> Mr. Jang said that as time went on, the North began diverting high school students with the best math skills into a handful of top universities, including a military school specializing in computer-based warfare called Mirim University, which he attended as a young army officer.
I realize I'm not engaging the core topic being discussed, but stories like this are why I'm surprised people like Will Scott haven't gotten in trouble. (I don't want to single him out, but he's the best example I have at hand.) For the past two years, he's gone to North Korea to volunteer teaching computer science.[1][2] At best, his students' skills will be wasted on some silly Android apps praising the supreme leader. More likely, these students will go on to make software for less-than-ethical purposes: wargame simulation, nuclear explosion modeling, missile guidance systems, or network/server subversion.
I'm not saying this software shouldn't exist, just that the world would be better-off if the DPRK had more difficulty writing it. And I'm surprised the State Department hasn't fined or revoked the passport of any American who has aided the DPRK in this manner.
That is a very scary argument. To deny education because it could be used in ways you may not like is a very unfortunate position to take. Education is likely the only way a system like North Korea's will ever fall short of a militarized take over - another horrible fate to wish on those same people. And were it to fall, an education is all that would permit their survival in the world at large. To deny individuals a modern education is a particularly cruel punishment - maybe more so to punish those who would wish to educate.
I think you've massively devalued an entire people based on the actions of their government...
Let's not forget the great value and results of CS education in the US:
- spying for pretty much everybody, regardless of location
- drone guidance systems to kill people unlawfully
- missile systems for air strikes on countries purported to have WMDs
- millions of $ spent on silly apps that arguably do nothing to improve quality of life, whilst millions suffer and die of starvation
Do you really know enough about North Korea's tech community to say that "More likely, these students will go on to make software for less-than-ethical purposes"?
I flatter myself that I was a pretty competent computer science student, but I'm certainly not a security researcher. I think you're overestimating how much basic computer science knowledge has any applicability to offensive black hat hacking.
Your argument is close to "Nobody should teach basic chemistry in the middle east, because hey, terrorists might use that knowledge to make bombs."
Learning and knowledge are _good_things_, for people anywhere, including NK. If enough people are educated, it is feasable to expect they would push for regime change and more freedoms for themselves. I expect this will eventually happen in China as well where the cat is out of the bag and more and more people have an expectation of individual liberty, leading them to desire political freedom as well.
Do you really think Will Scott gave the DRPK the breakthroughs it needed in any of those areas? I think you would be delusional to think he set them up to significantly improve in these areas. The only thing holding the DRPK back is the fact the socio-economic situation in the country is in complete shambles. Not that lack of American Computer Science teachers.
Plus, More than likely he (and others like him) are providing intel or participating in espionage on behalf of Western Governments.
Yes, and that same argument can be made for pretty much any other country... why teach computer science to US, as they have shown they can't be trusted - they will probably end up in the NSA!
I disagree. I believe education is an excellent way to free the north korean people from the brainwashing machine that is the DPRK.
More DPRK people with the hacker mindset (e.g. not just accepting answers but asking questions, a hunger for knowledge, etc) would in the long term be a really great thing for everyone but the leaders of DPRK.
> or network/server subversion.
>
> I'm not saying this software shouldn't exist...
The world would be a better place if subversion didn't exist. As long as the North Koreans keep using it they won't get very far. Maybe Will Scott is funded by the CIA if he's promoting that over git...
"I'm surprised people like Will Scott haven't gotten in trouble. (I don't want to single him out,"
You are still doing it by writing that, and actually you aren't suggesting that the trouble to him would come from DPRK, but you are "nicely" suggesting he should get "in trouble" in the US just for lecturing in DPRK. Basically claiming, without writing the words that you are "surprised" he isn't considered a "traitor":
> General Clapper praised the food; his hosts later presented him with a bill for his share of the meal.
Not only are they evil, but they're cheap too.
But the fact is that the hosts would have billed for the meal because the U.S. government asked to be billed.
The USG requires that officials traveling on business not accept gratuities, gifts, dinners, or anything above a certain value (which is about US$100 -- it gets adjusted for inflation, so it might be higher today).[1]
There is an exemption to allow acceptance of gifts of travel expenses of more $100 when officials travel outside the United States on business, but only if "such acceptance is appropriate, consistent with the interests of the United States, and permitted by the employing agency".[1]
In this case, General Clapper and his staff probably didn't want to deal with the question of whether it was "appropriate" or deal with reporting requirements, so they just asked for the bill. Or, their North Korean hosts, knowing U.S. policy, were proactive in making up a bill.
Either way, the NYT article should have mentioned the USG policy. If they can't get that little thing right, it makes me wonder about the accuracy of the rest of the article.
It's customary for foreign governments to give gifts to US officials when there's a diplomatic trip, and it's customary for US officials to accept those gifts (under the exception you cited) given that refusal to do so would embarrass both parties. You can see the list of such gifts here: https://www.federalregister.gov/articles/2013/04/26/2013-099...
Given that presenting one's guest with a bill (or demanding a bill) would seem to violate social norms and cause embarrassment, I would imagine that meals are typically treated the same way.
"We realized there was another actor [South Korea] that was also going against them [North Korea] and having great success because of a 0 day they wrote. We got the 0 day out of passive and were able to re-purpose it. Big win."
NSA learned of a 0-day exploit being used by South Korea (not five eyes) and re-purposed it. They had knowledge of an exploit in the wild. Did they share this with anyone in order to close this security flaw? They exploited it. This is not a case of the NSA developing an exploit in house. They took this from the wild. This would seem to confirm suspicions that NSA is/was willing to allow active 0-days to fester, leaving the general public exposed.
Well, it depends on how the exploit was being used and who was being targeted.
If SK was only using it to target, say, Iran and NK, then it would not be in the NSA's interest to disclose the exploit to anyone. Only if they had reason to believe it could be targeting Five Eyes governments or corporations would they feel any need to.
Are you suggesting the NSA should be a government funded QA department for large corps and open source?
For commercial software the companies who are not finding these bugs on their own are to blame. For open source, the cheapskates who mooch free software without contributing are too blame.
We know that the NSA tapped into computer systems and the backbone of essentially every country on Earth - I don't see how NK would have somehow been excluded.
What's interesting is what information the New York Times includes that is not covered in the NSA document, presumably from unidentified officials and former officials.
The document on Der Speigel speaks primarily about taking copies of intelligence from SK hacking efforts against NK and also taking copies of intelligence from NK hacking efforts that had in turn been hacked by SK (and in turn by NSA - "fifth party collection").
The document mentions the NSAs unwillingness to rely on intelligence filtered through so many third parties and made efforts to establish its own foothold.
Essentially none of the article is backed by the document as a first source and must have come from the unnamed sources.
I believe the reason this is "a big deal" is due to how the average US citizen reacted over the recent Sony Breach and the US Government's blame of NK (I might add with no supporting evidence, most industry professionals in high doubt, and even some security companies providing evidence to the contrary of statements by the government).
The average US citizen was outraged that some other government would have the audacity to hack anything in the US. This article's goal seems to be to point out that the US Government is hacking all other nation's governments, including NK. (pot calling the kettle black)
And another thing from Spiegel's article. NSA routinely attacks targets and then makes it look as if someone else did it:
> But the loot isn't delivered directly to ROC's IP address. Rather, it is routed to a so-called Scapegoat Target. That means that stolen information could end up on someone else's servers, making it look as though they were the perpetrators.
So how do we really know it was North Korea, and not just NSA planting that evidence that NK hacked Sony in those two months? I mean other than "trusting NSA"?
This is the second NYTimes article I've seen that has suggested that the NSA was collecting information on a group while that group was planning an attack, but that the collection or the analysis was not sufficient to stop the attack. (The other article was on the Mumbai terrorist attack).
This is interesting and you could look at it a number of different ways:
- Collecting data is one thing, but understanding what it means is incredibly challenging and the NSA might not be doing a great job.
- Even when they can't prevent an attack, there is still value in having this data so that they can attribute the attack and understand something about the motives and methods of the attackers.
- Or "national security" doesn't mean what normal English-speaking humans think it means. The hack was no threat to the reigning industrial/government structure or the dollar.
Might be me, but I'd be surprised if they hadn't. They hacked so many countries including China[1], Mexico[1], Belgium[1], Syria[3], Iran[4], etc. (after saying that a digital attack is an act of war[2]). I don't remember each and every leak and I don't feel like looking up everything, but they seem to have targeted loads of people in various countries. I doubt North Korea (which is not even an ally) is the exception.
I don't believe that the US has ever said that "a digital attack is an act of war". The quote that you linked to says that the United States reserves the right to respond militarily to "hostile acts in cyberspace" if it exhausts all other options and judges the costs of action to be greater than the costs of inaction.
The statement is not saying that any cyberattack is an act of war, it is saying that the United States might treat certain attacks as the cost of doing business but that other attacks might require a military response, depending on the specifics of the incident.
Typical for the NYT to bury the strong countervailing evidence against the official war-mongering story in a couple of paragraphs 2/3rds of the way through the article.
Still, the sophistication of the Sony hack was such that many experts
say they are skeptical that North Korea was the culprit, or the lone
culprit. They have suggested it was an insider, a disgruntled Sony
ex-employee or an outside group cleverly mimicking North Korean
hackers. Many remain unconvinced by the efforts of the
F.B.I. director, James B. Comey, to answer critics by disclosing some
of the American evidence.
... it would not be that difficult for hackers who wanted to appear to
be North Korean to fake their whereabouts.
The sophistication of the attack is pretty questionable IMO. The malware used can be purchased by anyone on the black market and had been used before by Iranian hackers in 2012. Furthermore, spearphishing emails were used to get inside the network. Furthermore, how would sophistication be evidence against a State actor with (a reported) 7,000 personnel?
Typical for Hacker News posters (in general) to dislike the United States government so much that, despite having complained and worried and speculated about the sophistication of the NSA's online snooping for the last year in a half, they assume that the government couldn't possibly have obtained any evidence they didn't want to release to the public, instead trusting the high certainty of experts who have decided that it couldn't have been North Korea because the Korean region setting is for the South Korean dialect or the writing didn't have the right 'Korglish' errors or other such trivialities (those are both actual points that have been made).
It's not as if the claims in this article that the U.S. has successfully penetrated North Korean networks (to the extent they exist, anyway) should be any surprise; it would be highly surprising if they hadn't. One might imagine that while the North Koreans are not super advanced, they know enough about how to analyze and remove malware that it might be better to stay vague, even at the cost of appearing less credible, rather than disclose specifics of what communications you're able to intercept. Yet surely, just because the finger is pointing at one of the usual enemies, it must just be warmongering rather than reflecting reality.
(Yes, yes, WMDs in Iraq. It is certainly possible that the U.S. really is that incompetent and/or hawkish. I just don't think it's very likely.)
There is no information anywhere exactly on what the attack entailed or how it was carried out. So if it is a 1 on the sophistication scale or a 10 is anyones guess.
According to the article, NSA noticed the first spear-phishing attacks against Sony in September. Yet they didn't realize admin credentials had been stolen until much later. Nor did they seem to notice terabytes of data being exfiltrated out of Sony. Fishy story.
Why would they notice terabytes leaving Sony? It's a motion picture studio. They surely have piles of film-related data flowing constantly in and out of all sorts of places. And it's not like the hackers sent it directly to Pyongyang.
As a member of the MPAA, probably the most hated organization in the history of the internet, I'm surprised that Sony wasn't under constant phishing attack. Given their total lack of internal security, I would have thought some angry filesharers would have broken in long ago.
Fishy? It seems quite likely that such a thing could be overlooked. The NSA was (as the article says) concentrating their efforts on the DPRK's nuclear weapons program. Some spear phishing attacks aren't exactly a priority in comparison.
If that's true, who's to say our guys didn't launch the attack from their computers? Why would they even admit to being in there? The NSA doesn't say anything unless 1) they have to, or 2) they want to. I don't see why they would make this claim.
In 5 years time when this tit for tat results in some massive disruption in the US (power outage or something) people are going to be severely angry and say NK attacked them for no reason, etc. (i.e 9/11)
The US yet again going around the world making enemies, and giving them perfectly valid reasons to retaliate.
Something that probably gets overlooked is that Sony is a Japanese Corporation, and that the politics between Japan and Korea are often to be considered.
Does this mean the NSA hacked Sony (from NK)? Would explain both the 'Sony internal' nature of the attack and the FBI's assertion that this was 'from North Korea'.
I've read enough comments about "We already knew that blah blah blah ...", "What's interesting is that blah blah blah ...". Seems that you guys get used to the reality so fast, the only thing you can do is trying to dig into some detail about this kind of news and to avoid the discussing about whether this kind of things is RIGHT or WRONG from the beginning!
I'm planing to watch POI for the second time, may your god bless you American, and may there be a real-hero like Reese or Carter.
But we all know that most people are just as normal as Lionel, they don't have the courage to face the problem alone. So let's just wait for your bright future. LOL
[+] [-] chroma|11 years ago|reply
I realize I'm not engaging the core topic being discussed, but stories like this are why I'm surprised people like Will Scott haven't gotten in trouble. (I don't want to single him out, but he's the best example I have at hand.) For the past two years, he's gone to North Korea to volunteer teaching computer science.[1][2] At best, his students' skills will be wasted on some silly Android apps praising the supreme leader. More likely, these students will go on to make software for less-than-ethical purposes: wargame simulation, nuclear explosion modeling, missile guidance systems, or network/server subversion.
I'm not saying this software shouldn't exist, just that the world would be better-off if the DPRK had more difficulty writing it. And I'm surprised the State Department hasn't fined or revoked the passport of any American who has aided the DPRK in this manner.
1. https://news.ycombinator.com/item?id=8869265
2. https://news.ycombinator.com/item?id=6829558
[+] [-] toufka|11 years ago|reply
[+] [-] arcameron|11 years ago|reply
Let's not forget the great value and results of CS education in the US:
- spying for pretty much everybody, regardless of location
- drone guidance systems to kill people unlawfully
- missile systems for air strikes on countries purported to have WMDs
- millions of $ spent on silly apps that arguably do nothing to improve quality of life, whilst millions suffer and die of starvation
Do you really know enough about North Korea's tech community to say that "More likely, these students will go on to make software for less-than-ethical purposes"?
[+] [-] ForHackernews|11 years ago|reply
Your argument is close to "Nobody should teach basic chemistry in the middle east, because hey, terrorists might use that knowledge to make bombs."
[+] [-] danboarder|11 years ago|reply
[+] [-] turk-|11 years ago|reply
Plus, More than likely he (and others like him) are providing intel or participating in espionage on behalf of Western Governments.
[+] [-] thejosh|11 years ago|reply
[+] [-] a1a|11 years ago|reply
More DPRK people with the hacker mindset (e.g. not just accepting answers but asking questions, a hunger for knowledge, etc) would in the long term be a really great thing for everyone but the leaders of DPRK.
[+] [-] Nanzikambe|11 years ago|reply
[+] [-] estefan|11 years ago|reply
The world would be a better place if subversion didn't exist. As long as the North Koreans keep using it they won't get very far. Maybe Will Scott is funded by the CIA if he's promoting that over git...
[+] [-] usbreply|11 years ago|reply
American kids should not be allowed to get a computer science education.
[+] [-] acqq|11 years ago|reply
You are still doing it by writing that, and actually you aren't suggesting that the trouble to him would come from DPRK, but you are "nicely" suggesting he should get "in trouble" in the US just for lecturing in DPRK. Basically claiming, without writing the words that you are "surprised" he isn't considered a "traitor":
http://en.wikipedia.org/wiki/McCarthyism
[+] [-] shutupalready|11 years ago|reply
Not only are they evil, but they're cheap too.
But the fact is that the hosts would have billed for the meal because the U.S. government asked to be billed.
The USG requires that officials traveling on business not accept gratuities, gifts, dinners, or anything above a certain value (which is about US$100 -- it gets adjusted for inflation, so it might be higher today).[1]
There is an exemption to allow acceptance of gifts of travel expenses of more $100 when officials travel outside the United States on business, but only if "such acceptance is appropriate, consistent with the interests of the United States, and permitted by the employing agency".[1]
In this case, General Clapper and his staff probably didn't want to deal with the question of whether it was "appropriate" or deal with reporting requirements, so they just asked for the bill. Or, their North Korean hosts, knowing U.S. policy, were proactive in making up a bill.
Either way, the NYT article should have mentioned the USG policy. If they can't get that little thing right, it makes me wonder about the accuracy of the rest of the article.
[1] http://www.gpo.gov/fdsys/pkg/USCODE-2010-title5/html/USCODE-...
[+] [-] GabrielF00|11 years ago|reply
Given that presenting one's guest with a bill (or demanding a bill) would seem to violate social norms and cause embarrassment, I would imagine that meals are typically treated the same way.
[+] [-] donohoe|11 years ago|reply
Same logic?
[+] [-] sandworm|11 years ago|reply
"We realized there was another actor [South Korea] that was also going against them [North Korea] and having great success because of a 0 day they wrote. We got the 0 day out of passive and were able to re-purpose it. Big win."
NSA learned of a 0-day exploit being used by South Korea (not five eyes) and re-purposed it. They had knowledge of an exploit in the wild. Did they share this with anyone in order to close this security flaw? They exploited it. This is not a case of the NSA developing an exploit in house. They took this from the wild. This would seem to confirm suspicions that NSA is/was willing to allow active 0-days to fester, leaving the general public exposed.
[+] [-] meowface|11 years ago|reply
If SK was only using it to target, say, Iran and NK, then it would not be in the NSA's interest to disclose the exploit to anyone. Only if they had reason to believe it could be targeting Five Eyes governments or corporations would they feel any need to.
[+] [-] redstripe|11 years ago|reply
For commercial software the companies who are not finding these bugs on their own are to blame. For open source, the cheapskates who mooch free software without contributing are too blame.
[+] [-] xnull1guest|11 years ago|reply
What's interesting is what information the New York Times includes that is not covered in the NSA document, presumably from unidentified officials and former officials.
The document on Der Speigel speaks primarily about taking copies of intelligence from SK hacking efforts against NK and also taking copies of intelligence from NK hacking efforts that had in turn been hacked by SK (and in turn by NSA - "fifth party collection").
The document mentions the NSAs unwillingness to rely on intelligence filtered through so many third parties and made efforts to establish its own foothold.
Essentially none of the article is backed by the document as a first source and must have come from the unnamed sources.
[+] [-] Alupis|11 years ago|reply
The average US citizen was outraged that some other government would have the audacity to hack anything in the US. This article's goal seems to be to point out that the US Government is hacking all other nation's governments, including NK. (pot calling the kettle black)
[+] [-] higherpurpose|11 years ago|reply
> But the loot isn't delivered directly to ROC's IP address. Rather, it is routed to a so-called Scapegoat Target. That means that stolen information could end up on someone else's servers, making it look as though they were the perpetrators.
So how do we really know it was North Korea, and not just NSA planting that evidence that NK hacked Sony in those two months? I mean other than "trusting NSA"?
[+] [-] GabrielF00|11 years ago|reply
This is interesting and you could look at it a number of different ways:
- Collecting data is one thing, but understanding what it means is incredibly challenging and the NSA might not be doing a great job.
- Even when they can't prevent an attack, there is still value in having this data so that they can attribute the attack and understand something about the motives and methods of the attackers.
[+] [-] mc808|11 years ago|reply
[+] [-] techrat|11 years ago|reply
- They supposedly were collecting all this info and didn't think to warn Sony about any potential issues.
[+] [-] lucb1e|11 years ago|reply
[1] https://en.wikipedia.org/wiki/Tailored_Access_Operations#Kno...
[2] https://en.wikipedia.org/wiki/Cyberwarfare_in_the_United_Sta...
[3] http://www.theverge.com/2014/8/13/5998237/nsa-responsible-fo...
[4] Stuxnet http://rt.com/news/snowden-nsa-interview-surveillance-831/
[+] [-] GabrielF00|11 years ago|reply
The statement is not saying that any cyberattack is an act of war, it is saying that the United States might treat certain attacks as the cost of doing business but that other attacks might require a military response, depending on the specifics of the incident.
[+] [-] junto|11 years ago|reply
He has to say this, otherwise the NSA has started an act of war against pretty every country on earth, so it would be pretty hypocritical.
Obama knows this, so he can't go and classify the US as starting wars through their own cyber 'crimes'.
[+] [-] Estragon|11 years ago|reply
[+] [-] xnull1guest|11 years ago|reply
[+] [-] comex|11 years ago|reply
It's not as if the claims in this article that the U.S. has successfully penetrated North Korean networks (to the extent they exist, anyway) should be any surprise; it would be highly surprising if they hadn't. One might imagine that while the North Koreans are not super advanced, they know enough about how to analyze and remove malware that it might be better to stay vague, even at the cost of appearing less credible, rather than disclose specifics of what communications you're able to intercept. Yet surely, just because the finger is pointing at one of the usual enemies, it must just be warmongering rather than reflecting reality.
(Yes, yes, WMDs in Iraq. It is certainly possible that the U.S. really is that incompetent and/or hawkish. I just don't think it's very likely.)
[+] [-] bjourne|11 years ago|reply
[+] [-] snissn|11 years ago|reply
[+] [-] timmytokyo|11 years ago|reply
[+] [-] sandworm|11 years ago|reply
As a member of the MPAA, probably the most hated organization in the history of the internet, I'm surprised that Sony wasn't under constant phishing attack. Given their total lack of internal security, I would have thought some angry filesharers would have broken in long ago.
[+] [-] ggreer|11 years ago|reply
[+] [-] phkahler|11 years ago|reply
[+] [-] finid|11 years ago|reply
Unbelievable!
[+] [-] enlightenedfool|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] grecy|11 years ago|reply
The US yet again going around the world making enemies, and giving them perfectly valid reasons to retaliate.
[+] [-] chippy|11 years ago|reply
[+] [-] Eye_of_Mordor|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] interesting_guy|11 years ago|reply
[deleted]
[+] [-] astkaasa|11 years ago|reply
I'm planing to watch POI for the second time, may your god bless you American, and may there be a real-hero like Reese or Carter.
But we all know that most people are just as normal as Lionel, they don't have the courage to face the problem alone. So let's just wait for your bright future. LOL