> I am a Hacker and I am the opposite to all that you are. In my realm, we
are all alike. We exist without skin color, without nationality, and without
political agenda. We are slaves to nobody.
Classic elitist take ignoring that this this space where "all are alike" can only work for certain kinds of people.
Your quote it is out of context, they are talking to North Korea's -sociopathic- government accomplice:
<< Kimsuky, you are not a hacker. You are driven by financial greed, to enrich
your leaders, and to fulfill their political agenda. You steal from others
and favour your own. You value yourself above the others: You are morally
perverted. >>
North Korean citizens are kidnapped by a dictatorship. They are talking to someone who supports crimes against humanity.
I would go as far as to say slaves of a dictatorship. Most likely threathened with death, including the hackers' entire family, if they dont follow the line. Considering these factors, how much do you think they actually "support crimes against humanity"? North Koreans filter their students very early on to find the smart ones and teach them hacking in specialized military camps. Whoever this hacker is, he probably has been handpicked and groomed for the job hes doing.
How is this any different from say a Pentagon or IDF employee who is involved (by some degree) in the documented mass murder of civilians? Their livelihoods are also on the line.
Are they off the hook because they "choose" to participate in mass murder?
Youre gonna pretend theres no difference between your entire bloodline (literally) or your salary being on the line? If you work at the Pentagon and see mass murder of civilians you have the option to stop going to work. A north korean hacker does not have that option.
You may be assuming a fair bit. Just because it is evidently true that there is a difference, to the parent, depending on their philosophical bent, it is not impossible that it is the outcome alone that determines level of willingness to accept level of.. dunno what is a good word here.. responsibility. In other words, from where they come from, all other factors are not relevant. I don't subscribe to this particular view of the world, but it helps to be able to understand others.
I get that a pure consequentialist can flatten every distinction, but in the real world we still distinguish between
(a) ‘I’ll kill your entire bloodline if you stop typing’ and
(b) ‘You can resign and face a résumé gap.’
Until we’re ready to treat a bank-teller under duress the same as an armed robber, that difference has to matter.
I don’t necessarily agree with you but I’m not sure why you are being downvoted into oblivion.
Tangentially, my problem with this phrase post is that I am struggling to get past all the obvious falsehoods when it comes to the non technical part of the writing.
It starts off the bat with using terminology like “Advanced Persistent Threat” and conflates what it already identified as a North Korean group as Chinese in this sentence
> It shows a glimpse how openly "Kimsuky" cooperates
with other Chinese APTs and shares their tools and techniques.
And then gives some flowery speech about how the Koreans are bad and political but this author who opposes them is good and not political.
This reads to me like the ravings of some crazy person with advanced skills who thinks everyone else is the crazy one while wearing a tinfoil hat, or a federal group leaking a no longer useful technical hack surrounded in language pushing propaganda
I’ve heard that in North Korea it is difficult for ordinary people to learn or own a computer. It is assumed that a small number of elite operatives are selected and trained to carry out such tasks, and it is somewhat surprising that they possess the latest technology and conduct hacking.
If anything the hackers in north korea are probably world class if the government is getting their students into focused training programs early in their schooling. Western nations have nothing equivalent due to schooling being generalist and undergrad and grad school not really introducing you to the sort of work you'd actually do on the job as a hacker. 22 year old western hacker for a 3 letter agency is going to have maybe a 6 month softball tangentially related internship of experience under their belt while the north korean might have years and years by that point.
> 22 year old western hacker for a 3 letter agency is going to have maybe a 6 month softball tangentially related internship of experience under their belt while the north korean might have years and years by that point.
I was with you right up until this bit
The agencies concerned tend to recruit people that have demonstrated ability in that field, and they've usually got it with "self-directed" training :)
State sponsored thieves are not a talent pool that anyone wants in a trusted position.
The fact is there were only around 40 unique hacks ever invented, and people simply adapt these into new zero day exploits. Notably, this is now mostly a fully automated process.
If people want in, they will get in eventually. =3
> it's not because someone wants them there. It's because they can demand the position they want
Zero evidence of this. And if they can demand that position from one, they can demand favors from others. I would count a background in espionage to be a net positive in a hiring process, provided dismissal was on good terms.
It is complicated, but Moral Development theory does cover the phenomena of why some won't understand until they personally grow through the stages of development.
Spies do tough work for not that much pay. (Certainly less than they can earn in the private sector.)
They’re starting from a position of duty. Given the stakes the questions they’re tasked with operate at, I’d guess they tend to be in the postconventional regime more than most people.
Reading up on it made me realize that a certain well known orange person is really on Stage 2 of moral development. That explains a lot.
But also gives hope. I mean, it’s rare that adults fail to advance from pre-conventional phases, so it must be super rare to have such a confluence of factors that puts someone like that in the given job.
No need for insults, I found it fun. ROTs are easy to detect because they usually still have word-length chunks, and common repeating symbols. In this case the '6's ('e's). This is something a language oriented AI is going to be very good at detecting. It's great demo of why hashing is so important.
If you don't see repeating symbols, it could be a running key, like a Vigenèr cipher.
It was a simple way to highlight impulsive behavior common in modern users, and the trivial encoding function should be obvious to those who are minimally empathetic. Ask the LLM handler if being lied to makes people feel worse than getting robbed... then consider if you would hire such individuals.
If you are ever unsure of someones motives, than politely ask for context. Have a wonderful day =3
What is the impulsive behavior? Do you have a zero day in some ROT-47 decoder? Or perhaps a zero day in the file command in case a user creates a file containing the string and runs the command on it? Or is the string both a valid ROT-47 string and a valid executable on some platform?
> If you are ever unsure of someones motives, than politely ask for context.
I always understood that these hacks are one of the main ways for North Korea to actually earn money in other currencies, as they’ve been barred from trading with pretty much the entire world.
North Korean teams tend to perform very well in coding contests, so it’s a safe bet that North Korea is quite good at nurturing a small slice of elite computing talent.
The brightest students of most nations are often sent abroad to enrich their countries with knowledge from the great universities. NK is almost unique in its inability to do this at non-Chinese great universities, so that is the only viable route.
> somewhat surprising that they possess the latest technology and conduct hacking.
Why does this surprise you? As you said, selecting capable people is not a problem. And then these capable people get the best possible motivation. I would say it is expected to get qualified hackers in such conditions, who are proficient in all latest technologies.
...which explains the link to China. NK natives probably do not typically have access to computers or the open internet, but the children of certain elites are educated in China. There may even be a collaborative effort between the two states.
> The dump also revealed reliance on GitHub repositories known for offensive tooling. TitanLdr, minbeacon, Blacklotus, and CobaltStrike-Auto-Keystore were all cloned or referenced in command logs.
What's the rationale for allowing the development of offensive tooling on github? Is this a free-speech thing, or are these repositories relevant for scientific research in some way?
They are heavily used in penetrationtests and red teaming engagements. Banning such tools from the public just mystifies attackers ways to defenders, while not in any way hindering serious malicious actors. We had that discussion back in the 90s and early 2000s.
Agreed. Plus it's not always a clear line between offensive and legitimate usage. For many years nmap was banned on most corporate networks, but it's an invaluable tool for legitimate use too, despite being useful for offensive cases as well
It's mainly beside nmap detection is a feature of most IDS so it's bound to raise some red flags.
Same with even doing packet sniffing. It can be detected when using wireshark because it does reverse DNS lookups for each ip it sees in its default configuration.
I had legit reasons for it at work so I always mentioned it to the network guys before ding stuff like this. We also had a firewalled lab network. We did get some pushback once when some scans leaked out to the office network. But it was their fault for having the firewall open.
I ran 'neoprint.php' on myself at Facebook in 2007 and immediately got a stern email about it... It was some script that collected info for responding to law enforcement requests. But after chastising me, the email said "I was gratified that you ran it on yourself". (as opposed to snooping on someone else!)
It was just a summer internship and FB was like 'only' 80 engineers back then. But they still took it seriously.
I think that's a little different. It sounds like neoprint.php is an internal Facebook tool for looking up data on Facebook users. So improper usage of it is a privacy problem for users. It's something misbehaving employees might run against celbrities, exes, etc. (e.g. https://www.gawkerarchives.com/5637234/gcreep-google-enginee... )
Otoh nmap isn't a privacy problem for users of Facebook (or any other tech company).
Yea totally agree. Mainly just wanted to shoehorn in my own story about stern emails at FB! Also I think running nmap on your own development machine is totally legitimate. Lots of reasons you might want to do it.
+1. If I can't run nap or netcat, or have to justify it each time, I can't do my job. Better off elsewhere.
I've departed early at least twice over this. Draconian IT serves nobody. Been doing this long enough I deliberately poke any new employer; see what's in store.
Nobody cares, though. EDR appliances sell without careful administration. The industry will outlive us all.
While that may be true, it’s less true for things like cobalt strike. I’m not saying that banning tooling would be a good thing, but it’s a bad argument to compare Nmap to remote access tools.
I don't disagree, but GP is asking about all offensive tools, not just Cobalt strike. IMHO a platform like GitHub should not be picking and choosing which projects are offensive enough to remove. Yes, there are some tools that are pretty clearly more offensive than others, but creating a policy would not be clear-cut
Cobalt strike is just an automated script kiddie really. It's a way for red teamers to catch low hanging fruit. And because of that, there's not so much low hanging fruit anyway.
> GitHub now has a license from OFAC to provide cloud services to developers located or otherwise resident in Iran. This includes all public and private services for individuals and organizations, both free and paid.
> GitHub cloud services, both free and paid, are also generally available to developers located in Cuba.
Do you have any reason to suspect GitHub isn't blocking those countries? How long do you think an offensive-security sponsor/passport-issuing nation might take to get around GitHub IP-blocks?
Right exactly. The only way IP blocks work is if there's no vulnerable machines to take over anywhere. That is - it basically doesn't work for any motivated attacker.
You could hypothetically make it work, but it would mean an extremely different Internet and device landscape than exists today. (And even then I doubt it stops a nation-state level attacker, they can always use old fashioned espionage to get someone in meat space and get around any technical barrier)
This is interesting due to the tying of DPRK and PRC. It seems hard to say how much coordination there is between the two, but whatever it is, it appears to be greater than zero. While not necessarily surprising, I wonder if this public attribution will make it harder for the PRC to deny involvement with both the DPRK's efforts and their own.
Regardless of how unhappy Beijing may be with things Pyongyang does, North Korea is of such obvious strategic importance to China that they are unlikely to ever waver in their support of the regime or even try to hide it.
China kept backing Khmer Rouge despite the millions dead and even invaded Vietnam to protect them. Amoral, self interested actor at best. There's nothing North Korea could do to their own people to change the support.
In fairness, the US kept indirectly funding the Khmer Rouge even after evidence of their atrocities came to light for their own strategic geopolitical reasons.
The realpolitic of international relations very often follows the words of the British prime minister, Lord Palmerston: "We have no eternal allies, and we have no perpetual enemies. Our interests are eternal and perpetual, and those interests it is our duty to follow."
Sure. If Smedley Butler has been less disillusioned by his work history and successfully carried forward the business plot it’s pretty easy to imagine.
What do you mean? Some US companies did business with Nazi Germany, famously IBM and of course Ford, and of course there were nazi sympathizers in the US, but to my knowledge the US never supported Germany at that time.
I mean the US had no problems selling Nazi Germany arms at the start of the war. The US only really took a side after Germany told the US to stop also supplying war materials to their enemies, which Germany viewed as merely prolonging the war and deaths, and when the US ignored them because they were making too much money Germany stopped buying and doubled down on blockading material support to allies.
It's both frustrating and all too common to see blatant historical falsehood being casually thrown around as if it's well known fact. Doubly frustrating knowing that in order to rebut such falsehood, you have to either do your own lengthy research to find the evidence of __absence__ (which is a lot harder comparing to the evidence of __existence__), or hopefully someone else already did said research and more hopefully you can unbury it from the increasingly enshittified google search.
And by the time you managed it the falsehood already netted a few dozens/hundreds/thousands more victims in the best case scenario where the rebuttal actually managed to attach itself right next to the falsehood.
Regular folks just can't compete with professional disinformation spreaders and their horde of victims.
China did not, and still doesn't, want US troops at its border. That's why it originally intervened and why it supports North Korea. At the time there was also a further risk that the US might invade China.
That doesn't have to be the result of it. A more humane regime in NK doesn't mean reunification has to happen. And, part of the reason those US forces are in South Korea is the threat of the North. By threatening US involvement in case of an attack.
I mean, same could be said about South Korea. It would instantly drag their GDP per capita down by more than half, and that's not even counting how much money would need to be spent to re-develop NK.
If both counties sustain their current trajectories, in 50 years it will be NK re-populating and re-developing SK. And the "if" here is mainly about NK, chances of SK getting out of the death spiral are very thin.
I recently read/watched videos about the "population time bomb" in South Korea and how it's almost irreversible now. It really surprised me, it's one of those things that's hard to visualize. And it's not even long term!
Apparently, due to cultural, political and economical issues, South Korea cannot/won't do this. I suppose it theoretically could, but in practice it would mean it would cease to exist as it is now.
Due to the scale of their population collapse, the influx of immigrants would have to be massive. Which country does that? It would completely overtake its native ethnic population... which unlike a country built on immigration like the US, is surprisingly homogeneous.
I'm no expert, I encourage you to read on the matter. It apparently truly is something that cannot be stopped now. It surprised me as much as it (apparently) does you.
By the way, countries that are better off, like the US, are largely helped by immigration indeed. Which is why anti-immigration policies would be like shooting themselves in the foot.
> Apparently, due to cultural, political and economical issues, South Korea cannot/won't do this.
Because it's not a problem yet. What's going to stop them from doing it when the birth rate becomes a problem? Almost nothing.
> Due to the scale of their population collapse, the influx of immigrants would have to be massive.
Not really. You are mistakenly extrapolating the situation in the Western world, where purposefully brought in almost only criminals and freeloaders, to Korea. If you organize immigration of labor, then not so many immigrants will be needed
I'm not "mistakenly extrapolating" anything, I'm describing the current consensus by population experts. No need to debate me, I'm no expert, I'm just paraphrasing what experts believe. I'm as surprised as you are, I only recently learned of this.
> What's going to stop them from doing it when the birth rate becomes a problem? Almost nothing
Their birth rate is already a massive problem. The South Korean government already acknowledges this is a crisis, it's just that the measures that are politically/socially viable just don't cut it, and Koreans seem unwilling to consider more drastic measures. But the problem is already here, and acknowledged, and already impacting the population of South Korea (there's apparently a "loneliness epidemic" going on already).
Because of the shape the population pyramid takes (more old people than young people) once it reaches the tipping point, which in South Korea it already has, there's no going back. No matter how they try, they simply don't have enough young people to revert it anymore.
> If you organize immigration of labor, then not so many immigrants will be needed
This is not (just) about labor, it's about population decline. Even if Koreans dedicated themselves to having more children, it wouldn't be enough anymore. They are beyond the tipping point. They would need massive immigration to live there and have children there and effectively become "the new Koreans"... and this is obviously unpalatable to many.
I encourage you to read on this. Do not debate me: I'm not the expert here!
> I'm describing the current consensus by population experts.
These are not experts, they are deep state propagandists.
I mean, fortunately (or unfortunately), such processes have been going on for decades, and these experts have been in business for decades. So, nothing prevents us from analyzing their early models, explanations, projections, and forecasts, and comparing them with reality in order to form an opinion about the level of their expertise
> Their birth rate is already a massive problem.
Not exactly. Low birth rate itself is not a problem. What is a problem is the future consequences of low birth rate . And these consequences generally have not yet occurred, i.e. there is no problem yet.
> Koreans seem unwilling to consider more drastic measures
Yes, because there is no problem yet
> once it reaches the tipping point
Then it will become a problem and nothing will stop them from bringing in some foreign labor to fix it.
> They would need massive immigration to live there
Not that massive. Your ideas about the required amount of immigration to fix the labor shortage problem are probably formed by extrapolating Western immigration processes. But the point is that you can’t extrapolate like that. There are no obstacles to carrying out immigration tens of times more effectively than the West does.
Just to understand how irrelevant this issue is for Korea at the moment: the twentieth century was quite a turbulent time for Koreans, and now quite a lot of ethnic Koreans live outside of Korea. Many of them know the Korean language, want to move to Korea, but even with repatriation programs, this is not such an easy process. Korea has so many Koreans inside the country that they are quite reluctant to grant residence permits even to other Koreans with foreign citizenships.
Time shall tell, but as of today I think this view is delusional. For native Koreans this would do roughly as much good as mass immigration into Americas did to native Indians.
> These are not experts, they are deep state propagandists.
Deep state? I feel like I've stepped into a conspiracy theory. What does the deep state have to do with anything? Deep state from which country? The US? Korea?
> Not exactly. Low birth rate itself is not a problem. What is a problem is the future consequences of low birth rate . And these consequences generally have not yet occurred, i.e. there is no problem yet.
Why "not exactly"? It's understood by everyone that low birth rate is a problem because of its rippling effects, which are not immediate. When I say "a massive problem" I mean "already in the near future".
But apparently it's causing problems for young people today, already.
> And these consequences generally have not yet occurred, i.e. there is no problem yet.
South Korean society is already quite unhealthy, and apparently for younger generations even more so.
To be clear: the numbers alone don't tell the full story. Population density is not the important metric here, but population aging is. There could be lots of Koreans today, but if the distribution is top-heavy, it cannot help them.
Let's do something else: link me a serious (non-conspiracy) study that there is no population decline crisis in South Korea, and I'll read it with an open mind. Be forewarned though, if it's a conspiracy article I'll ignore it.
> I suppose it theoretically could, but in practice it would mean it would cease to exist as it is now.
But it's going to cease to exist as it is anyway. One way or another. And the people that remain will not be staring at a wall waiting for it to end. Also, young people seem to have a radically different mindset there, which is what tends to happen when they see their parents screwing everything up.
Maybe the culture isn't there yet but it will be. Having said that, I would never be happy to live in a country with strict moral codes like Japan or South Korea. But I'm sure many people would be. In particular conservatives tend to love these societies, you often hear comments like "this is what we should do here in the US".
I'm a raging pro-lgbt polyamorous kinky progressive so for me it would be the wrong place. But there are lots of people that would love this kind of thing.
> But there are lots of people that would love this kind of thing.
Doesn’t the fact that the people in said culture have decided it’s no longer worth reproducing, en masse, because of how their life is, imply that a lot of people wouldn’t actually like that kind of thing?
I just think life finds a way. Societies don't just disappear. They just change. There's too much value in Korea to just give up.
Will it disappear as we know it? Yes. But that is true everywhere. The America as you knew it in 2010 is also gone forever (and not for the better, unfortunately with its current politics). Same in Europe where the nazis are trying to take over. Change is a constant.
Life doesn't always find a way. Mass extinctions are a thing. Even human cultures & ethnic groups have disappeared without a trace.
The South Korean population time bomb is a completely different thing to America in the 2010 changing.
Have you read what people who study demographics currently believe about South Korea. An informed opinion is really needed to discuss this, this is not about "feelings".
Genuine question that I'm trying to learn about - the industrialisation of Japan and South Korea led to huge wealth creation and increases in quality of living. I know some of that is stagnating now and especially in South Korea things are difficult, but why isn't North Korea ever spoken of in those terms rather than always the GDP hit to South Korea?
In the initial era of the split between North and South Korea, South Korea both was run by a bunch of people who had a history of outright killing leftists, and the United States was involved in similar actions.
The lack of serious offramps to reunification, along with not as huge a delta in quality of life between north and south for a long time (aid from other countries sure helps!), allowed the DPRK to establish itself as its own nation.
Now there is the surveillance state apparatus allowing the DPRK to exist in its current form in perpetuity. And even if tomorrow they showed up and said "let's unify Korea", South Korea (even ignoring all the ideological reasons it might not want to) would likely be unwilling to absorb an extremely poor country and pay for it (see the painful experience of Germany's unification).
There is probably no off ramp that exists unless people are willing to let the elite walk away clean from the situation in one way or another, and it seems hard to imagine such a future.
And if you are a north korean elite and you are allowed to travel to northern china, you will see a place where things are running more smoothly, but you're still going to see places with massive amounts of internal controls and restrictions. So who's offering the upside to some regime change here?
I don't think that people are like... against unification in principle, but if you are looking at it from the perspective of the State.... lots of pain and money, and at least in the German experience there was plenty of decent state enterprises for West Germany to (glibly) pillage from. People will handwave about North Korean resources, but even those are more or less accessible via China.
And on top of that at the end of the day Germany now has this bloc that votes "the wrong way" in all of its elections. Glib analysis though.
The German split was resolved 35 years ago and is still visible. How much time would a reunified Korea take to equalize itself? If you're a person who cares only about the economics of it all, how long do you think it would take for the payoff of unification to occur? Just seems quite long.
It's my understanding there were plenty of USSR nostalgics in the east given how long it took for the free market to "trickle down" and the east to catch up economically. They never did catch up all the way anyway.
Yes, they won control of an entire state and almost won another.
People vote far right because they're fed up with the status quo, and perceive the far right can't be that much worse when everything is already so bad. Politicians who are not far right would do well to take this into account in their politics. Sadly, they don't, and history repeats.
Nearly every authoritarian country starts with people promising good things. A lot also start with rebels fighting against a group that led a massacre. They're underdog groups with popular support.
Then those underdogs take over. They become paranoid about the possibility of being killed themselves, so they repeat the massacres they fought against. A lot of people who supported the new regime think it's just a few remaining enemies being taken out. It won't happen to them. Then the government starts laying out methods to solidify their control. The list of things seen as traitorous and against national interests grows. It becomes a frog in a boiling pot situation. By the time people realize they might be a target, the system is too complicated and widespread to take down alone, and a new generation of youths have been raised knowing only the current system. And to those youths, things are stable. The most terrifying thing to people raised in stability is the idea of losing that stability. So keeping your head down and following the law is much better than absolutely anything else.
And with the absolute control of information that NK has, a significant portion of people really don't even know a better world exists out there. And they're terrified of anyone that even talks about shaking things up.
It looks like a liberal fantasy. The truth is that along the rivers that run on the border with China there are posts with machine gunners every 100 meters. Brainwashing is obviously nearly zero-effective, since they have to resort to machine guns.
For the first couple decades while it was ahead of South Korea economically (in large part due to support from China/USSR) it was not that bad but during that time the system of absolute control by the Kim family was setup and once it was up it is too late to really do anything due to how absolute/brutal the control is (you say anything wrong and you and your whole extended family end up in a prison/death camp)
Basically people are willing to put up with a lot if their lives are getting better (economic growth). Problem with that is what kind of system of control an authoritarian government can setup in that period of growth.
What's surprising about this? It's not dissimilar to how the US behaves towards their less than savory strategic allies (or, historically, towards dictatorships as long as they were US-aligned).
I don't think Chinese support for NK has ever been a secret anymore than the the US support for South Korea has. And it's in China's backyardd so they've got way more of an excuse.
And if you think that doesn't matter, look at the Monroe Doctrine [1].
Taken further, the so-called Cuban Missile Crisis should really be called the Turkey Missile Crisis. The US (through NATO) placed Jupiter nuclear MRBMs in Turkey, only hunddreds of miles from Moscow. The USSR responded by doing the exact same thing, by placing nuclear weapons in Cuba. And the US almost started World War 3 over it.
It was the USSR who stepped back from the brink and, as a result of a secret agreement, the Jupiter MRBMs were quietly removed from Turkey [2].
> The USSR responded by doing the exact same thing
This paints it as tit for tat, but to advert invasion the Cubans asked for the missiles over a year later than the missiles were placed in Turkey. The resolution combined these separate issues.
The topic is cybercrime and espionage, not nuclear brinksmanship or colonialism. Whatever parallels can be drawn don't seem to be very relevant, so the comment comes off as an attempt to deflect criticism.
Maybe it wasn’t clear, but I think the comment is explaining the importance for superpowers of keeping their immediate surroundings politically aligned - china wants NK on their side for the same reason neither the US or the URSS wanted nukes on their doorstep.
I do wonder what's the state of history education today when one only learns a basic history event today, and through a layman's forum post which is surely going to have all the complete perspective as opposed to setting out an explicit agenda.
You can’t separate colonialism and imperialism from Korea. As if any of us know what Korea would be doing if the west didn’t invade then sanction among other things.
The causality between missiles in Turkey causing the Cuban Missile Crisis is unsubstantiated by historical facts from the Soviets own perspectives.
It's more that Cuba requested nukes first, the USSR opportunistically took, then they to resolve the crisis they took that opportunity to remove Turkish missiles. It wasn't really a tit for tat on part of the USSR's intentions, Cuba was the primary agent here.
Not that it really mattered later on once ICBMs are developed.
From Khrushchev's own words (27 October 1962) [1]:
> Your missiles are located in Britain, are located in Italy, and are aimed against us. Your missiles are located in Turkey.
> You are disturbed over Cuba. You say that this disturbs you because it is 90 miles by sea from the coast of the United States of America. But Turkey adjoins us; our sentries patrol back and forth and see each other. Do you consider, then, that you have the right to demand security for your own country and the removal of the weapons you call offensive, but do not accord the same right to us? You have placed destructive missile weapons, which you call offensive, in Turkey, literally next to us. How then can recognition of our equal military capacities be reconciled with such unequal relations between our great states? This is irreconcilable.
According to General Boris Surikov [2]:
> 'Khrushchev and his Defence Minister, Rodion Malinovsky, were at Khrushchev's estate on the Black Sea. They went for a walk and Malinovsky pointed in the direction of Turkey and said: 'That's where the American rockets are pointing at us. They need only 10 minutes to reach our cities, but our rockets need 25 minutes to reach America.' Khrushchev thought for a while and then said: 'Why don't we instal our rockets in Cuba and point them at the Americans? Then we'll need only 10 minutes, too.'
This article goes on to quote the Soviet Ambassador to Cuba, Alexander Alexeyev, who was a direct witness and a go-between between Khrushchev and Castro:
> 'On 14 May 1962 I was called to a meeting of the Defence Council at the Kremlin. Khrushchev said, in effect: 'Comrades, I think it would be a good idea to instal rockets in Cuba. Do it clandestinely. I don't want it known in the US until November (after the mid-term Congressional elections). Alexander Alexeyev, how will Fidel react when we present him with our decision?'
That dosen't refute anything from his own words as a justification as opposed to his primary goal to provide Cuba with defence here to deter a US invasion. As others have pointed out, the USSR was annoyed by these placements in Italy and Turkey earlier, but they did not declare war or start a crisis over it beforehand. It's more that Turkey was a bargaining chip here.
>>Our aim has been and is to help Cuba, and no one can dispute the humanity of our motives, which are oriented toward enabling Cuba to live peacefully and develop in the way its people desire.
You need to place here in context that the Jupiter missiles in Turkey were already obselete but the US had the overwhelming advantage in a nuclear strike with their Atlas ICBMs in USA at the time, relying more on a fleet of intercontinental bombers that could targeted by NORAD.
Removing nukes for Turkey did little to change the strategic calculus, but it did heavily deprive the USSR of an opportunity to change that calculus with Cuban nukes at the time, which was a major factor in Kruschev's later removal from power.
We believe KIM is Chinese but working for both Chinese and North Korean interests/governments, he speaks only very little Korean, he translates Korean websites into simplified Chinese using Google Translate and use OCR to translate Korean documents into Chinese.
I know some people in the US government who definitely need a hardware key to access computing resources including email. They work for the Dept of the Interior on science stuff, nothing related to national security or otherwise sensitive info.
They mentioned this was a pain in the ass, and a very weird restriction since technically any member of the public can ask for a copy of their emails via FOIA.
A lot of legacy tech doesn’t support hardware keys. Last government job I had still ran an old SVN server with unencrypted username/password auth (relying on the VPN for security).
Sometimes sending a message is part of the point. And you still have plausible deniability anyway "it was a false flag booo".
The Russians do this a lot. This kind of attack that they want everyone to know they are being without telling you they are behind it and denying it in all colours.
There's always a risk of openness creating copycats, but there's also the fact that informed decisions can now be made by people who need to mitigate against these malicious actors.
There's no way to only give the information to one group without the other group getting their hands on it.
There's levels between not sharing it with anybody, and dumping it up on the public web for everyone to see. There are private disclosure lists they could have used, if they wanted to.
So this is interesting from a technical perspective. Some of this infrastructure is used by pen testers and the likes, which just goes to show that there is no such thing as a defensive weapon. I'll let you ponder why that might be pertinent.
Unfortunately, it quickly turns into a discussion of how bad NK and China are and how China shouldn't support NK (because, again, they're bad).
I'll offer two words to expose the hypocrisy of this: Stuxnet, Pegasus.
interesting stuff but the china angle is a bit overstated with option A/B.
it could simply be the guy maintains presence there because he has access. NK has no public internet so he might simply enjoy internet access -_- rather than neccesarily be either pretending to be chinese or working for them...
This is some clickbait. At least to me. I've recently read an article that when Kim Jong Un takes dump he does it in a N.Korea secret service owned toilet that is being dragged always with him. Hence "Kim dump" sounds really... Physical...
I believe these are the hackers responsible for this leak: https://phrack.org/issues/72/7_md#article
> I am a Hacker and I am the opposite to all that you are. In my realm, we are all alike. We exist without skin color, without nationality, and without political agenda. We are slaves to nobody.
Classic elitist take ignoring that this this space where "all are alike" can only work for certain kinds of people.
On the Internet, nobody knows you’re a dog. Unless you make it your whole personality telling everybody that you are a dog. Maybe stop doing that.
Your quote it is out of context, they are talking to North Korea's -sociopathic- government accomplice:
North Korean citizens are kidnapped by a dictatorship. They are talking to someone who supports crimes against humanity.I would go as far as to say slaves of a dictatorship. Most likely threathened with death, including the hackers' entire family, if they dont follow the line. Considering these factors, how much do you think they actually "support crimes against humanity"? North Koreans filter their students very early on to find the smart ones and teach them hacking in specialized military camps. Whoever this hacker is, he probably has been handpicked and groomed for the job hes doing.
How is this any different from say a Pentagon or IDF employee who is involved (by some degree) in the documented mass murder of civilians? Their livelihoods are also on the line.
Are they off the hook because they "choose" to participate in mass murder?
Youre gonna pretend theres no difference between your entire bloodline (literally) or your salary being on the line? If you work at the Pentagon and see mass murder of civilians you have the option to stop going to work. A north korean hacker does not have that option.
You may be assuming a fair bit. Just because it is evidently true that there is a difference, to the parent, depending on their philosophical bent, it is not impossible that it is the outcome alone that determines level of willingness to accept level of.. dunno what is a good word here.. responsibility. In other words, from where they come from, all other factors are not relevant. I don't subscribe to this particular view of the world, but it helps to be able to understand others.
I get that a pure consequentialist can flatten every distinction, but in the real world we still distinguish between (a) ‘I’ll kill your entire bloodline if you stop typing’ and (b) ‘You can resign and face a résumé gap.’ Until we’re ready to treat a bank-teller under duress the same as an armed robber, that difference has to matter.
It has to do with this concept called free will.
No tolerance for the intolerant.
I don’t necessarily agree with you but I’m not sure why you are being downvoted into oblivion.
Tangentially, my problem with this phrase post is that I am struggling to get past all the obvious falsehoods when it comes to the non technical part of the writing.
It starts off the bat with using terminology like “Advanced Persistent Threat” and conflates what it already identified as a North Korean group as Chinese in this sentence
> It shows a glimpse how openly "Kimsuky" cooperates with other Chinese APTs and shares their tools and techniques.
And then gives some flowery speech about how the Koreans are bad and political but this author who opposes them is good and not political.
This reads to me like the ravings of some crazy person with advanced skills who thinks everyone else is the crazy one while wearing a tinfoil hat, or a federal group leaking a no longer useful technical hack surrounded in language pushing propaganda
To quote the movie Hackers:
"Cool? It's not cool. It's commie bullshit!"
Brian: We are all different! Guy: I'm not!
its always just some cheesy hacker words put to seem mysterious or whatever -_-.
we are legion, we are one etc. anything like that fall apart quickly if you attach identity to something doesnt it.
i guess by being anonymous online some forget they are not anonymous irl. a lot of being alone with the terminal ^^>
gotta read between all the fluff tho.
I’ve heard that in North Korea it is difficult for ordinary people to learn or own a computer. It is assumed that a small number of elite operatives are selected and trained to carry out such tasks, and it is somewhat surprising that they possess the latest technology and conduct hacking.
If anything the hackers in north korea are probably world class if the government is getting their students into focused training programs early in their schooling. Western nations have nothing equivalent due to schooling being generalist and undergrad and grad school not really introducing you to the sort of work you'd actually do on the job as a hacker. 22 year old western hacker for a 3 letter agency is going to have maybe a 6 month softball tangentially related internship of experience under their belt while the north korean might have years and years by that point.
> 22 year old western hacker for a 3 letter agency is going to have maybe a 6 month softball tangentially related internship of experience under their belt while the north korean might have years and years by that point.
I was with you right up until this bit
The agencies concerned tend to recruit people that have demonstrated ability in that field, and they've usually got it with "self-directed" training :)
State sponsored thieves are not a talent pool that anyone wants in a trusted position.
The fact is there were only around 40 unique hacks ever invented, and people simply adapt these into new zero day exploits. Notably, this is now mostly a fully automated process.
If people want in, they will get in eventually. =3
x C62=:K6 J@F 2C6 AC66>AE:G6=J 5:D28C66:?8 H:E9 E96 DFCAC:D:?8=J =@H 6DE:>2E6 @7 6IA=@:E E2I@?@>J[ 3FE 9F>2? DE2E:DE:42= 3692G:@C :D 2=D@ ?@E 2D 4@>A=6I 2D >2?J 36=:6G6]
> State sponsored thieves are not a talent pool that anyone wants in a trusted position
Why? They’re intelligent, crafty and able to make trade-offs.
Empirically, ex-spies have a solid history in reaching commanding positions in politics and business.
> Empirically, ex-spies have a solid history in reaching commanding positions in politics and business.
But it's not because someone wants them there. It's because they can demand the position they want.
> it's not because someone wants them there. It's because they can demand the position they want
Zero evidence of this. And if they can demand that position from one, they can demand favors from others. I would count a background in espionage to be a net positive in a hiring process, provided dismissal was on good terms.
> Empirically, ex-spies have a solid history in reaching commanding positions in politics and business.
The only examples I can think of are Putin and George HW Bush.
It is complicated, but Moral Development theory does cover the phenomena of why some won't understand until they personally grow through the stages of development.
Have a great day. =3
https://en.wikipedia.org/wiki/Lawrence_Kohlberg's_stages_of_...
Spies do tough work for not that much pay. (Certainly less than they can earn in the private sector.)
They’re starting from a position of duty. Given the stakes the questions they’re tasked with operate at, I’d guess they tend to be in the postconventional regime more than most people.
Reading up on it made me realize that a certain well known orange person is really on Stage 2 of moral development. That explains a lot.
But also gives hope. I mean, it’s rare that adults fail to advance from pre-conventional phases, so it must be super rare to have such a confluence of factors that puts someone like that in the given job.
ChatGPT decoded the ROT47 text immediately from a simple prompt: "Decode this string sent by some random pompous guy on Hacker News: [raw string]".
If robots want in, they will get in eventually too, apparently.
https://gchq.github.io/CyberChef/#recipe=ROT47(47)&input=eCB...
CyberChef did it fully locally with a ready-made recipe :D
No need for insults, I found it fun. ROTs are easy to detect because they usually still have word-length chunks, and common repeating symbols. In this case the '6's ('e's). This is something a language oriented AI is going to be very good at detecting. It's great demo of why hashing is so important.
If you don't see repeating symbols, it could be a running key, like a Vigenèr cipher.
It was a simple way to highlight impulsive behavior common in modern users, and the trivial encoding function should be obvious to those who are minimally empathetic. Ask the LLM handler if being lied to makes people feel worse than getting robbed... then consider if you would hire such individuals.
If you are ever unsure of someones motives, than politely ask for context. Have a wonderful day =3
https://en.wikipedia.org/wiki/List_of_cognitive_biases#Causa...
What is the impulsive behavior? Do you have a zero day in some ROT-47 decoder? Or perhaps a zero day in the file command in case a user creates a file containing the string and runs the command on it? Or is the string both a valid ROT-47 string and a valid executable on some platform?
> If you are ever unsure of someones motives, than politely ask for context.
Asking for context.
In general, the point was predicting statistical behavior is easy in large enough populations, and finding utility in that fact is trivial.
Exploits are boring, and thus have questionable utility in a proper business context. Don't worry about it... =3
I always understood that these hacks are one of the main ways for North Korea to actually earn money in other currencies, as they’ve been barred from trading with pretty much the entire world.
North Korean teams tend to perform very well in coding contests, so it’s a safe bet that North Korea is quite good at nurturing a small slice of elite computing talent.
They just identify talented individuals and send them to schools in China or elsewhere to learn the latest tech.
source? interesting if true.
Why would you doubt it?
The brightest students of most nations are often sent abroad to enrich their countries with knowledge from the great universities. NK is almost unique in its inability to do this at non-Chinese great universities, so that is the only viable route.
> somewhat surprising that they possess the latest technology and conduct hacking.
Why does this surprise you? As you said, selecting capable people is not a problem. And then these capable people get the best possible motivation. I would say it is expected to get qualified hackers in such conditions, who are proficient in all latest technologies.
...which explains the link to China. NK natives probably do not typically have access to computers or the open internet, but the children of certain elites are educated in China. There may even be a collaborative effort between the two states.
> The dump also revealed reliance on GitHub repositories known for offensive tooling. TitanLdr, minbeacon, Blacklotus, and CobaltStrike-Auto-Keystore were all cloned or referenced in command logs.
What's the rationale for allowing the development of offensive tooling on github? Is this a free-speech thing, or are these repositories relevant for scientific research in some way?
They are heavily used in penetrationtests and red teaming engagements. Banning such tools from the public just mystifies attackers ways to defenders, while not in any way hindering serious malicious actors. We had that discussion back in the 90s and early 2000s.
Agreed. Plus it's not always a clear line between offensive and legitimate usage. For many years nmap was banned on most corporate networks, but it's an invaluable tool for legitimate use too, despite being useful for offensive cases as well
It's mainly beside nmap detection is a feature of most IDS so it's bound to raise some red flags.
Same with even doing packet sniffing. It can be detected when using wireshark because it does reverse DNS lookups for each ip it sees in its default configuration.
I had legit reasons for it at work so I always mentioned it to the network guys before ding stuff like this. We also had a firewalled lab network. We did get some pushback once when some scans leaked out to the office network. But it was their fault for having the firewall open.
one time i ran nmap against my dev box at facebook. i was definitely worried someone was going to give me a stern talking to.
I ran 'neoprint.php' on myself at Facebook in 2007 and immediately got a stern email about it... It was some script that collected info for responding to law enforcement requests. But after chastising me, the email said "I was gratified that you ran it on yourself". (as opposed to snooping on someone else!)
It was just a summer internship and FB was like 'only' 80 engineers back then. But they still took it seriously.
I think that's a little different. It sounds like neoprint.php is an internal Facebook tool for looking up data on Facebook users. So improper usage of it is a privacy problem for users. It's something misbehaving employees might run against celbrities, exes, etc. (e.g. https://www.gawkerarchives.com/5637234/gcreep-google-enginee... )
Otoh nmap isn't a privacy problem for users of Facebook (or any other tech company).
Yea totally agree. Mainly just wanted to shoehorn in my own story about stern emails at FB! Also I think running nmap on your own development machine is totally legitimate. Lots of reasons you might want to do it.
I use nmap routinely at work to see what’s on a subnet, has anything new appeared, or where it should not be.
+1. If I can't run nap or netcat, or have to justify it each time, I can't do my job. Better off elsewhere.
I've departed early at least twice over this. Draconian IT serves nobody. Been doing this long enough I deliberately poke any new employer; see what's in store.
Nobody cares, though. EDR appliances sell without careful administration. The industry will outlive us all.
While that may be true, it’s less true for things like cobalt strike. I’m not saying that banning tooling would be a good thing, but it’s a bad argument to compare Nmap to remote access tools.
I don't disagree, but GP is asking about all offensive tools, not just Cobalt strike. IMHO a platform like GitHub should not be picking and choosing which projects are offensive enough to remove. Yes, there are some tools that are pretty clearly more offensive than others, but creating a policy would not be clear-cut
Cobalt strike is just an automated script kiddie really. It's a way for red teamers to catch low hanging fruit. And because of that, there's not so much low hanging fruit anyway.
I think they get heavily used by security researchers, and other people that do regular Penetration Testing.
Isn't Github supposed to be blocking sanctioned countries, like Iran, and North Korea?
https://docs.github.com/en/site-policy/other-site-policies/g...
About Iran & GitHub:
https://docs.github.com/en/site-policy/other-site-policies/g...
Do you have any reason to suspect GitHub isn't blocking those countries? How long do you think an offensive-security sponsor/passport-issuing nation might take to get around GitHub IP-blocks?
Right exactly. The only way IP blocks work is if there's no vulnerable machines to take over anywhere. That is - it basically doesn't work for any motivated attacker.
You could hypothetically make it work, but it would mean an extremely different Internet and device landscape than exists today. (And even then I doubt it stops a nation-state level attacker, they can always use old fashioned espionage to get someone in meat space and get around any technical barrier)
What alternative do you suggest?
This is interesting due to the tying of DPRK and PRC. It seems hard to say how much coordination there is between the two, but whatever it is, it appears to be greater than zero. While not necessarily surprising, I wonder if this public attribution will make it harder for the PRC to deny involvement with both the DPRK's efforts and their own.
Regardless of how unhappy Beijing may be with things Pyongyang does, North Korea is of such obvious strategic importance to China that they are unlikely to ever waver in their support of the regime or even try to hide it.
China kept backing Khmer Rouge despite the millions dead and even invaded Vietnam to protect them. Amoral, self interested actor at best. There's nothing North Korea could do to their own people to change the support.
In fairness, the US kept indirectly funding the Khmer Rouge even after evidence of their atrocities came to light for their own strategic geopolitical reasons.
The realpolitic of international relations very often follows the words of the British prime minister, Lord Palmerston: "We have no eternal allies, and we have no perpetual enemies. Our interests are eternal and perpetual, and those interests it is our duty to follow."
So there is a universe out there where the US would have supported/allied with Nazi Germany had it been convenient?
Sure. If Smedley Butler has been less disillusioned by his work history and successfully carried forward the business plot it’s pretty easy to imagine.
Yes, this one.
What do you mean? Some US companies did business with Nazi Germany, famously IBM and of course Ford, and of course there were nazi sympathizers in the US, but to my knowledge the US never supported Germany at that time.
Hardly difficult to imagine when you look at when WW2 began vs when the US became involved, and why.
I mean the US had no problems selling Nazi Germany arms at the start of the war. The US only really took a side after Germany told the US to stop also supplying war materials to their enemies, which Germany viewed as merely prolonging the war and deaths, and when the US ignored them because they were making too much money Germany stopped buying and doubled down on blockading material support to allies.
>I mean the US had no problems selling Nazi Germany arms at the start of the war.
This claim doesn't appear to be true: https://www.reddit.com/r/AskHistorians/comments/1k6yi1z/comm...
It's both frustrating and all too common to see blatant historical falsehood being casually thrown around as if it's well known fact. Doubly frustrating knowing that in order to rebut such falsehood, you have to either do your own lengthy research to find the evidence of __absence__ (which is a lot harder comparing to the evidence of __existence__), or hopefully someone else already did said research and more hopefully you can unbury it from the increasingly enshittified google search.
And by the time you managed it the falsehood already netted a few dozens/hundreds/thousands more victims in the best case scenario where the rebuttal actually managed to attach itself right next to the falsehood.
Regular folks just can't compete with professional disinformation spreaders and their horde of victims.
Anything happens to North Korea and all those starving people flood into China. I think that’s why China supports North Korea.
China did not, and still doesn't, want US troops at its border. That's why it originally intervened and why it supports North Korea. At the time there was also a further risk that the US might invade China.
That doesn't have to be the result of it. A more humane regime in NK doesn't mean reunification has to happen. And, part of the reason those US forces are in South Korea is the threat of the North. By threatening US involvement in case of an attack.
I mean, same could be said about South Korea. It would instantly drag their GDP per capita down by more than half, and that's not even counting how much money would need to be spent to re-develop NK.
If both counties sustain their current trajectories, in 50 years it will be NK re-populating and re-developing SK. And the "if" here is mainly about NK, chances of SK getting out of the death spiral are very thin.
I recently read/watched videos about the "population time bomb" in South Korea and how it's almost irreversible now. It really surprised me, it's one of those things that's hard to visualize. And it's not even long term!
They can always allow more immigration. National populations don't grow only by births.
Apparently, due to cultural, political and economical issues, South Korea cannot/won't do this. I suppose it theoretically could, but in practice it would mean it would cease to exist as it is now.
Due to the scale of their population collapse, the influx of immigrants would have to be massive. Which country does that? It would completely overtake its native ethnic population... which unlike a country built on immigration like the US, is surprisingly homogeneous.
I'm no expert, I encourage you to read on the matter. It apparently truly is something that cannot be stopped now. It surprised me as much as it (apparently) does you.
By the way, countries that are better off, like the US, are largely helped by immigration indeed. Which is why anti-immigration policies would be like shooting themselves in the foot.
> Apparently, due to cultural, political and economical issues, South Korea cannot/won't do this.
Because it's not a problem yet. What's going to stop them from doing it when the birth rate becomes a problem? Almost nothing.
> Due to the scale of their population collapse, the influx of immigrants would have to be massive.
Not really. You are mistakenly extrapolating the situation in the Western world, where purposefully brought in almost only criminals and freeloaders, to Korea. If you organize immigration of labor, then not so many immigrants will be needed
I'm not "mistakenly extrapolating" anything, I'm describing the current consensus by population experts. No need to debate me, I'm no expert, I'm just paraphrasing what experts believe. I'm as surprised as you are, I only recently learned of this.
> What's going to stop them from doing it when the birth rate becomes a problem? Almost nothing
Their birth rate is already a massive problem. The South Korean government already acknowledges this is a crisis, it's just that the measures that are politically/socially viable just don't cut it, and Koreans seem unwilling to consider more drastic measures. But the problem is already here, and acknowledged, and already impacting the population of South Korea (there's apparently a "loneliness epidemic" going on already).
Because of the shape the population pyramid takes (more old people than young people) once it reaches the tipping point, which in South Korea it already has, there's no going back. No matter how they try, they simply don't have enough young people to revert it anymore.
> If you organize immigration of labor, then not so many immigrants will be needed
This is not (just) about labor, it's about population decline. Even if Koreans dedicated themselves to having more children, it wouldn't be enough anymore. They are beyond the tipping point. They would need massive immigration to live there and have children there and effectively become "the new Koreans"... and this is obviously unpalatable to many.
I encourage you to read on this. Do not debate me: I'm not the expert here!
> I'm describing the current consensus by population experts.
These are not experts, they are deep state propagandists.
I mean, fortunately (or unfortunately), such processes have been going on for decades, and these experts have been in business for decades. So, nothing prevents us from analyzing their early models, explanations, projections, and forecasts, and comparing them with reality in order to form an opinion about the level of their expertise
> Their birth rate is already a massive problem.
Not exactly. Low birth rate itself is not a problem. What is a problem is the future consequences of low birth rate . And these consequences generally have not yet occurred, i.e. there is no problem yet.
> Koreans seem unwilling to consider more drastic measures
Yes, because there is no problem yet
> once it reaches the tipping point
Then it will become a problem and nothing will stop them from bringing in some foreign labor to fix it.
> They would need massive immigration to live there
Not that massive. Your ideas about the required amount of immigration to fix the labor shortage problem are probably formed by extrapolating Western immigration processes. But the point is that you can’t extrapolate like that. There are no obstacles to carrying out immigration tens of times more effectively than the West does.
Just to understand how irrelevant this issue is for Korea at the moment: the twentieth century was quite a turbulent time for Koreans, and now quite a lot of ethnic Koreans live outside of Korea. Many of them know the Korean language, want to move to Korea, but even with repatriation programs, this is not such an easy process. Korea has so many Koreans inside the country that they are quite reluctant to grant residence permits even to other Koreans with foreign citizenships.
Time shall tell, but as of today I think this view is delusional. For native Koreans this would do roughly as much good as mass immigration into Americas did to native Indians.
> These are not experts, they are deep state propagandists.
Deep state? I feel like I've stepped into a conspiracy theory. What does the deep state have to do with anything? Deep state from which country? The US? Korea?
> Not exactly. Low birth rate itself is not a problem. What is a problem is the future consequences of low birth rate . And these consequences generally have not yet occurred, i.e. there is no problem yet.
Why "not exactly"? It's understood by everyone that low birth rate is a problem because of its rippling effects, which are not immediate. When I say "a massive problem" I mean "already in the near future".
But apparently it's causing problems for young people today, already.
> And these consequences generally have not yet occurred, i.e. there is no problem yet.
South Korean society is already quite unhealthy, and apparently for younger generations even more so.
To be clear: the numbers alone don't tell the full story. Population density is not the important metric here, but population aging is. There could be lots of Koreans today, but if the distribution is top-heavy, it cannot help them.
Let's do something else: link me a serious (non-conspiracy) study that there is no population decline crisis in South Korea, and I'll read it with an open mind. Be forewarned though, if it's a conspiracy article I'll ignore it.
> I suppose it theoretically could, but in practice it would mean it would cease to exist as it is now.
But it's going to cease to exist as it is anyway. One way or another. And the people that remain will not be staring at a wall waiting for it to end. Also, young people seem to have a radically different mindset there, which is what tends to happen when they see their parents screwing everything up.
Maybe the culture isn't there yet but it will be. Having said that, I would never be happy to live in a country with strict moral codes like Japan or South Korea. But I'm sure many people would be. In particular conservatives tend to love these societies, you often hear comments like "this is what we should do here in the US".
I'm a raging pro-lgbt polyamorous kinky progressive so for me it would be the wrong place. But there are lots of people that would love this kind of thing.
> But there are lots of people that would love this kind of thing.
Doesn’t the fact that the people in said culture have decided it’s no longer worth reproducing, en masse, because of how their life is, imply that a lot of people wouldn’t actually like that kind of thing?
I mean, I don't know what to tell you. You seem to be reacting in disbelief, "this cannot be true".
But reality shows it is happening, it is accelerating, and young people are part of the problem.
It's a real thing, and the consensus seems to be it's irreversible, however bizarre it may seem to us.
I just think life finds a way. Societies don't just disappear. They just change. There's too much value in Korea to just give up.
Will it disappear as we know it? Yes. But that is true everywhere. The America as you knew it in 2010 is also gone forever (and not for the better, unfortunately with its current politics). Same in Europe where the nazis are trying to take over. Change is a constant.
Life finds a way, just not necessarily your life or your kids'
Life doesn't always find a way. Mass extinctions are a thing. Even human cultures & ethnic groups have disappeared without a trace.
The South Korean population time bomb is a completely different thing to America in the 2010 changing.
Have you read what people who study demographics currently believe about South Korea. An informed opinion is really needed to discuss this, this is not about "feelings".
Genuine question that I'm trying to learn about - the industrialisation of Japan and South Korea led to huge wealth creation and increases in quality of living. I know some of that is stagnating now and especially in South Korea things are difficult, but why isn't North Korea ever spoken of in those terms rather than always the GDP hit to South Korea?
How did they manage to brain control millions of people like that? I mean it’s so ludicrous to an outsider.
In the initial era of the split between North and South Korea, South Korea both was run by a bunch of people who had a history of outright killing leftists, and the United States was involved in similar actions.
The lack of serious offramps to reunification, along with not as huge a delta in quality of life between north and south for a long time (aid from other countries sure helps!), allowed the DPRK to establish itself as its own nation.
Now there is the surveillance state apparatus allowing the DPRK to exist in its current form in perpetuity. And even if tomorrow they showed up and said "let's unify Korea", South Korea (even ignoring all the ideological reasons it might not want to) would likely be unwilling to absorb an extremely poor country and pay for it (see the painful experience of Germany's unification).
There is probably no off ramp that exists unless people are willing to let the elite walk away clean from the situation in one way or another, and it seems hard to imagine such a future.
And if you are a north korean elite and you are allowed to travel to northern china, you will see a place where things are running more smoothly, but you're still going to see places with massive amounts of internal controls and restrictions. So who's offering the upside to some regime change here?
> see the painful experience of Germany's unification
I had thought that Germans from both sides were overwhelmingly supportive of re-unification, even if it would cause short-term pain??
I don't think that people are like... against unification in principle, but if you are looking at it from the perspective of the State.... lots of pain and money, and at least in the German experience there was plenty of decent state enterprises for West Germany to (glibly) pillage from. People will handwave about North Korean resources, but even those are more or less accessible via China.
And on top of that at the end of the day Germany now has this bloc that votes "the wrong way" in all of its elections. Glib analysis though.
The German split was resolved 35 years ago and is still visible. How much time would a reunified Korea take to equalize itself? If you're a person who cares only about the economics of it all, how long do you think it would take for the payoff of unification to occur? Just seems quite long.
It's my understanding there were plenty of USSR nostalgics in the east given how long it took for the free market to "trickle down" and the east to catch up economically. They never did catch up all the way anyway.
Today the areas that were previous controlled by East Germany overwhelmingly vote for right wing parties though.
I believe the AfD political party in Germany won significant support in those areas of Germany that were once behind the Iron Curtain.
Yes, they won control of an entire state and almost won another.
People vote far right because they're fed up with the status quo, and perceive the far right can't be that much worse when everything is already so bad. Politicians who are not far right would do well to take this into account in their politics. Sadly, they don't, and history repeats.
Nearly every authoritarian country starts with people promising good things. A lot also start with rebels fighting against a group that led a massacre. They're underdog groups with popular support.
Then those underdogs take over. They become paranoid about the possibility of being killed themselves, so they repeat the massacres they fought against. A lot of people who supported the new regime think it's just a few remaining enemies being taken out. It won't happen to them. Then the government starts laying out methods to solidify their control. The list of things seen as traitorous and against national interests grows. It becomes a frog in a boiling pot situation. By the time people realize they might be a target, the system is too complicated and widespread to take down alone, and a new generation of youths have been raised knowing only the current system. And to those youths, things are stable. The most terrifying thing to people raised in stability is the idea of losing that stability. So keeping your head down and following the law is much better than absolutely anything else.
And with the absolute control of information that NK has, a significant portion of people really don't even know a better world exists out there. And they're terrified of anyone that even talks about shaking things up.
It looks like a liberal fantasy. The truth is that along the rivers that run on the border with China there are posts with machine gunners every 100 meters. Brainwashing is obviously nearly zero-effective, since they have to resort to machine guns.
Not limited to non-Western countries btw. We are also vulnerable.
For the first couple decades while it was ahead of South Korea economically (in large part due to support from China/USSR) it was not that bad but during that time the system of absolute control by the Kim family was setup and once it was up it is too late to really do anything due to how absolute/brutal the control is (you say anything wrong and you and your whole extended family end up in a prison/death camp)
Basically people are willing to put up with a lot if their lives are getting better (economic growth). Problem with that is what kind of system of control an authoritarian government can setup in that period of growth.
Empiricism in the face of a totalitarian regime is difficult.
Less of brain control, and more like slaughter of anyone who disagrees or rolls their eyes. Read accounts of those who escaped
It's funny to say that because we're living in a bubble too.
What's surprising about this? It's not dissimilar to how the US behaves towards their less than savory strategic allies (or, historically, towards dictatorships as long as they were US-aligned).
Not saying it should be surprising. Just trying to answer the question.
Exactly. It's the equivalent of something like western Five / Nine / Fourteen Eyes, that also share intelligence within the alliance.
I don’t see any smoking gun here that would prevent the PRC from denying its involvement in these hacking efforts.
I don't think Chinese support for NK has ever been a secret anymore than the the US support for South Korea has. And it's in China's backyardd so they've got way more of an excuse.
And if you think that doesn't matter, look at the Monroe Doctrine [1].
Taken further, the so-called Cuban Missile Crisis should really be called the Turkey Missile Crisis. The US (through NATO) placed Jupiter nuclear MRBMs in Turkey, only hunddreds of miles from Moscow. The USSR responded by doing the exact same thing, by placing nuclear weapons in Cuba. And the US almost started World War 3 over it.
It was the USSR who stepped back from the brink and, as a result of a secret agreement, the Jupiter MRBMs were quietly removed from Turkey [2].
[1]: https://en.wikipedia.org/wiki/Monroe_Doctrine
[2]: https://www.wilsoncenter.org/blog-post/jupiter-missiles-and-...
> The USSR responded by doing the exact same thing
This paints it as tit for tat, but to advert invasion the Cubans asked for the missiles over a year later than the missiles were placed in Turkey. The resolution combined these separate issues.
Why is this comment downvoted? You have the right to see China, USSR and NK as immoral regimes but there's nothing non-factual here.
The topic is cybercrime and espionage, not nuclear brinksmanship or colonialism. Whatever parallels can be drawn don't seem to be very relevant, so the comment comes off as an attempt to deflect criticism.
Maybe it wasn’t clear, but I think the comment is explaining the importance for superpowers of keeping their immediate surroundings politically aligned - china wants NK on their side for the same reason neither the US or the URSS wanted nukes on their doorstep.
It was still a fascinating aside, and it's not like HN stays on topic in a thread. I learned something today.
I do wonder what's the state of history education today when one only learns a basic history event today, and through a layman's forum post which is surely going to have all the complete perspective as opposed to setting out an explicit agenda.
> The topic is cybercrime and espionage, not nuclear brinksmanship or colonialism.
Those are all closely related topics in geopolitics.
You can’t separate colonialism and imperialism from Korea. As if any of us know what Korea would be doing if the west didn’t invade then sanction among other things.
North Korea invaded South Korea after US pressured South Korea to disarm. North Korea was the imperialist actor here.
The causality between missiles in Turkey causing the Cuban Missile Crisis is unsubstantiated by historical facts from the Soviets own perspectives.
It's more that Cuba requested nukes first, the USSR opportunistically took, then they to resolve the crisis they took that opportunity to remove Turkish missiles. It wasn't really a tit for tat on part of the USSR's intentions, Cuba was the primary agent here.
Not that it really mattered later on once ICBMs are developed.
From Khrushchev's own words (27 October 1962) [1]:
> Your missiles are located in Britain, are located in Italy, and are aimed against us. Your missiles are located in Turkey.
> You are disturbed over Cuba. You say that this disturbs you because it is 90 miles by sea from the coast of the United States of America. But Turkey adjoins us; our sentries patrol back and forth and see each other. Do you consider, then, that you have the right to demand security for your own country and the removal of the weapons you call offensive, but do not accord the same right to us? You have placed destructive missile weapons, which you call offensive, in Turkey, literally next to us. How then can recognition of our equal military capacities be reconciled with such unequal relations between our great states? This is irreconcilable.
According to General Boris Surikov [2]:
> 'Khrushchev and his Defence Minister, Rodion Malinovsky, were at Khrushchev's estate on the Black Sea. They went for a walk and Malinovsky pointed in the direction of Turkey and said: 'That's where the American rockets are pointing at us. They need only 10 minutes to reach our cities, but our rockets need 25 minutes to reach America.' Khrushchev thought for a while and then said: 'Why don't we instal our rockets in Cuba and point them at the Americans? Then we'll need only 10 minutes, too.'
This article goes on to quote the Soviet Ambassador to Cuba, Alexander Alexeyev, who was a direct witness and a go-between between Khrushchev and Castro:
> 'On 14 May 1962 I was called to a meeting of the Defence Council at the Kremlin. Khrushchev said, in effect: 'Comrades, I think it would be a good idea to instal rockets in Cuba. Do it clandestinely. I don't want it known in the US until November (after the mid-term Congressional elections). Alexander Alexeyev, how will Fidel react when we present him with our decision?'
[1]: https://microsites.jfklibrary.org/cmc/oct27/doc4.html
[2]: https://www.independent.co.uk/voices/the-cuban-missile-crisi...
>From Khrushchev's own words (27 October 1962):
That dosen't refute anything from his own words as a justification as opposed to his primary goal to provide Cuba with defence here to deter a US invasion. As others have pointed out, the USSR was annoyed by these placements in Italy and Turkey earlier, but they did not declare war or start a crisis over it beforehand. It's more that Turkey was a bargaining chip here.
>>Our aim has been and is to help Cuba, and no one can dispute the humanity of our motives, which are oriented toward enabling Cuba to live peacefully and develop in the way its people desire.
You need to place here in context that the Jupiter missiles in Turkey were already obselete but the US had the overwhelming advantage in a nuclear strike with their Atlas ICBMs in USA at the time, relying more on a fleet of intercontinental bombers that could targeted by NORAD.
Removing nukes for Turkey did little to change the strategic calculus, but it did heavily deprive the USSR of an opportunity to change that calculus with Cuban nukes at the time, which was a major factor in Kruschev's later removal from power.
Russia too after the public hand holding last week.
in intelligence and cybersecurity community this are well known fact
after all chinese is the first one that has official military cyber unit (first in the world)
north korean following suit for monetary reason and have as far as Property (Hotel etc) on china mainland to run the operation from there
as for china??? they basically have an "laundry" business that can take dollar from korea in trade of supplies
> Attribution Scenarios: Option A: DPRK Operator Embedded in PRC
> Use of Korean language, OCR targeting of Korean documents, and focus on GPKI systems strongly suggest North Korean origin.
I'm don't follow how needing OCR to read Korean documents points to them being North Korean?
Could also point in the opposite direction of them needing to copy the text for translation.
Their shell history shows them using OCR tools. AFAIK it doesn't show them using translation tools.
Actually KIM was also using Google Translate (discovered through his browsing history)
Fair, and appears I missed the first part "Use of Korean language".
The OCR still tells us more about the target than the actor, but I guess they are suggesting the choice of target itself is the indicator.
We believe KIM is Chinese but working for both Chinese and North Korean interests/governments, he speaks only very little Korean, he translates Korean websites into simplified Chinese using Google Translate and use OCR to translate Korean documents into Chinese.
Why everyone working with the government doesn't use hardware keys without passwords so that fishing is useless?
I know some people in the US government who definitely need a hardware key to access computing resources including email. They work for the Dept of the Interior on science stuff, nothing related to national security or otherwise sensitive info.
They mentioned this was a pain in the ass, and a very weird restriction since technically any member of the public can ask for a copy of their emails via FOIA.
sounds like the primary goal was better attestation
A lot of legacy tech doesn’t support hardware keys. Last government job I had still ran an old SVN server with unencrypted username/password auth (relying on the VPN for security).
Surely people can still phish for the user to insert their hardware key to approve something malicious?
What is phishing resistant MFA? - https://www.sans.org/blog/what-is-phishing-resistant-mfa
Hardware keys (unlike humans) usually check page URL and do not send the data stored by another domain.
Because hardware keys are so 2000 - we have apps now. With Play Protect Premium Enterprise to make sure the phone is secure. /s
> The leaked dataset attributed to the “Kim” operator offers a uniquely operational perspective into North Korean-aligned cyber operations.
It's puzzling why the NORC hackers didn't use a nearest neighbor hack rather than leaving a trail of bread crumbs all the way back to Pyongyang ;)
Sometimes sending a message is part of the point. And you still have plausible deniability anyway "it was a false flag booo".
The Russians do this a lot. This kind of attack that they want everyone to know they are being without telling you they are behind it and denying it in all colours.
That's a fairly detailed analysis of an APT workflow.
Now, non-APT actors, if they wanted to up their level of sophistication, might replicate some of these workflows for their own nefarious activities.
There's always a risk of openness creating copycats, but there's also the fact that informed decisions can now be made by people who need to mitigate against these malicious actors.
There's no way to only give the information to one group without the other group getting their hands on it.
There's levels between not sharing it with anybody, and dumping it up on the public web for everyone to see. There are private disclosure lists they could have used, if they wanted to.
So this is interesting from a technical perspective. Some of this infrastructure is used by pen testers and the likes, which just goes to show that there is no such thing as a defensive weapon. I'll let you ponder why that might be pertinent.
Unfortunately, it quickly turns into a discussion of how bad NK and China are and how China shouldn't support NK (because, again, they're bad).
I'll offer two words to expose the hypocrisy of this: Stuxnet, Pegasus.
interesting stuff but the china angle is a bit overstated with option A/B.
it could simply be the guy maintains presence there because he has access. NK has no public internet so he might simply enjoy internet access -_- rather than neccesarily be either pretending to be chinese or working for them...
This is some clickbait. At least to me. I've recently read an article that when Kim Jong Un takes dump he does it in a N.Korea secret service owned toilet that is being dragged always with him. Hence "Kim dump" sounds really... Physical...