Ostrich Redux |

Yesterday, we discussed how our inability to comprehend what global warming is doing to our aviation industry is leaving us in dire straits. That’s self-perpetrated harm.

Today, we’ll see what happens when folks want to attack us and we’re too stupid or too obstinate or too cheap to create defenses against such attacks. (By the way, I’m NOT talking about folks who use guns to hurt us or trucks to run over us- as you’ll see immediately.)

What do Bangladesh, the SWIFT banking system, the Federal Reserve, Sony Pictures, and the US Department of Defense have in common? They’ve all been hacked by North Korea in the past few years. Of course, we can add in a few electric utilities, plus Polish and Mexican banks, to boot.

North Korea is a lot smarter than certain politicians think. It knows it won’t win a nuclear war with the US. But, a cyberwar? They know they have much better odds. After all, cyberwarfare has low barriers to entry, it’s asymmetrical, and, best of all- it’s most difficult to properly attribute the perpetrator. (The perfect stealth attack?) Oh, it’s also a source of income- using ransomware, among other such nefarious activities.

It doesn’t hurt that North Korea and Iran have been sharing “bad guy” ideas (missile technology and nuclear capability) for a while. So, when Iran suggested effecting cyberwarfare against the Great Satan (USA) by attacking its utilities, banking, stock exchanges, water systems, oil pipelines, and the like, North Korea recognized the opportunities this tactic afforded.

(After all, Iran retaliated against Saudi Arabia’s Aramco petrocomplex after Stuxnet- and was amazingly successful. Less than a year later, North Korea effected their first military cyberattack against South Korean banks and broadcast companies.)

Given the additional fact that the US government , American utilities, and corporations are doing ZIP to protect any infrastructure from cyberwarfare, many mainland Americans will easily themselves just like the American residents of Puerto Rico. With no power and no water- for months on end. Now, this won’t be due to a hurricane, but because we are simply too obstinate and too cheap to make America safe. (Consider how long you’d be “rational” with no power and water…Oh, and don’t forget you won’t have cash, since our banking system works off computer systems exclusively.)

Back to more examples of North Korean attacks.

Three years ago, Sony was embarrassed when their (thought-to-be-) private eMails were spread all over the place. Information like how much more Sony paid their male stars than they paid their (probably more talented) female casts. How executives denigrated actors (Angelina Jolie, among others) or their spewing of racist comments in conjunction with an impending meeting with Barack Obama, were among the many tidbits divulged.

Why did North Korea hack Sony? It was retribution for “The Interview” , the movie describing a plot to kill Kim Jong-Un. (Sony even had to adjust how it introduced the movie, since North Korea threatened individual movie theaters that would be showing the movie.)

After that escapaade, a few Far Eastern banks each had some $1/2 million evaporate from their treasuries. Then, the central bank of Bangladesh was nailed for more than $ 80 million. (North Korea was actually trying to yank $ 1 billion out of the [US] Federal Reserve System, but the perpetrators were caught mid-stream.) Obviously, any financial sanctions we can impose on North Korea is easily offset by such thefts.

But, the biggest long-term problem is probably the breach of South Korea’s military database. Because North Korea glommed not only information about South Korean military operations- but the US military plan to invade North Korea and to assassinate Kim Jong-Un and the rest of the Pyongyang leadership. (Hmm. Maybe there’s more to that Sony movie!)

And, like how the Russians got CIA secrets, the North Koreans used a similar approach in this theft. (You do recall that a CIA employee took home classified information [illegally] and accessed it on his computer. Which was protected by “Kaspersky” software. The Russians exploited the fact that Kaspersky inventories all information on the computer and, therefore, knew what to attack.} The North Koreans used Hauri, Inc’s antivirus software [the preferred system of South Korea entities] to effect their breach. (The hackers embedded malware into the Hauri code and then could infiltrate almost any of the South Korean computer servers at their discretion.)

FireEye (a cybersecurity firm) has reported that North Korea has been fingering a variety of US utilities using spear phishing. This sort of attack uses spoofed eMails to garner control of computers that have less astute users (that’s most folks). (Think the Love Virus that screwed up so many computers almost 2 decades ago.) While these spear phishing attempts weren’t completely successful, it won’t be their only essays. (North Korea has already accessed South Korea’s Hydro and Nuclear Power- but didn’t turn off the delivery of power with that attack- they just leaked sensitive data to demonstrate their capabilities- and embarrass the South Koreans.)

North Korea has plenty of patience- and many chances to succeed. Data indicates that their elite group (“Lazarus” among 5 others, comprising at least 1300 computer hackers, with some 5000 other support staff!) is effecting some 1.4 million hacks- each and every day of the year! This includes the recent ransomware attack (the WannaCry global ransomware epidemic of May 2017).

When will we learn? More importantly, when will we upgrade our infrastructure to secure our borders?

Sorry. No wall will help this situation!