In heist movies, the hacker is usually a dweeb who has a terrible sense of fashion, poor social skills and wears glasses with thick lenses. They are often presented as a necessary evil, by that I mean necessary to the mission but their roles are not exciting. Often movie producers try to spice up hacker scenes with black screens with scrolling texts and stupid animations that make no sense. But how do hackers really operate in the real world? Well, here is your chance to find out, the BBC just completed a 10 part podcast on the Lazarus Group and its exploits.
Real hackers are much more capable than you have been led to believe
If you don’t know the Lazarus Group here is what you should know, they are also known as :
- APT 38
- Hidden Cobra
- Guardians of Peace
- Whois Team
- Stardust Chollima
If that sounds like a lot of names it’s because they have earned every one of those stripes. Various law enforcement authorities and intelligence agencies believe the group is from North Korea where they carry out hacks on behalf of the North Korean government. Their biggest hack was their attempt to steal US$1 billion dollars and wire it to themselves in 2016. But they are also famous for the Sony Hack, WannaCry and attacks on AstraZeneca last year. They net a tens of millions of dollars each year.
Lenovo Thinkpad Yoga 11e Laptop
HP 290 G4, Core i5 (10th Gen)
HP250 G7/8 Dual Core
HP Laptop 250 G5
An elegant hack
The 2016 Bangladesh Bank (the equivalent of the RBZ in Bangladesh) hack is the centerpiece of this fascinating podcast. As already mentioned, these hackers led by a shadowy genius known as Jim Hyok tried to wire 1 billion dollars to themselves. At first, glance that sounds quite stupid, I mean isn’t that supposed to lead the authorities right to your door? The answer is not if you do it right and this hack was done right and the only reason part of the plan failed was due to a series of fluke incidents.
The hackers were meticulous:
- They timed the hack in such a way that they had a five-day headstart between when they initiated the attack and when authorities in the three countries involved would be able to actually do something to stop them.
- They had a series of money laundering schemes lined up to clean up the money including charities in other countries such as Sri Lanka and China, as well as a foreign currency exchange and casinos.
- They silenced the hidden printer inside the Bangladeshi bank
The podcast also explores how the group came about. North Korea is a closed-off country that notoriously shuns the internet so how does it create these internet warriors? Part of the process involves mathematically gifted children as young as 12 being taken from their homes and parents and sent to Pyongyang the capital city to be trained in the dark arts of the internet. When they become of age, they are ferreted off to China in a Korean form of Rumspringa where they are indoctrinated into the ways of the world and the internet.
An entertaining listen
I first learnt of the podcast back in April and like a true Millennial, I waited until all the episodes were complete so I could binge-listen to them. The 10 episodes covering various exploits by this group are riveting. At the very least they are more entertaining than watching WordPress Source Code scrolling on a computer screen as someone claims to be hacking a bank.
P.S Besides YouTube you can listen to the podcast: