https://www.washingtonpost.com/politics/2022/04/22/among-top-hacking-nations-north-koreas-weirdest/ Welcome to The Cybersecurity 202! Confidential to someone who's running the Brooklyn Marathon this weekend: You'll do fantastic! Below: Obama presses tech companies on disinformation in a rare post-presidential speech, and a former Wisconsin judge leading a partisan election review lobbed some wild and baseless accusations at election workers. North Korea punches well above its weight when it comes to hacking In the world of government-backed hackers, North Korea stands out for its sheer weirdness. Hackers there are more likely to steal cryptocurrency than to steal secret information from a rival government like their peers in other cyber-savvy nations. Much of the stolen money goes to fund the heavily sanctioned nation’s nuclear program and other government operations. Most recently, Pyongyang’s premier hacking gang, dubbed the Lazarus Group, has been making headlines because of its brazen theft of more than $600 million in cryptocurrency from the video game Axie Infinity — the latest in a string of major cryptocurrency thefts. But it gets weirder from there: While the biggest blockbuster hacks backed by Moscow and Beijing targeted U.S. government agencies and prominent international organizations, North Korea is best known for the 2014 hack of a movie studio — Sony Pictures Entertainment — to settle a score over an unflattering portrayal of its totalitarian leader Kim Jong Un. “In a word, they’re completely different,” Eric Chien, a fellow on Symantec’s Threat Hunter Team who’s closely studied the gang, told me. He described North Korea as more similar to the mafia or a criminal gang than a nation based on its actions in cyberspace. Mandiant vice president for threat intelligence John Hultquist told me it’s common to see criminals brought in as contractors and used to carry out espionage and other state-related activities among the “big four hacking nations," using a term that traditionally includes Russia, China, Iran and North Korea. “What separates North Korean activity is that they basically started as state actors and then became criminals,” Hultquist said. “They crossed the line into criminal activity and that takes up a lot of their effort now — straight up stealing for the state.” Even North Korea’s status as a top hacking nation is exceedingly strange. North Korea’s estimated gross domestic product is smaller than Montana’s. It lacks significant trade or political ties with much of the world. And the vast majority of its residents have no Internet access. Yet Pyongyang has been able to build a hacking army that rivals nearly any on the globe and is frequently spoken about in the same breath as global powerhouses like China and Russia. It was also one of the first nations to invest in hacking more than 15 years ago. In addition to the Sony hack and cryptocurrency thefts, North Korean hackers: Pummeled South Korean banks and TV stations in 2013 Nearly stole $1 billion from Bangladesh’s national bank (a typo in the computer code resulted in them getting away with only $81 million) “The lesson here is that cyber capabilities are an incredibly asymmetric tool,” Hultquist told me. “It’s allowed them to raise funds for their country, but it’s also allowed them to push others around.” Take the Sony hack as an example. The hackers leaked reams of embarrassing studio emails and unreleased films, throwing studio executives into a tailspin. Then the studio initially acceded to pressure to pull the movie that had launched the imbroglio from theaters — the Seth Rogen and James Franco buddy comedy “The Interview,” which plays Kim’s death for laughs. That decision was also spurred by threats of physical attacks on movie theaters. Soon after, the movie was released to stream on Netflix and other platforms. Given the risk of a similar hack, it’s unlikely such a movie would be made these days. “I doubt any movies about Kim Jong Un are getting greenlit anytime soon,” Hultquist said. North Korean hacking is weird in other ways too. Here's a rundown: Most North Korean hackers live outside the country, including in at least one “hacker hotel” in China. That’s partly because North Korean Internet connections are so limited that hacks originating from there could be more easily tracked and mitigated. Cybercrime is part of a larger universe of illicit activities that the hermit nation has turned to for revenue, including the manufacture and sale of illegal drugs. “They were always involved in this underground to make money. Now they’ve shifted heavily to cybercrime because it’s easy for them and the amount of money they can make is crazy,” Chien told me. Unlike government hackers in Russia and China, it’s exceedingly rare for researchers to catch North Korean hackers moonlighting after hours, conducting cybercrime for their own profit. “We’ve seen a couple of very minor cases, but that’s few and far between,” Chien said. He speculated North Korean hackers are far warier retribution if they step out of line and upset national leaders than their counterparts in other nations. The keys In rare public speech, Obama laments rise of disinformation Former president Barack Obama called for technology companies to “redesign” themselves to protect the public from disinformation, Elizabeth Dwoskin and Eugene Scott report. His address focused heavily on false claims that the 2020 election was stolen and that coronavirus vaccines aren’t trustworthy. “If we do nothing, I am convinced that the trends we are seeing will get worse,” Obama said, arguing that new technology can make disinformation more sophisticated. “Without some standards, the implications of this technology for our elections, for our legal system, for our democracy, for rules of evidence, for our entire social order are frightening and profound.” Meanwhile, European policymakers are preparing to unveil a wide-ranging legislative package that would also target disinformation. Under the Digital Services Act, regulators plan to include an emergency method of forcing major tech companies to reveal how they’re responding to covid-19 or Ukraine misinformation and disinformation, the Financial Times’s Javier Espinoza reports. “Search engines will also be captured by the new rule book, meaning companies such as Google will have to assess and mitigate risks when it comes to users spreading disinformation on its search platform,” he writes. The rules are expected to be unveiled as early as Friday.