But that doesn’t mean there’s nothing we can do. While painstaking investigations of hacks may not lead to prosecutions of hackers safely ensconced in North Korea, unveiling methods, codes, tips and tricks deployed by the Lazarus Group sheds light on dark secrets. Like blowing a spy’s cover, says Don Smith, at Secureworks Counter Threat Unit, “you impose costs on the bad guy, force them to retool; you burn their code, and they have to republish.”
For while the hackers’ malicious computer code itself may be concocted by whizzkids, the way it is delivered is often more akin to old-fashioned espionage, updated for a digital age. A human target must be convinced to open an email attachment containing the code. To do so, North Korean agents create detailed social media accounts and email addresses – convincing personas to dupe their victims. Once these personas are blown, revealed in investigations whose findings are shared around the world, they can never be used again.
The same goes for well equipped front companies, based abroad. Last year, Google published a blog detailing how North Korea’s hackers had been attempting to infiltrate the West’s own cyber security community, having created multiple Twitter profiles and a research blog “to build credibility and connect with security researchers”. Sharing the information sinks such efforts, which must be restarted from scratch. So while more moles are certain to pop up, at least a few are whacked. The big danger is that North Korea decides to deploy its cyber warriors to wage war rather than just steal stuff. The nature of the regime means it’s not easy to predict what might tip it over the edge.
“What will North Korea use its highly effective cyber capability for in future? That’s the worry,” says Smith. “When someone upsets them, they pursue things, shall we say, very vigorously. An example of something that could have caused a problem but to my knowledge didn’t is when the BBC announced it was going to broadcast shortwave radio into Korea, which could threaten the regime given they’ve got such controlled messaging. You just don’t know which of these things is going to get a…