Wednesday, August 10, 2022

The Lazarus Heist — a rollicking ride through North Korean cyber crime

 A telco company has been fined nearly $200,000 after an investigation found 1787 customers were exposed to identity fraud.

An investigation by the Australian Media and Communications Authority found digital telco Circles.Life failed to conduct proper identity checks when transferring mobile phone numbers to its services.

Telco fined $200,000 after exposing almost 2000 customers to identity fraud risk


The Lazarus Heist — a rollicking ride through North Korean cyber crime  

Geoff White’s riveting investigation reveals a world of shadowy criminals, sophisticated hacks and bungled schemes

Largely cut off from the rest of the world, blighted by endemic shortages and stubbornly committed to an official ideology of juche, or self-reliance, North Korea seems an unlikely candidate for tech pioneer status. Yet even the most sceptical visitor to the country thinks again after trawling round the showcase science and military wares on display for foreigners in the capital Pyongyang. 
The same goes for readers of The Lazarus Heist, a riveting tale of cyber (and analogue) crime in the hermit kingdom. Cyber crime is a topical hook, and author Geoff White astutely wields it to shed light on a country marked largely by suffering since the Korean peninsula was bifurcated in 1945 into a communist north and capitalist south. In the north, topsy-turvy goals pursued by three generations of the Kim family make cyber crime a logical outcome: of a devastated economy, of a famine-struck population subsisting on insects, of maths geniuses and of communists with a yen for Mercedes-Benz. This is old-school socialism with a shiny new set of tools — a potent combination.

Readers are in for a rollicking ride through global hotspots for organised crime, including Macau, Hollywood and Thailand’s Pattaya. There is a rich cast of characters, and White marshals his material with aplomb. The shadowy Lazarus Group, a well-funded squad of computer hackers working for the North Korean government, pursues sophisticated crimes alongside bumbling two-bit criminals. In 2018, shifty mules armed with little more than fake bank cards crisscross towns in 29 countries in a sort of supermarket sweep of ATMs that US officials attribute to Pyongyang. Elsewhere, sweaty men play the age-old game of rinsing ill-gotten gains through the roulette wheel. Players are variously wily, smart and hapless — and all, including the hawkish US officials on the trail of North Korea’s elite cyber warriors, are pursuing their own agendas.



According to the author, North Korea’s campaign is a well-oiled machine geared at boosting state coffers, given the country’s negligible income from trade or other international activities. At its heart is the nurturing of skilled mathematicians — fast-tracked from the age of 11 — who are sent to front companies overseas. These “cyber warriors” live in hacker dorms, work excessively long hours with little sleep, and travel on foreign passports. “This is the beauty of computer code,” writes White. “Understanding how to wield it efficiently can take years, but once mastered just a few strokes are all you need.” 
And yet nothing — as befits a country so far beyond the pale — is quite what it seems. Those accolades in international maths Olympiads, which saw North Korean competitors placed near the top of the rankings, were undercut by a couple of accusations of cheating. The bold 2016 Bangladesh central bank cyber heist, which was a year in the planning and which security researchers attribute to Lazarus, pulled in a fraction of the targeted $1bn.  

The masterminds knew which strings to pull to turn their data dumps into front-page news and cause maximum havoc 

Yet even if the numbers are sometimes paltry and the perpetrators foiled, White leaves readers in no doubt that North Korea is on top of its game. Here is a failed state that did such a textbook job of counterfeiting American banknotes it forced the US to redesign its $100 bills in 1996. (The counterfeiters simply copied those, even minutely improving on the clarity of the original.) 
Savviness extends beyond purloining dollars and military secrets, as was demonstrated by the 2014 hack on Sony (which North Korea is presumed to be behind). The masterminds knew which strings to pull to turn their data dumps into front-page news and cause maximum havoc: salary differentials and bitchy comments about actors. That owes as much to an understanding of the American (or perhaps human) psyche as to any technical skills. The Sony escapade, like others, offers a rich seam of humour and missed chances.
 The Interview, the Seth Rogen movie that supposedly sparked Kim Jong Un’s ire and the subsequent hack, only parodied Kim because fellow comedian writer/actor Sacha Baron Cohen already had the Middle East sewn up with The Dictator. The pursuit of justice frequently falls into a comedy of errors. Cambodian police lose a chase due to a flat tyre. Bangladesh central bank officials, armed with nothing more than phone numbers on the US Federal Reserve’s website, are unable to reach Fed officials on a Saturday.

Not that the hackers are immune. One set of funds fails to arrive due to a typo. Another is snagged by the address of the recipient Manila bank: the word Jupiter is red-flagged by Iranian sanctions. A page-turner destined for the hands of lay readers understandably avoids straying too far into technicalities, but White could afford to be a little more expansive on the nuts and bolts of some of the hacks. There are a couple of other — minor — cavils. The teacherly tone of “as we learnt in chapter xx” can grate.
 Fact-checking could have been a little more robust: casinos are not allowed in Hong Kong — unless, as the old joke goes, you count the stock market. 
Oh, and bag stools (on which you place your bag) are really not that uncommon. The Lazarus Heist is a worthy addition to the growing canon of North Korean reportage, albeit one let down somewhat by a clumsy, seemingly rushed smug conclusion (essentially: by reading this book you are gaining on these pesky cybercriminals).
 Still, White takes you on a fabulous ride, with insights into the machinations of cyber warfare and North Korea, two spheres well beyond the ken of most of us. That is the book’s real testimony.

The Lazarus Heist. From Hollywood to High Finance: Inside North Korea’s Global Cyber War by Geoff White, Penguin Business £20, 304 pages