My Talk at ETHCC[7]
North Korea Wages De Facto War on Everyone Here
On Monday I spoke at ETHCC[7] in the security track. You can watch the video here:
https://ethcc.io/archives/north-korea-wages-de-facto-war-on-everyone-here
It’s short, just twenty minutes long. Each slide could have been an hour talk.
One comment I got from multiple people was that I didn’t address intelligence agencies using North Korean TTPs.
This talk was intended for a generalist audience, and to help newcomers bootstrap into Web3 without getting rekt. It was not intended for a threat intel researcher audience ;-)
It is certainly true that other intel agencies steal crypto using North Korean TTPs to cover their tracks. But from a defender’s perspective, this does not alter the defensive task in any major way.
First, the majority of attacks using North Korean TTPs are North Korea. This is not a controversial statement. North Korea does in fact wage de facto war on crypto companies to steal crypto in order to advance their geopolitical objectives.
It is only because of this widespread hacking campaign that it is possible for the GRU, CIA, etc to slipstream behind DPRK in order to gain operational funds in a plausibly deniable way.
But plausible deniability also requires such nation-state actors to restrict their activities to the lower end of the hacking spectrum. If a major nation-state suddenly breaks out their good kit, then no one is going to believe the crypto theft was North Korea.
Now, we could niggle over pushing the envelope here. A really clever nation-state might take well-known North Korean TTPs and try to push the boundaries a tiny bit in order to increase their operational effectiveness.
But if they get caught, the jig is up, and they have lost plausible deniability.
So while the observation that other nation-state intel agencies use North Korean TTPs is true, it does not change the defender’s job in any significant way.
“Defending against North Korea” and “Defending against North Korean TTPs” have 99% overlap.
This is important, because the cost to defend against North Korea is just barely manageable by a private sector crypto company. The cost to defend against Russia or China is something only a Google or Amazon has the budget and staffing to do as a private company.
But watch the talk yourself, and let me know what you think in the comments.
https://ethcc.io/archive/North-Korea-Wages-De-Facto-War-on-Everyone-Here