this post was submitted on 04 Apr 2024
123 points (91.8% liked)

Cybersecurity

5695 readers
194 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] cyborganism@lemmy.ca 72 points 7 months ago (2 children)

Vigilante hacker attacks foreign nation internet infrastructure on behalf of the U.S. without the U.S.'s consent and wants to encourage the U.S. to perform more similar cyber attacks, but witout the approval of the chain of command, without thinking of the repercussions on international relations.

I don't know, but this doesn't sond likea good idea.

[–] Trakata@lemmy.ca 20 points 7 months ago (4 children)

I don’t see the point in attacking North Korea when Lazarus et al are well known to do their digital wetwork via diaspora, so DDoS’ing a nation is effectively carpet bombing citizenry for government actions when you should be taking a scapular approach to threat actor countermeasures.

Seems like this person has anger blinders permanently affixed to their head and is only concerned with vamping up their own “hacker cred” to put weight behind selling their basic ass web vulnerability scanner.

Hard pass on both qomplex and punkspider.

[–] cyborganism@lemmy.ca 18 points 7 months ago (1 children)

Yeah good point on the anger glasses. He sounds like an agressive type of dude. Says he worked for Blackwater? The mercenaries company known for their crimes against humanity in Iraq, if I'm not mistaken? What normal person would want to work there?

[–] Trakata@lemmy.ca 11 points 7 months ago

Yep, blackwater (or whatever it’s named now) is a massive red flag and not the cred he thinks it is.

Erik Prince is the driving force behind those mercs, there’s a ton of quality information published about his misdeeds.

Top tier bastard imho

[–] mojofrododojo@lemmy.world 13 points 7 months ago (1 children)

DDoS’ing a nation is effectively carpet bombing citizenry for government actions when you should be taking a scapular approach to threat actor countermeasures.

my understanding is that the only NK citizens that have access to the actual internet is microscopic and concentrated in information warfare / scams.

[–] Trakata@lemmy.ca 3 points 7 months ago (1 children)

Thank you for the attribution.

[–] mojofrododojo@lemmy.world 2 points 7 months ago

I do love me some links to read after a nice pithy comment :D

[–] jaemo@sh.itjust.works 10 points 7 months ago (1 children)

Are you laboring under the false impression that the average citizens of North Korea have, forget regular, but ANY access to the internet? Carpet bombing doesn't work if you're already a ghost.

[–] Trakata@lemmy.ca 0 points 7 months ago (1 children)

…therefore you would be fine with this same action if it’s not NK?

The person in this article wants this same baseline cyber response to any countries attacking.

Look down the road where this decision takes everyone.

[–] jaemo@sh.itjust.works 3 points 7 months ago (1 children)

No. No I'm just calling out that this particular cyberattack was not as impactful to the everyman of North Korea as it would fit any other, more modernized country. Your point gains more validity the more networked a country is.

The article is paywalled. Did you read all of it? Does it specifically quote the author as saying "I want the same baseline response. Doesn't matter who I attack"? Because I didn't see that, but I didn't bother to bypass the paywall. If you did and it's in there, cool, guys a weirdo. If not, quit making up shit to fill out your narrative. You don't know any better than anyone else unless you asked him or are him.

[–] Trakata@lemmy.ca -4 points 7 months ago (1 children)

It was not paywalled when I read it all, so you can take your wrong ass half-baked opinions elsewhere.

[–] jaemo@sh.itjust.works 1 points 7 months ago (1 children)

I'll have you know I'm fully baked, and don't have any reason not to express myself here, so naturally, I'ma gonna.

[–] Trakata@lemmy.ca 1 points 7 months ago (1 children)

Okay, that was always allowed, but seems like you’re just thirsty for conversation now.

Are you good?

[–] jaemo@sh.itjust.works 1 points 7 months ago (1 children)

Well, bless your heart. I can remember when I used to mistake stuff like this as the want for people to talk with me; we're not so different after all.

[–] Trakata@lemmy.ca 1 points 7 months ago

My friend, I asked because I’m legitimately concerned about your mental health.

Do you need help?

[–] Riven@lemmy.dbzer0.com 8 points 7 months ago (2 children)

I generally agree with you but isn't the n Korean internet only used by the government and whatever rich people can afford it? I say fuck em.

[–] Trakata@lemmy.ca 8 points 7 months ago (3 children)

I’ve heard the same and I generally view that as propaganda since NK have been actively maintaining a Linux distro since 98 (Red Star OS) so it’s not like they’re total luddites, just under oppressive dictatorial control.

I personally can’t condone attacking random people based on geoloc for the actions of their dictator but I absolutely understand your point of view.

[–] zaph@sh.itjust.works 7 points 7 months ago (1 children)

Not trying to change your mind but if the general public has internet it's definitely just intranet. There's no way they're getting anything close to what we would recognize as the internet. Maybe I'm buying propaganda but I just can't fathom the possibility.

[–] Trakata@lemmy.ca 1 points 7 months ago

Heard.

All valid opinions, I won’t be visiting NK anytime soon to confirm for myself, but it’s a curious thought.

[–] mojofrododojo@lemmy.world 5 points 7 months ago (1 children)

they aren't random people, NK users of the internet have explicit ties to scams and hacking. The rest never get to access the WWW.

[–] Trakata@lemmy.ca -1 points 7 months ago (2 children)

You’re from North Korea to confirm this as fact?

[–] jaemo@sh.itjust.works 2 points 7 months ago

No more than you are to assert the opposite, sir.

[–] mojofrododojo@lemmy.world 2 points 7 months ago (1 children)
[–] Trakata@lemmy.ca 0 points 7 months ago

Read usernames and the rest of the thread, friend.

[–] Riven@lemmy.dbzer0.com 3 points 7 months ago* (last edited 7 months ago) (1 children)

I might need to go back and find sources but I could have sworn I read a thing that had Kim directly saying that it isn't allowed among the general populace because it's full of US propaganda. Same reason why jeans aren't allowed.

Edit: I want to clarify that I would prefer the general populace had the internet so they could more easily educate themselves but AFAIK they don't.

[–] Trakata@lemmy.ca 0 points 7 months ago

I believe you, no sources required; my personally held belief comes from a gut feeling and general distrust based on their historical movements.

Their M.O. has always been subversion and misdirection to make them appear stronger than they actually are, so you can’t take them at face value at all.

[–] AdrianTheFrog@lemmy.world 5 points 7 months ago (1 children)

Yes.

Internet access is available in North Korea, but is only permitted with special authorization. It is primarily used for government purposes, and also by foreigners ... Online services for most individuals and institutions are provided through a free domestic-only network known as Kwangmyong, with access to the global Internet limited to a much smaller group.

Wikipedia

[–] Trakata@lemmy.ca 0 points 7 months ago

Thank you for the attribution.

[–] tias@discuss.tchncs.de 9 points 7 months ago* (last edited 7 months ago) (2 children)

It sounds like a Hollywood movie. "Hacker tattoos"? Single person took on an entire country? I dunno, something about this is off, like it's too juicy of a story for Wired to scrutinize it properly and there's really more (or less) to the story.

[–] cyborganism@lemmy.ca 8 points 7 months ago

Yeah, especially since the NSA or FBI or CIA has never accepted the dude's methods. And he's the only one giving his own testimoy about all of this. It's weird.

[–] Socsa@sh.itjust.works 3 points 7 months ago

Are you saying you don't keep your pgp key tattooed on your face? How do people know if they are actually talking to you then?

[–] protozoan_ninja@sh.itjust.works 31 points 7 months ago (1 children)

Something tells me the last thing the world needs from a cybersecurity standpoint is a leaner, meaner Pentagon that can launch cyberattacks faster than they can assess the likely impact

[–] pastermil@sh.itjust.works 7 points 7 months ago (1 children)

You're saying it like they don't exist.

[–] protozoan_ninja@sh.itjust.works 14 points 7 months ago* (last edited 7 months ago) (1 children)

In the article it states the average lead time for a Pentagon-organized cyberattack is six months.

The main point of the article is that this guy is basically trying to push the Pentagon to be more like him, a guy who took personal offense when a North Korean hacker tried to drive-by hack him then took the entire country offline without first considering whether or not they might retaliate against an actual lone wolf attacker, or whether this is a rational response as an individual to the existence of organized nation-state attackers.

Basically, he's lucky the Pentagon took an interest in him. The article points out that the officials he shared his attack with were well aware the main reason they couldn't do something similar is literally just bureaucracy. He's not offering anything new on a technical level, he just wants the Pentagon to shoot from the hip more often and worry less about the consequences of their actions.

TBH, probably everybody in the world would prefer the slower, less aggressive Pentagon we have now rather than one that goes around picking fights with every nation-state and group that pisses it off for like, any reason.

[–] Trakata@lemmy.ca 9 points 7 months ago

100% agreed, the world doesn’t need a cyber pseudo-Kissinger heading offensive ops.

One was more than enough.

[–] mx_smith@lemmy.world 22 points 7 months ago (4 children)

“cybersecurity entrepreneur with hacker tattoos on both arms“ what’s a hacker tattoo? Your IP address? This article was really short on how he did it.

[–] sugar_in_your_tea@sh.itjust.works 18 points 7 months ago

Nah, the Kali Linux logo. Everyone knows using Kali makes you a hacker, and getting a kali tat gives you immediate hacker xp.

[–] kamenlady@lemmy.world 12 points 7 months ago

Everyone knows that hacker tattoos enable their wearer to be able to do sick hacks. The better the tattoo, the better the hacker skill.

[–] SpruceBringsteen@lemmy.world 12 points 7 months ago

Goatse qr code

[–] Scrappy@feddit.nl 3 points 7 months ago

There is a picture in the article. Its his previous handle and a what looks like a md5 hash along his entire left arm from hand to shoulder.

[–] CryptoKitten@sh.itjust.works 15 points 7 months ago

He took down all of it, like the whole three computers?

[–] burrito@sh.itjust.works 5 points 7 months ago

Their IP address range is hilariously small at 1024 addresses total (175.45.176.0/22). That's about one IP address for every 24,400 people.

[–] PrinceWith999Enemies@lemmy.world 4 points 7 months ago (1 children)

DPRK has a reputation for using assassination and kidnapping on foreign soil. It’s probably not as bad as taking on a Mexican drug cartel, organized crime, or Donald Trump, but it’s still something I’d probably want to keep on the DL.

[–] pop@lemmy.ml -2 points 7 months ago (1 children)

DPRK has a reputation for using assassination and kidnapping on foreign soil.

US has a history of that with a lot more deaths, so we should thank hackers who attack US infrastructure.

[–] PrinceWith999Enemies@lemmy.world 5 points 7 months ago

Do you just enjoy doing hot takes or trolling?

Nowhere did I imply that the DPRK’s practices justify the attack - that’s left to individuals to think about for themselves. I was saying that their tendency to engage in covert ops against individuals outside of their own borders means that, if I were the hacker, I wouldn’t want my name publicly known. The same goes for the US - even more so. I would expect that someone who managed to disable significant parts of the US internet infrastructure not to then immediately publish their identity.

[–] merthyr1831@lemmy.world 3 points 7 months ago

I'm sure this had absolutely no benefit beyond pissing off the few DPRK citizens who have intranet access. What a dick

[–] bizarrocullen@lemmy.world 1 points 7 months ago

Tiday, he's a healthy young man, next week he'll die of a sudden and mysterious heart attack.

[–] Vigilante@lemmy.today 0 points 7 months ago (2 children)

Wait north korea has internet ? Is it all used by kim lol ?

[–] Fiivemacs@lemmy.ca 10 points 7 months ago

North Korea has a lot...just none of the citizens can use or know about it.

[–] boyi@lemmy.sdf.org 4 points 7 months ago

how do you think they conducted their state-sponsored hacks then?