>> Corrections & Amplifications
An earlier version of this article incorrectly included the name of a defector familiar with North Korea’s cyber training, whose identity was included in violation of the agreement with the source. (April 19, 2018)
Yikes!! I understand mistakes happen, but what an absolute betrayal of trust
This is one of the problems with paywalls - I regularly see a full article posted in reddit comments and I doubt they're checking for corrections like this later on.
I don’t usually think someone should be fired for mistakes but this is so egregious. How does their name even end up in a draft, much less the published article? How will the convince anyone considering discussing something anonymously with the paper to move forward with a screw up like that?
We hope there is a process. We can be sure that several individuals were inept. The journalist certainly knows the source wished to remain anonymous, and an editor certainly had to approve that.
Given all the down-votes, seems I am a sucker to give them the benefit of the doubt and not join the crowds calling for heads on plates. How dare I attempt to have faith in humanity.
Of course not. But having someone sacked won't reverse the mistake or prevent this happening again. It was a terrible, terrible mistake, but the absence of malice here should be considered.
Absence of malice is nice, but what should be considered more highly is the absence of care.
Remember, this error probably will get people killed.
A rapid & public sacking may not reverse the error, but will have at least some preventative effect -- some people learn from the mistakes of others.
Of course this should not be the only step, and they should also add processes & procedures to help make it more difficult for this error to get through again (default to no names for sources?, second set of eyes asking for every source?)
Yes hyumans make mistakes. And those mistakes have, and should have consequences.
When the likely result is to get someone killed, there should be serious consequences for the people, regardless of whether it was 'people' or 'process' that you put at the top of the fault chain.
That is the way it works in the real world. Small bits of inattention can lead to death. We don't say that 'it was just a small thing' when someone is texting while driving and crashes and injures/kills people, even tho it was just a a few seconds lapse of attention.
This source, and/or his family back home are now likely on a NK hit list. The employer has now had it's credibility for confidentiality destroyed for a decade. This lapse should have consequences.
(And if you don't like the potential consequences, either make sure you play the game right, or don't play the game.)
I'm not sure I understand your comment in full, but I wasn't suggesting there be no consequences for this mistake. I also don't see it in any way trivial. Sacking people is easy and a quick fix but what change was actually made to ensure this never, ever happens again.
Humans make mistakes, processes or the lack thereof allow them to happen.
When mistakes of a certain threshold happen, the organization should have a post-mortem to ensure such a scenario does not recur.
In addition, the person who failed should hold their own post-mortem in private, with the possible addition of a supervisor to determine how they failed, if at all, and how they can use the incident as a learning experience.
"Blame process, not people" is great in that it encourages folks not to pillory someone for a mistake that they themselves could have possibly made, but it is not a "Get out of jail free" card.
Humans make mistakes, but this was a mistake at multiple levels. The name shouldn't have been in a draft, certainly shouldn't have been anywhere near the final piece, and probably should have been caught by an editor.
It’s probably basic CIA move, you want to take out somebody from there, you “accidentally” cite them as source. It doesn’t matter if it just creates confusion and uncertainty there or complete removal of that person, you win in any case; if it’s temoval - it’s a big win.
Wtf. And why even include the name in the first place? Literally no good would have come from that in a story like this. If you must refer to a name use a pseudonym.
This really subtly shows one of the darkest sides of journalism, especially considering it's coming from the WSJ. The engagement of the audience and ad revenue is so important that protecting sources and journalistic integrity is so easily forgotten by the author and editors.
He was a French pulp spy novels writer (SAS), who turned out to be some kind of mailbox between intelligence services to share spy stories. So a lot of his books are directly inspired from real stories, with names changed. Until he forgot to change the name of a CIA station chief...
In an authoritarian state, especially one where food is scarce to much of the population, learning a skill that is considered vital to the state is a good way to ensure you can eat.
NK has a system where everyone with any kind of outside contact is paired up with a stranger who might be an intelligence agent or just a regular person whose family has been taken hostage, but in any case they're fairly likely to snitch. The East German Stasi used similar methods, and quite effectively.
Comparing the situation in Eastern Germany to North Korea is a bit of a stretch to put it mildly. I don't know first-hand how bad it is in NK, but I grew up in the GDR. Even the worst Stasi actions are most likely tamer than a normal day in North Korea (family members and friends ended up in jail for weeks or months for attempting to escape to the West, but I guess if the same happened in North Korea it's not done with a bit of jail time).
Most Stasi snitches (IMs) didn't need much 'encouragement' by the Stasi, most did it for purely egoistical reasons (money or favours).
>Even the worst Stasi actions are most likely tamer than a normal day in North Korea
as reported in doubtful articles and by sources with reasons to put some spice on their stories (e.g. to have them celebrated and promoted as heroic defectors as opposed to run of the mill immigrants).
Interesting thought, if N.K. is as connected as the USA, the master hacker would more or less own (pwn?) the country, right? "Luckily" for NK, most of their infrastructure are probably offline.
> Over the past 18 months, the nation’s fingerprints have appeared in an increasing number of cyberattacks, ...
Bullshit. Bullshit. Bullshit. No proof, no evidence, no nothing. This whole article is propaganda.
Does anyone really believe that a nation where 99% of people shit in simple holes in the ground could build a competitive cyber army? They lease their internet connections from China. Everything appearing to come from NK could just be China.
Start providing evidence and start doing your job WSJ. Stuff like this will just lead to people hating NK for no reason and enable the Trump administration to go to war with them.
It would be easy to put a name out there, then redact it and pretend it was a real source. That it is hidden makes it hard to track even if you managed to get a copy of it when they were displaying the name, and investigating if they really exists becomes hard to do because it is easy to paint the investigator as someone not being ethical, putting the sources life at risk, and perhaps even an agent of NK seeking to harm the source.
What kind of “evidence” would you ever accept? If they show you server logs with NK IPs, you would point out that those are just text files, and can easily be faked. In fact, there is no evidence whatsoever that an online publication could provide if you refuse to accept peoples’ testimony.
This idea of distrusting institutions like the media is probably meant to make you appear smart and in-the-know. But it’s really just nihilism that leads to the breakdown of civil discourse.
The WSJ is generally regarded as an ethical and professional source of reporting, some upheaval in the last months nonewithstanding. And that’s how the system works: you can never verify all the facts of a single article. But you can judge a publisher on their track record. And, by all means, call bullshit on anything the National Inquirer writes. But if it’s a reputable source of news, and generally gels with a lot of other reporting by other sources from all along the ideological spectrum, don’t throw a temper tantrum and expect people to believe you over them.
The National Enquirer hasn't tricked us into multiple wars by dutifully parroting false pretexts. (E.g., every USA war in my parents' lifetimes.) You know that wars are bad, right? Lots of people die and lots of resources are wasted.
If we don't trust anybody, it leaves us nowhere. We will not be able to judge any statement made by anyone, except when we were eye witness ourselves. That would be a very sad state.
Logic is a valuable academic exercise, but also leaves you nowhere if the situation to assess becomes slightly complex.
Maybe logic classes are sometimes wrong?at the very least, invoking them is itself an appeal to authority.
You cannot start evaluating each and every statement from first principle.
Example: if your spouse asks you to give them your car keys, you are more likely to comply than when a stranger makes the same request.
That’s because you trust them, and because they have a lot to lose by betraying that trust. It’s no different with media outlets, the EFF, your doctor, and many other institutions.
It’s insane to pretend that you’re never trusting some authority: every time you log into your email provider or bank, you’re trusting them with information and money, based on your knowledge of their past behavior, and your understanding of their respective incentive structures.
Agreed. Any state nowadays has the resources to just move teams of hackers to other countries, sub-contract, create disguised VPN services in other countries. Use VPNs, Tor, VMs, etc...
It is just dangerous this kind of "journalism", that keep building on suspicion stories.
You expect substance from the comments while these articles lack any form of evidence? Stop muting every kind of discourse. Sometimes civil unrest (in the form of these rants) is needed. As I already stated above, the WSJ has a large audience and provides no evidence for serious claims. Claims that could be enough for someone like Trump to start a war on a nation (even nuclear).
To add a bit to what Scott said: one important reason to post substantive critiques of bad information, instead of flamey rants, is that a flamey rant makes it easy for readers to dismiss what you're saying. Assuming your view is correct, and the information you're ranting about really is bad, the net result is that by trying to defend the truth you actually discredit it, or at best make it seem partisan.
> "The researchers emphasize that catching hackers is difficult, and that they can’t be 100% certain that every attack attributed to North Korea was orchestrated by its cyberwarriors."
That's about the facts of this story.
> "Many North Korean hackers are using perfect English or embedding other languages into coding to make it appear hacks came from other countries, the researchers have concluded"
Everyone ends up using English even in comments. It's just easier. Everyone knows it. And it's where most resources are.
"Perfect English" is something that triggers me though; most comments I've seen are colloquial and limited, more like personal notes than anything. Or maybe that's just me.
As an ESL I can tell you that it also depends on your exposure to English. Non-native English speakers are often taught and exposed to mostly (classical) literary works and/or formal speak (for example, math and science). It's one of the reasons why their speech might sound stilted in person, but "perfect" in writing. What you think is "colloquial and limited" might be considered "perfect native speak" by the ESLs who often don't get that kind of environmental exposure to English.
I recently noticed that some of my firefox bookmark folders were renamed. But it was not me that renamed it.
It was a very strange feeling. Whoever had renamed it was replying to the subject of the bookmark folder. So Eg. If the folder was called "Fast cars", then it would have been relabelled something like "I, this is fast cars pal." Both the "I" at the start and the "pal" are typically Scottish, which is where I'm from.
Wait, if they were forgetting that they were writing the notes, why did the handwriting look like the landlord's and not their own?
This reminds me of something similar that I experienced.
When I was younger my mother and I started noticing food missing in that there would be less of a bag of chips than we recalled. Nothing was ever completely eaten and the food had to have been opened first. We were pretty sure something weird was happening, and then one day we got home and I noticed there was a can of pop missing. I was absolutely certain I knew how many were left, so at this point we were convinced someone other than ourselves was responsible. After talking to other residents in the townhouse complex we find out we're not the only ones that this is happening to.
Fast forward a few days and I'm locked out of our townhouse. I went to my friend, who lived a few townhouses down, and asked if I could hang out for a bit as I was locked out. He proceeds to tell me that the caretaker's daughter who lives in one of the townhouses has a master key and can let me in, as she did it for him before.
We walk over to her place and he asks her to let me in with her master key. I will never forget the mix of anger and fear in her face as she weakly tries to deny having the key, only for him to bring up past incidents she has let him in. She relents and walks us over to my townhouse and lets me inside.
Amazingly, after that day we no longer had food and pop go missing.
The likelihood that someone compromised your system just to rename your bookmarks is approximately epsilon.
The most likely explanation is that you did it and have no memory of it; this can be caused by taking certain sleep medications, having a sleep disorder, or by other environmental conditions (like a CO leak, already mentioned).
The next most likely is that a friend or family member with a bizarre sense of humor is playing a prank on you.
It is more likely that you own a cat, who is literate and can operate a computer, than that your system was remotely compromised for the purposes of renaming your bookmarks.
I did not say that it was for the purposes of renaming bookmarks.
However, the folder in particular was a collections of links, one of which I suspected had a virus. So I named it "folder with possible virus links". I can only imagine whoever was in my computer, could not resist renaming this.
I have no medication, no negative environmental conditions and I am, by normal standards, a sane individual.
I occasionally work with code originating in South Korea and it is full of comments in Korean encoded in some windows Codepage I don't even know how to get vim to display them correctly. The identifiers are English but sometimes with spelling errors or odd idioms.
> Everyone ends up using English even in comments. It's just easier. Everyone knows it. And it's where most resources are.
I don't know how they can be described as dangerously good hackers seeing as they forgot to strip off all the debug information when they compiled the code .. :]
I'm no hacker. But if I were I'd first hack North Korean servers, then use those servers to do all my outward hacking. This would ensure no cooperation of authorities and no traceback. North Korea is essentially a black hole for hackers to launch their attacks from. Not sure why people think this third world country is fostering the creativity and science and engineering background necessary for the hacking that's attributed to them.
Even if its a third world country they just need to foster a few hundred students and teach them to become hackers... Possible even if everybody else is starving.
91 comments
[ 3.9 ms ] story [ 116 ms ] threadYikes!! I understand mistakes happen, but what an absolute betrayal of trust
What has become of this paper?
Remember, this error probably will get people killed.
A rapid & public sacking may not reverse the error, but will have at least some preventative effect -- some people learn from the mistakes of others.
Of course this should not be the only step, and they should also add processes & procedures to help make it more difficult for this error to get through again (default to no names for sources?, second set of eyes asking for every source?)
When the likely result is to get someone killed, there should be serious consequences for the people, regardless of whether it was 'people' or 'process' that you put at the top of the fault chain.
That is the way it works in the real world. Small bits of inattention can lead to death. We don't say that 'it was just a small thing' when someone is texting while driving and crashes and injures/kills people, even tho it was just a a few seconds lapse of attention.
This source, and/or his family back home are now likely on a NK hit list. The employer has now had it's credibility for confidentiality destroyed for a decade. This lapse should have consequences.
(And if you don't like the potential consequences, either make sure you play the game right, or don't play the game.)
When mistakes of a certain threshold happen, the organization should have a post-mortem to ensure such a scenario does not recur.
In addition, the person who failed should hold their own post-mortem in private, with the possible addition of a supervisor to determine how they failed, if at all, and how they can use the incident as a learning experience.
"Blame process, not people" is great in that it encourages folks not to pillory someone for a mistake that they themselves could have possibly made, but it is not a "Get out of jail free" card.
This really subtly shows one of the darkest sides of journalism, especially considering it's coming from the WSJ. The engagement of the audience and ad revenue is so important that protecting sources and journalistic integrity is so easily forgotten by the author and editors.
He was a French pulp spy novels writer (SAS), who turned out to be some kind of mailbox between intelligence services to share spy stories. So a lot of his books are directly inspired from real stories, with names changed. Until he forgot to change the name of a CIA station chief...
[1] https://www.nytimes.com/2013/02/03/magazine/gerard-de-villie...
https://www.fullwsj.com/articles/how-north-koreas-hackers-be...
It's much more likely they just hire technical mercenaries.
Also, I imagine that those skills allow you to talk to the outside world without any old people knowing whats going on.
Most Stasi snitches (IMs) didn't need much 'encouragement' by the Stasi, most did it for purely egoistical reasons (money or favours).
as reported in doubtful articles and by sources with reasons to put some spice on their stories (e.g. to have them celebrated and promoted as heroic defectors as opposed to run of the mill immigrants).
Bullshit. Bullshit. Bullshit. No proof, no evidence, no nothing. This whole article is propaganda.
Does anyone really believe that a nation where 99% of people shit in simple holes in the ground could build a competitive cyber army? They lease their internet connections from China. Everything appearing to come from NK could just be China.
Start providing evidence and start doing your job WSJ. Stuff like this will just lead to people hating NK for no reason and enable the Trump administration to go to war with them.
Now that is propaganda.
They actually provided too much evidence, betraying their source and naming them. This information isn't unfounded.
It would be easy to put a name out there, then redact it and pretend it was a real source. That it is hidden makes it hard to track even if you managed to get a copy of it when they were displaying the name, and investigating if they really exists becomes hard to do because it is easy to paint the investigator as someone not being ethical, putting the sources life at risk, and perhaps even an agent of NK seeking to harm the source.
<doffs conspiracy theory hat>
However, if both sides refer to that name as a defector, and the other side denounces their actions, it adds considerable weight to the argument.
This idea of distrusting institutions like the media is probably meant to make you appear smart and in-the-know. But it’s really just nihilism that leads to the breakdown of civil discourse.
The WSJ is generally regarded as an ethical and professional source of reporting, some upheaval in the last months nonewithstanding. And that’s how the system works: you can never verify all the facts of a single article. But you can judge a publisher on their track record. And, by all means, call bullshit on anything the National Inquirer writes. But if it’s a reputable source of news, and generally gels with a lot of other reporting by other sources from all along the ideological spectrum, don’t throw a temper tantrum and expect people to believe you over them.
If we don't trust authorities, in the world of the internet where anything goes, where does that leave us?
Logic is a valuable academic exercise, but also leaves you nowhere if the situation to assess becomes slightly complex.
You cannot start evaluating each and every statement from first principle.
Example: if your spouse asks you to give them your car keys, you are more likely to comply than when a stranger makes the same request.
That’s because you trust them, and because they have a lot to lose by betraying that trust. It’s no different with media outlets, the EFF, your doctor, and many other institutions.
It’s insane to pretend that you’re never trusting some authority: every time you log into your email provider or bank, you’re trusting them with information and money, based on your knowledge of their past behavior, and your understanding of their respective incentive structures.
It is just dangerous this kind of "journalism", that keep building on suspicion stories.
If you replace "cyber army" with "nuclear program" do you feel the same way?
Yes, actually. Or silent flagging, like the guidelines ask. Being important does not make something on topic.
https://news.ycombinator.com/newsguidelines.html
That's about the facts of this story.
> "Many North Korean hackers are using perfect English or embedding other languages into coding to make it appear hacks came from other countries, the researchers have concluded"
Everyone ends up using English even in comments. It's just easier. Everyone knows it. And it's where most resources are.
Obviously comments don't need to be in MLA form, ya know?
Is that in common usage ? I have never seen it used to designate a group of people.
I believe so.
I picked up this usage (ESL as a descriptor of person) from forums and boards around the internet. Not sure how correct it is.
It was a very strange feeling. Whoever had renamed it was replying to the subject of the bookmark folder. So Eg. If the folder was called "Fast cars", then it would have been relabelled something like "I, this is fast cars pal." Both the "I" at the start and the "pal" are typically Scottish, which is where I'm from.
I deleted the folder.
This reminds me of something similar that I experienced.
When I was younger my mother and I started noticing food missing in that there would be less of a bag of chips than we recalled. Nothing was ever completely eaten and the food had to have been opened first. We were pretty sure something weird was happening, and then one day we got home and I noticed there was a can of pop missing. I was absolutely certain I knew how many were left, so at this point we were convinced someone other than ourselves was responsible. After talking to other residents in the townhouse complex we find out we're not the only ones that this is happening to.
Fast forward a few days and I'm locked out of our townhouse. I went to my friend, who lived a few townhouses down, and asked if I could hang out for a bit as I was locked out. He proceeds to tell me that the caretaker's daughter who lives in one of the townhouses has a master key and can let me in, as she did it for him before.
We walk over to her place and he asks her to let me in with her master key. I will never forget the mix of anger and fear in her face as she weakly tries to deny having the key, only for him to bring up past incidents she has let him in. She relents and walks us over to my townhouse and lets me inside.
Amazingly, after that day we no longer had food and pop go missing.
TLDR: carbon monoxide is a helluva drug
The most likely explanation is that you did it and have no memory of it; this can be caused by taking certain sleep medications, having a sleep disorder, or by other environmental conditions (like a CO leak, already mentioned).
The next most likely is that a friend or family member with a bizarre sense of humor is playing a prank on you.
It is more likely that you own a cat, who is literate and can operate a computer, than that your system was remotely compromised for the purposes of renaming your bookmarks.
However, the folder in particular was a collections of links, one of which I suspected had a virus. So I named it "folder with possible virus links". I can only imagine whoever was in my computer, could not resist renaming this.
I have no medication, no negative environmental conditions and I am, by normal standards, a sane individual.
I wish. I inherited a project full of third-party libraries that were commented in Cyrillic (I assume Russian).
I don't know how they can be described as dangerously good hackers seeing as they forgot to strip off all the debug information when they compiled the code .. :]