11 comments

[ 0.30 ms ] story [ 47.4 ms ] thread
It always amazes me how they get their 'digital soldiers' to such a level of expertise. I've spent my entire life in front of a computer, in absolute perfect conditions (internet, education, smart friends) and did everything and anything, from writing assembly code for microchips to deploying self-scaling Amazon SaaS-products, from learning to write cracks for Windows apps to studying anything from Max Headroom to the Morris worm -- and yet, here I am, absolutely incapable of reliably securing a god-damn Wordpress site.

I was always under the impression that there isn't much of an alternative when looking for highly-qualified tech-people, other than trying to find those who 'walked the walk', who've spent a giant junk of their life in front of the keyboard, hacking away. I can't, for the life of me, imagine how kids in North Korea are able to spend anywhere near the time required to become a state-level hacker. Where does all this information come from? Who breaks this into junks, who teaches them or provides the level of pre-processing required to ramp up that quickly? It can't be Youtube videos, can it? I know they mention a university, but the general reporting on North Korea has blurred my imagination enough to still imagine them as poor farmers and 70s-military-style troopers. It's puzzling.

> It always amazes me how they get their 'digital soldiers' to such a level of expertise.

If it gives them some elite lifestyle there then it's a strong incentive to be the best.

I think one factor that is not usually appreciated is simply the effect of working harder at it. My experience is with South Korean education, and if the North is similar, those students work harder at whatever than you would think humanly possible.
Think of all the stuff that you've learned along the way that's not helpful to being a "digital soldier". How to fix update issues on several platforms, how to use netstat to find out someones IP address via ICQ back in the day...

All those lessons, while teaching you some valuable lesson in a fun way, can also be hammered into a head by just focusing on the underlying systems and providing actual hacking targets.

The difference between what most of us understand as "good tech upbringing" and their training is the difference between a loving father taking his son deer-hunting and a Soldier being sent to Military School at a young age. While the former knows a lot about how to read the forest, how to stalk prey, the latter learned how to systemically eradicate and overwhelm, how to win a war, not how to hunt for game.

It's simply a difference in focus and intensity that of course creates a difference in outcomes.

> and yet, here I am, absolutely incapable of reliably securing a god-damn Wordpress site.

With all due respect, I would claim to be able to secure a god-damn Wordpress site. Versatile knowledge about Wordpress, about PHP, about (F)CGI/mod_php/etc., about Apache, nginx and friends, about accelerators and caches, about the Linux network stack, the userspace tooling, the kernels, the hardware, the network structure -- this is what we dealt with all our life, isn't it?

Some of us learnt it systematically at a university, others as autodidacts. As semi-professionals, we don't earn our money with security and most of us don't do security with such a passion (I'm rather annoyed by SELinux and AppAmor and run "curl | bash" with the neccessary doubts). Most of all, most of us don't apply for jobs at three-letter agencies, and I assume a good portion of us don't do that because they don't like three-letter agencies.

(Sorry for extrapolating from myself)

Have you ever been hungry? in your entire life? and I dont mean for fun/diet. Information is not a problem(study published exploits etc), all you need is proper motivation.
You can't hack 10 hours a day for 10 years while being hungry, afraid and without passion.

Hacking is not just learning information, it's nuturring a certain mindset, including creativity.

Besides, they only have a few people with internet, so i can't see the infrastructure they use either.

I really put my money on hired guns here.

This is quite a lot of speculation. Why steal dollars when you've been printing them? They show a photo of students at an elite school to make you think you're looking at a hacker boiler room. It's difficult to trust anything the PRK government says, but almost all external reporting is also incredibly suspect. I file these sorts of articles under "entertainment".
I attended a symposium on North Korea's cyberattacks and organized cybercrime in Seoul a few months ago. One of the guest speakers was a Bangladeshi economics professor, heavily networked into the country's financial institutions, talking about the banking system hack. I had dinner with him and the organizers later that night. They're pretty serious about it all.

I didn't read the linked article.

"That’s what the thieves went after in February 2016: nearly $1 billion, sitting in a Fed-run account"

Has the Fed ever given consideration to not connecting their banking computer directly to the Internet?

Yeah, umm... "North Korean" hackers....