North Korea Again Steals $1.5 Billion in Cryptocurrency
On February 21, the cryptocurrency exchange Bybit fell victim to a $1.5 billion hacking incident, once again bringing the North Korean hacker organization Lazarus Group into the spotlight.
In recent years, this organization has repeatedly succeeded, from the theft at KuCoin exchange to the hack of the Ronin cross-chain bridge, and even the personal wallet of the founder of Defiance Capital. The mastermind behind these incidents is this mysterious hacker group.
You may wonder how North Korea, as one of the most closed-off countries in the world, has cultivated such formidable power in the digital battlefield.
In traditional military fields, North Korea struggles to compete with the U.S.-South Korea alliance, but cyber warfare provides it with a strategic leverage akin to “using four ounces to deflect a thousand pounds.”
Since the 1980s, the North Korean government has devoted considerable efforts to hacker training, internally code-named “Secret War.”
Jang Se-yul, a North Korean defector who fled to South Korea in 2007, previously attended Mirim University, North Korea’s top engineering school (now renamed University of Automation). During his university years, Jang studied courses offered by the 121 Bureau alongside other hackers.
After graduation, Jang joined the North Korean government’s Reconnaissance General Bureau, where the 121 Bureau is an elite spy organization. It was during this time that he began interacting with top hackers within the 121 Bureau.
In a later interview with Business Insider, Jang Se-yul stated that the threat of cyber warfare is more immediate and dangerous compared to North Korea’s nuclear threats. He said, “This is a silent war. The battle has already begun without a shot being fired.”
The question is, how does such a poor and resource-scarce country invest heavily in cyber warfare?
Jang Se-yul’s answer is: because it is very cheap to train a hacker.
Generally, North Korea is divided into three major classes: the basic masses (core class), the complex masses (ordinary middle class), and the remnants of hostile classes (descendants of landlords, rich farmers, etc.), further subdivided into 56 levels. These class classifications are recorded in the household registration system and used during personnel recruitment.
Ahn Chan-il, president of the World North Korea Research Center, noted that in the past, North Korean hackers were also selected based on their background, as a decline in loyalty to the party could pose a threat to the regime.
However, after the international community imposed comprehensive sanctions on North Korea, blocking its avenues for earning foreign currency, the country could only resort to illegal means through cyber attacks to earn foreign currency.
This has opened up a special channel for talent in cyber warfare, allowing for unorthodox recruitment.
Jang’s alma mater, the University of Automation, serves as the core base for training North Korean hackers. He stated, “Each class only admits 100 students, but there are as many as 5,000 applicants.”
This can be considered a PLUS version of a university entrance exam; once accepted and trained as hackers, they can become part of the top 1% in North Korea, though the process is incredibly arduous.
These young hackers undergo nearly nine years of rigorous training before being deployed, with the youngest starting at age 17.
While in school, they attend six classes a day, each lasting 90 minutes, learning various programming languages and operating systems. They spend a significant amount of time analyzing programs like Microsoft’s Windows operating system, studying how to breach computer information systems of adversarial countries such as the U.S. and South Korea.
Moreover, their core mission is to develop their own hacking software and computer viruses, rather than relying on existing external hacking tools.
In Jang’s view, North Korean hackers possess technical skills that are no less than those of top programmers at Google or the CIA, and they may even be superior.
From the first day of their education, these “black little generals” are assigned missions and goals, divided into different groups focusing on attacking different countries and regions, such as the U.S., South Korea, and Japan. Once hackers are assigned to a specific “national group,” they spend nearly two years infiltrating that country, learning the local language and cultural knowledge to avoid raising suspicions in addition to honing their technical skills.
Jang mentioned that one of his friends worked for an overseas department of the 121 Bureau, but he posed as an employee of a North Korean trading company. No one knew his true identity, and his company operated normally.
Due to the unique nature of cyber warfare, these young hackers can freely use the internet, gaining immediate access to the latest developments abroad, while also being acutely aware of their country’s “closed and conservative” nature. However, this does not shake their patriotism and loyalty to their leader.
“Even if others try to persuade them forcefully, or even offer them jobs at the South Korean presidential office, they would not betray their country,” Jang stated.
Of course, becoming a hacker also means money and privileges.
Young hackers can earn a monthly salary of up to $2,000, which is double that of an ambassador. In addition, they can receive luxurious apartments of over 185 square meters in downtown Pyongyang, and they have the opportunity to relocate their families to the capital, undoubtedly enticing conditions.
In this new era where keyboards replace missiles, the keyboards of young hackers will become the Damocles’ sword over cryptocurrency.
This article is collaboratively reprinted from: Deep Tide