Security expert Mikko Hyppönen has said that North Korea was without a doubt behind the SWIFT bank heists that have so far funnelled almost one billion dollars out of banks around the world.
“There are different theories on who is behind this. One theory looks at the technical evidence,” he told a keynote audience at Infosec 2016 in London.
“I’m not saying North Korea did the SWIFT attack, but North Korea did the SWIFT attack.”
It was May when security firm Symantec announced it had traced the worldwide bout of bank cyber heists to North Korea, following a piece of code that had also been found in the December 2014 Sony Pictures hack.
That hack was originally pinned on North Korea after the NSA had admitted the organisation had infiltrated North Korean networks and had been watching the attack unfold the whole time.
The clue in question is an encryption key that serves the purpose of allowing the attackers to be notified of their attacks progress.
“We’ve seen this before once, back in December 2014, in a completely unrelated attack, in a completely unrelated piece of malware that used the same key,” said Hyppönen.
“There’s a criminal link between these two attacks. Sony Pictures was a target of a major hack after they announced a movie making fun of the dictator of North Korea.
It was the New York Times that broke the story of the NSA already having infiltrated North Korea networks prior to the Sony Pictures hack.
“What I am saying is that this [Sony] attack shared the same, secret key with the attack link to SWIFT.
“The attackers actually tried wiring over $900 million, by any measure that’s a lot of money. It’s getting close to a billion. That’s big money for governments in trouble, especially a government in trouble like North Korea’s,” Hyppönen said.
The security expert, who has worked at security firm F-Secure for 25 years, said that North Korea may be trying to make up for its economic deficits.
“Do you know what the annual budget is of the whole country of North Korea? It’s a little less than $4 billion. So is this North Korea trying to fix its budget deficit by stealing from the rest of the world? Well maybe it is,” he said.
Hyppönen likened the current state of cyberwar to the nuclear arms race, but with one major difference, no one knows who is doing the cyberwarfare.
“So the world around us is changing. I use the term ‘fog of cyberwar’. Now of course, attacks like the SWIFT attacks aren’t war. But we have recent examples of attacks that are much closer to real cyberwar,” Hyppönen said, illustrating the Ukraine power plant attacks by Russia last year.
“The fog of cyberwar comes from us not knowing the capabilities of other countries. We just got out of the previous arms race. We just got out of the cold war, just out of the nuclear arms race. We’re not really worried daily about the risk of nuclear war anymore. But we’ve gone headlong into the next arms race, the cyber arms race. The nuclear arms race was all about deterrence. It was about knowing who has nuclear weapons. We don’t have that information for cyberarms. Cyberarms are invisible.
“We don’t know who has what. This the fog of the cyberwar. What is the offensive cyber capability of Brazil? What about Vietnam or Australia? That’s the fog of the cyberwar. Cyberarms are the perfect weapons. They are cheap, effective, and they are deniable. That’s a great combination,” said Hyppönen.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…