctant or even refuse to transact with smaller banks in the developing world unless they can have assurances that their networks have not been compromised by thieves and malware.

At a conference on Tuesday in Brussels, Swift’s chief executive, Gottfried Leibbrandt, said the recent attacks could do far more damage than breaches on retailers and telephone companies, which he said suffer largely reputational and legal hits.

“Banks that are compromised like this can be put out of business,” Mr. Leibbrandt said.

North Korea has long been known for creative attempts to generate badly needed hard currency. In the last decade, United States government officials accused North Korea of counterfeiting $100 bills, which were known as “superdollars” or “supernotes” because the fakes were nearly flawless. The Federal Reserve began thwarting that effort by circulating a new $100 bill over the last three years that makes counterfeiting nearly impossible: The redesigned $100 is easier to authenticate and harder to replicate.

“North Korea is hurting for money,” said Herb Lin, the senior research scholar for cyberpolicy and security at Stanford University’s Center for International Security and Cooperation and a fellow at Stanford’s Hoover Institution. “They’ve been cut out of the financial system because of sanctions. They had been among the best counterfeiters in the world, and only recently have they been stymied in the counterfeiting of superdollars. If it’s true that we’ve cut them off from that, then it’s not at all surprising that they would turn to something else.”

Read the full story here:
North Korea Linked to Digital Attacks on Global Banks
New York Times
2016-5-26

ORIGINAL POST (2016-5-27): Swift hack linked to Sony hack. According to The Guardian:

Security researchers Symantec have found clues in the malware used to hack into international financial messaging network Swift, which suggest a link to the Sony Pictures hack in 2014.

At least three banks have reported financial attacks based on the Swift hack. In February, Bangladesh’s central bank lost $81m (£55m) after fraudulent messages were sent through the network instructing a transfer to an account in the Philippines. In May, a Vietnamese bank came forward to say that it had been targeted by the hackers as well, and had managed to stop a $1m transfer. And later that month, Reuters revealed that a third bank, Ecuador’s Banco del Austro, had also fallen prey.

At heart, all the hacks relied on social engineering as much as technical talent. Once the attackers gained fraudulent access to the Swift network, they simply messaged the banks’ banks, and asked for funds to be transferred – which, generally, they were. The Bangladesh case only came to light because a typo in one of the instructions alerted a worker.

But in order to gain access to the network, the attackers used a specific type of malware, dubbed Trojan.Banswift by Symantec.

The security research firm analysed the malware used in the Bangladesh attack, and found what it describes as “a distinct file wiping code”. The way the software deleted files was like little else the company had seen, but it had been seen in one other piece of malware, a specimen named Backdoor.Contopee, which had been used to hack into financial organisations in south-east Asia.

Programmers often have quirks that make it into their code, and they also reuse code between projects. Symantec says it believes “distinctive code shared between families and the fact that Backdoor.Contopee was being used in limited targeted attacks against financial institutions in the region, means these tools can be attributed to the same group.”

That means the hackers, who gained public notoriety with the Bangladesh hack, may have been attacking financial institutions for much longer than previously thought.

But it also links them to a wider group of hackers. The Backdoor.Contopee malware has previously been used by a group known as Lazarus, which has been attacking businesses and commercial operations across the US and South Korea for the last six years. And Lazarus, in turn, is “linked” to another piece of software, Backdoor.Destover, which was used in the 2014 hacking attack against Sony, which the FBI ended up attributing to the North Korean state.

The link is not conclusive, however. Hacking groups often share and sell code, and the Sony Pictures hack is several degrees removed from the Swift attacks.

What’s more, Lazarus was severely disrupted earlier this year, Symantec says. “The group was the target of a cross-industry initiative known as Operation Blockbuster earlier this year, which involved major security vendors sharing intelligence and resources in order to assist commercial and government organizations in protecting themselves against Lazarus.”

Swift itself has promised to improve its security following the hacks. According to Information Security magazine, the group’s chief executive offered up a new plan for change. Gottfried Leibbrandt said: “Banks can learn from one another about the modus operandi and put better preventative measures in place; entities like Swift can serve as the information sharing channel, and we can develop indicators of compromise to help those banks improve their detective capabilities.

“We are doing so,” he added, “But information sharing needs to get better, much better.”

Read the full story here:
Swift network bank thefts ‘linked’ to Sony Pictures hack
The Guardian
2016-5-27

Share

Growth of ‘knowledge economy’ in the Kim Jong Un era

Thursday, November 19th, 2015

Institute for Far Eastern Studies (IFES)

According to a report published by the Science and Technology Policy Institute (STEPI), since the beginning of his rule, Kim Jong Un has clarified the ‘knowledge economy’ as important as he actively restructures the science and technology system, promotes the high-tech industry, expands education, and boosts the morale of scientists and technicians.

The report, entitled ‘Changes and Implications of the Science and Technology Policy in the Kim Jong Un Era,’ noted that in contrast with the extensive purging of key officials like Jang Song Thaek and Hyon Yong Chol, North Korea’s scientific world has received considerable preferential treatment and is heading the development of the North Korean-style ‘knowledge economy.’

Since coming to power, Kim has pursued a number of projects favoring scientists, including Unha Scientists Street, Wisong Scientists Residential District, and Mirae (‘Future’) Scientists Street. He has also provided private housing to teaching faculty at Kim Il Sung University and Kim Chaek University of Technology.

As a result, more and more researchers are receiving significantly more than just their salaries. At the same time, North Korea is restructuring the R&D system, establishing research centers, extending on-site support for production, and creating for-profit companies.

The report also explained that the regime is continuing efforts pursued during the Kim Jong Il regime, such as the five-year technological development plan, the expansion of computer numerical control (CNC), and the use of the Internet. As it does so, it is pushing forward new endeavors like the establishment of the ‘Science and Technology Hall,’ cyber education, cyber healthcare, and the expansion of electronic payments. Thus, it is improving the level of informatization in North Korea.

“Like the science and technology-centered politics of Kim Jong Il, the Kim Jong Un regime has stressed science and technology in its pursuit of a knowledge economy because it recognizes the importance of this field in building a strong nation and solving the energy and food problems facing the country,” the report claimed.

In particular, around the 60th anniversary of North Korea’s National Academy of Science in December 2012, the regime embarked on an extensive reorganization of the academy. Major targets of the reorganization included the biotechnology and energy fields (critical fields to solving the food issue); high-tech fields like information technology (IT), nanotechnology, and automation; as well as the environmental sector and high-return sector.

In addition, in the beginning of 2015 North Korea dissolved its top software development agency, Korea Computer Center (KCC), leaving only the organization that develops the ‘Red Star’ computer operating system and reorganizing the whole agency as a profitmaking organization. Moreover, in the 4th Five-Year Plan (2013-2017) for scientific and technological development, solving the food and energy issues was emphasized more than in the past.

The report also mentioned the development of tablet PCs and the spread of electronic commercial transactions. In the summer of 2012, North Korea launched three tablet PC models called Samjiyon, Arirang, and Achim. Since then, more models like Woollim, Ryongheung, and Noul have been rolled out. Regarding electronic payments, the use of debit cards like the Narae card, which requires a 4-digit pin number and can be recharged at various shops and hotels, is spreading rapidly.

In regards to these changes, the report stated, “Kim Jong Un’s science and technology policies reflect North Korea’s industrial setting and private demand and are more rational as they correspond with international trends.” However, the report argued that support for key industries is shrinking, and their ability to survive on their own is insufficient. Given the difficulty of establishing a virtuous cycle of investment and profit calculation under the current policies, it concluded that the sustainability of these policies is low.

Share

North Korean-style venture company develops and sells PCs

Wednesday, June 24th, 2015

Institute for Far Eastern Studies (IFES)
2015-6-24

A North Korean electronics company, where engineers in their 20s play a pivotal role, is mass-producing and selling locally made computers that are enjoying popularity due to their high quality and low price.

A correspondent in Pyongyang for the Choson Sinbo reported on June 16, 2015 that North Korea’s ‘Blue Sky Electronics’ is developing, mass-producing and selling various electronic products, including domestically produced computers under the ‘Blue Sky’ brand.

According to the Choson Sinbo, Blue Sky Electronics, which was established in October 2014, is locally developing, producing and selling these computers, which are manufactured at a factory on Tongil St. in Pyongyang.

It is reported that the researchers behind the computers are mostly in their 20s and graduates of Kim Il Sung University, Kim Chaek University of Technology, and the College of Natural Sciences. They are producing products such as ‘all-in-one’ computers, ‘portable’ computers, ‘desktop-type’ computers and ‘portable computers with detachable keyboards.’

The ‘all-in-one’ computers refer to computers that incorporate the desktop and monitor into one body, while ‘portable’ computers and ‘desktop-type’ computers refer to notebook computers and desktops, respectively. ‘Portable computers with detachable keyboards’ seem to refer to computers that double as both tablet computers and desktops.

The newspaper reported that among these, the ‘all-in-one’ computer and the portable computer with a detachable keyboard are especially popular, and orders for these computers are steadily coming in from a number of agencies and companies throughout the country.

The ‘all-in-one’ computer, which has a unique exterior, is said to consume little energy and can be charged using a household battery. Meanwhile, the portable computer with detachable keyboard, which can also be charged using a household battery, has reportedly enjoyed much popularity since it went on the market.

CEO Choi Jin Hyok (29 years old) explained succinctly the company’s business strategy: “Highest quality, lowest price, and product diversification.”

The newspaper added that the company is “developing products that are competitive internationally.” In addition, it was said that “[Blue Sky Electronics] guarantees the highest quality so that buyers can have confidence regarding its domestically made products, and everything in the company’s management is aimed at prioritizing the needs of the people in all aspects of purchasing and service.”

Share