Loading summary
Transcript94 lines
- [00:03]
Dina Temple Raston
From Recorded Future News and prx, this is. Click here.
- [00:13]
Michael Barnhart
I have two quotes in my life that have really, like, shook me.
- [00:16]
Dina Temple Raston
This is Michael Barnhart. He goes by Barney.
- [00:18]
Michael Barnhart
One was in 2013, a girl said I had skinny calves and I once a week think about that. I think about it every week and it bothers me. The second One is in FBI St. Louis. One of the guys there said North Korea has big plans for AI. I think about that every week too.
- [00:36]
Dina Temple Raston
Two quotes. One about cavs and the other about cyber warfare. The first one is funny, and the second one keeps him up at night. Because Barney is an insider risk investigator at a cybersecurity company called dtex, and his specialty is North Korea. Not the starving, flickering lights version from Cold War cartoons, but a new version, one that's learned to build a kind of cyber mafia operation.
- [01:03]
Michael Barnhart
North Korea is bred to be very criminal, like, in nature. Like, everything goes back to funding the regime. So, like, everything has this criminal aspect to fund themselves.
- [01:14]
Dina Temple Raston
Sanctions choked off legitimate commerce. So the regime adapted, turned hacking into industry. Built out supply chains, started thinking like a startup. And Barney, he was watching it all unfold in real time. Can you actually see them talking to each other?
- [01:31]
Michael Barnhart
Yeah, I'm watching all that stuff real time. We have an underground network of intel analysts and people that focus on this. We call them the misfits. We are a bunch of misfit toys.
- [01:43]
Dina Temple Raston
Like the toys from Rudolph, the ones even Santa forgot.
- [01:46]
David Soyun Baek
How do you like that? Even among misfits, you're misfits.
- [01:51]
Dina Temple Raston
They've been at it for nearly a decade.
- [01:53]
Michael Barnhart
It started off with a crew of about five, and then now you have group chats that are, you know, 50 people deep. They do it at work for their jobs. And then all the stuff that they can't do at their jobs, they then go home and then do their passion projects.
- [02:06]
Dina Temple Raston
They spot patterns, build reports.
- [02:08]
Michael Barnhart
We are as weird as the guys we tracked.
- [02:11]
Dina Temple Raston
Sometimes they post North Korean government hackers faces online.
- [02:15]
Michael Barnhart
So some of the guys, some of the misfit crew on Twitter started just posting pictures of their faces of North Korea government hackers.
- [02:23]
David Soyun Baek
Boom.
- [02:23]
Michael Barnhart
Here's your face, name and shame.
- [02:25]
Dina Temple Raston
And lately what they're tracking has changed. North Korean hackers are no longer working alone. They found a little helper, that thing that's been keeping Barney up at night, artificial intelligence.
- [02:38]
Michael Barnhart
And so we've been watching them build that out with the IT workers that are focused on AI jobs. They're learning how AI works. And this daily and K report comes out and it kind of like Confirms a lot of fears.
- [02:51]
Dina Temple Raston
Daily nk. It's an online news site covering the Hermit Kingdom, and it reported something new. It said that Kim Jong Un wasn't just deploying AI, he was institutionalizing it. He actually created a center dedicated to it, something North Korea is calling research center227. I'm Dina Temple Rouston, and this is Click Here, a podcast about all things cyber and intelligence. We tell true stories about the people making and breaking our digital world. And today, North Korea has embraced artificial intelligence, not to translate documents, not to streamline government, but to steal billions and fund its weapons program.
- [03:35]
Michael Barnhart
It's like, AI is good when it's on the good guy's hands. It's like, now you have the adversarial nation saying, this AI that we have is meant to develop our hacking operations. It also is nightmare fuel.
- [03:48]
Dina Temple Raston
Stay with us. Click Here is brought to you by Progressive Insurance. Do you ever think about switching insurance companies to see if you could save some cash? Progressive makes it easy to see if you could save when you bundle your home and auto policies. Try it@progressive.com Progressive Casualty Insurance Company and affiliates. Potential savings will vary. Not available in all states. ChatGPT. AI machines. Satellite engine ignition.
- [04:22]
Michael Barnhart
Click here and lift up.
- [04:28]
Dina Temple Raston
It's easy to dismiss North Korea as a foreign backwater, as a country where about half the population doesn't have electricity and basically no one has the Internet. But actually, that's kind of the reason why they produce such great hackers and why North Korea has become a cyber juggernaut.
- [04:46]
Michael Barnhart
They would go to these competitions in, like, the Netherlands, and they would be on the world stage, and they would, I mean, absolutely stomp the US And China. And it's like, wow, you know, like, how are they pulling this off? You know, they're supposed to be, you know, these guys that don't even have power. How are they just doing this?
- [05:02]
Dina Temple Raston
Their secret, it turns out, was something basic. Start young, train hard.
- [05:07]
David Soyun Baek
It begins in primary school. They are looking for kids who are gifted in math, science, logic, and even memory capacity.
- [05:15]
Dina Temple Raston
That's David Soyun Baek, a cybersecurity analyst in South Korea.
- [05:20]
David Soyun Baek
Those who stand out get funneled into elite middle high schools, where they receive intensified education and grooming for technical careers.
- [05:29]
Dina Temple Raston
And much in the same way that Russia or China might hand pick Olympic gymnasts at the age of three, North Korea grooms its brainiest youngsters to become hackers. In the dprk, there could be worse fates. Hackers live a life of relative privilege. They reside in guarded compounds with Reliable electricity, climate control, plenty of food, and, of course, the Internet.
- [05:53]
David Soyun Baek
These hackers are treated as elite.
- [05:58]
Dina Temple Raston
According to defector testimony collected by an NGO called Pscore, some 3,000 North Korean hackers are posted abroad at any one time. And David says they set up shop in countries like Russia, Laos, or China to begin testing their skills in the real world.
- [06:17]
David Soyun Baek
In these settings, they have access to tools and networks they simply would not have at home. North Korea can study how the Internet actually works in the free world. It gives them a real world training ground for developing more effective attacks.
- [06:33]
Dina Temple Raston
Meanwhile, their families back home are given perks. An apartment, better things to eat, which.
- [06:38]
David Soyun Baek
Might sound like a privilege, but it's also a leash. Those same families can effectively become hostages, which prevents these elite cyber warriors from defecting even if they wanted to.
- [06:52]
Dina Temple Raston
So the threat of punishment looms over every worker and his family.
- [06:56]
David Soyun Baek
There is a real pressure to stay loyal. So what you have is a system that produces technically capable, highly motivated individuals who are not only working for the regime, they're tightly bound to it, both by rewards and by fear.
- [07:13]
Dina Temple Raston
They're tightly bound, he says, by rewards and by fear. They're kept under constant surveillance. Teams of 10 to 30 people live crammed together in the same house. They're only allowed outside once or twice a week, and they're pushed to meet intense monthly quotas, 4,000 to $7,000 a month, of which they only see a very small fraction. Miss your target and your family could pay the price, or you could be sent home. And that pressure. David says that's one of the reasons North Korean hackers turned to AI in the first place.
- [07:50]
David Soyun Baek
It is changing how they work at a fundamental level. They are using AI not just to be smarter, but to work faster.
- [07:58]
Dina Temple Raston
Not just to be smarter, but to work faster. AI helps them scale and helps them make their scams more believable. Take, for instance, a story we reported on earlier this year about North Korean hackers who land IT jobs at American companies. They use tools like ChatGPT to write convincing cover letters and create fake identities. They use AI voice and face changers to look more convincing. In their interviews. To now, they've been largely relying on open source AI tools. But Barney, the cyber investigator we heard from earlier, says North Korea is preparing for the day when they might not have access to them anymore.
- [08:38]
Michael Barnhart
I mean, they're going to get cut off, they always are. So they're trying to get ready for whenever they are.
- [08:44]
Dina Temple Raston
And if you know anything about North Korea that checks out. Isolation isn't a glitch in their system. It is the system. Shut out, locked out, sanctioned into a corner. Which is precisely how they got into cyber warfare in the first place. When you can't buy power, you learn to steal it. So the idea that they'd just surrender their access to AI, let it go quietly, that was never in the cards. And sure enough, the regime didn't just brace for a cutoff, they built a workaround.
- [09:17]
Michael Barnhart
We start hearing about this unit that's.
- [09:19]
Dina Temple Raston
Part of the rgb, the Reconnaissance General Bureau. Think CIA meets NSA with a little KGB thrown in for good measure. And Barney says they handed unit 227 a chilling assignment. Build North Korea's own AI from scratch. Not just to keep pace, but to get ahead.
- [09:39]
Michael Barnhart
Unit 227, it's subordinate to the RGB, so also means in the pecking order, they're going to have the top creme de la creme of any recruit they want.
- [09:48]
Dina Temple Raston
The goal of unit 227, build a sovereign large language model. Something homegrown, something powerful, something like OpenAI's GPT or China's Deepseek. And when China unveiled its model, Deepseek, Silicon Valley didn't shrug, it scrambled. A new Chinese artificial intelligence tool is.
- [10:09]
Zach Edwards
Raising concerns from Silicon Valley to Wall Street. This morning it's called Talk about Deep Seq because it is mind blowing and it is shaking this entire industry to its core.
- [10:19]
Dina Temple Raston
The emergence of deep sea. North Korea seems to be aiming for the same kind of shockwave they've been.
- [10:24]
Michael Barnhart
Working on AI and we know that they want to build things internally, domestically, like all themselves. That's been the prize thing. The apts have been great. Crypto has been great. AI has been their, their prize position. Now that they have that, it's about to beef everything up.
- [10:38]
Dina Temple Raston
Crypto made them rich. Hacks made them feared. AI could make them unstoppable. That's when we come back. Stay with us.
- [10:51]
Cory Doctorow
How did the Internet go from this?
- [10:53]
Dina Temple Raston
You could actually find what you were looking for right away. Bang to this.
- [10:58]
Zach Edwards
I feel like I'm in hell.
- [10:59]
Cory Doctorow
Spoiler alert. It was not an accident. I'm Cory Doctorow, host of who Broke the Internet? From CBC's Understood. In this four part series, I'm going to tell you why the Internet sucks now, whose fault it is and my plan to fix it. Find who broke the Internet on whatever terrible app you get, your podcasts you're.
- [11:22]
Dina Temple Raston
Listening to, click here. I'm Dina Temple Raster. If you want to understand why North Korea's growing interest in artificial intelligence is more than just an academic concern. Start with the money. Start with the crypto heists.
- [11:42]
Sean Powers
You won't believe this. Bybit, the third largest crypto exchange, just got hacked for $1.4 billion worth of Ethereum.
- [11:49]
David Soyun Baek
It's by far the biggest crypto hack that we've ever seen. North Korea, who believe is behind this hack.
- [11:57]
Dina Temple Raston
Zach Edwards is a senior threat analyst at Silent Push, and he says this latest crypto heist was particularly alarming because no one is really sure where all that crypto went.
- [12:09]
Zach Edwards
We're just a couple months past a $1.4 billion heist of a cryptocurrency exchange, and approximately 30% of those funds have gone dark, basically meaning they can't be traced.
- [12:22]
Dina Temple Raston
Zach spends his days following money like this across exchanges, blockchains, aliases, and borders. And if you're wondering why North Korea's AI ambitions are keeping intelligence experts up at night, it's because they seem to have plenty of money to fund a secret homegrown AI project.
- [12:40]
Zach Edwards
We're looking at hundreds of millions of dollars from just one heist, and this is absolutely unsustainable. We cannot keep seeing that type of money pouring into North Korea, and it really should be considered a national security threat across all of the.
- [12:59]
Dina Temple Raston
Because this isn't just about greedy. It's about funding something else entirely, something far more dangerous. In April, Zach and his team watched that $1.4 billion ripple outward, and that digital crime scene began to shift into something more physical. North Korea was trying its hand at something new, creating legally incorporated companies.
- [13:23]
Zach Edwards
So they've created three fake companies, and two of them were legally registered in the United States. And so this really is crossing the Rubicon.
- [13:33]
Dina Temple Raston
These weren't just phishing scams or spoofed emails. This was infrastructure. North Korea wasn't pretending to be a business. It was becoming one. They registered official LLCs, limited liability companies with the US government, one in New York and another in Mexico. And now they're using these shell companies as a cover for North Korean IT workers so they can pose as remote employees working at these LLCs.
- [14:01]
Zach Edwards
We've never seen them go so far as to register their businesses, go through the checks, and basically use a fake Persona to do the whole thing.
- [14:12]
Dina Temple Raston
And here's the twist. Nothing flagged it. The filings were, quote, in compliance with state statute, which means legal, even though it's very much not legal, because under US Law, North Korea can't open businesses here. But that didn't stop them. They used AI generated faces, fake LinkedIn profiles, even medium articles. To build a digital smokescreen.
- [14:37]
Zach Edwards
And it sat there for months and months with them operating with these fake businesses before they were eventually caught.
- [14:45]
Dina Temple Raston
And they didn't stop there.
- [14:46]
Zach Edwards
They heavily use AI image generators. They are creating fake recruiter profiles, and it really requires having a real face on those profiles.
- [14:57]
Dina Temple Raston
Then came the job listings. Legit, looking slick, custom designed to lure in crypto developers. Imagine you're job hunting. You find a promising startup. You check their website, their bios, their mission. It all seems real. You apply, and then you go through.
- [15:16]
Zach Edwards
A series of survey questions. And then the final question is always, hey, record a video introduction. And when you click to record the video introduction, they show this error message. And they say, oops, there's been an.
- [15:29]
Dina Temple Raston
Error, but it doesn't work. A popup tells you there's a glitch, offers a fix.
- [15:35]
Zach Edwards
They say, copy this, and then open a console on your computer and paste it. And if you do that, you will have deployed malware onto your computer. We've seen this over and over and over again.
- [15:47]
Dina Temple Raston
But this isn't what keeps Zach and his colleagues up at night. That distinction belongs to Barney. You remember him, the guy with the skinny calves and a knack for spotting trouble before it makes the news. And he noticed that North Korea was crowing about this new project.
- [16:02]
Michael Barnhart
They started talking about how they have AI suicide drones, like, a few days after that first report on 227 came out.
- [16:10]
Dina Temple Raston
Yes, you heard that right. AI powered drones targeting and killing with minimal human input. And in a way, Barney wasn't that surprised. He'd seen little hints that something like this was in the offing last year.
- [16:26]
Michael Barnhart
I'm seeing them target drones. They're going after very specific Chinese lasers for drone detections. All that's happening last year in a very small time frame.
- [16:36]
Dina Temple Raston
What he saw wasn't speculation.
- [16:38]
Michael Barnhart
It was a schematic flash forward to, hey, we have suicide AI drones now. And I'm like, that's exactly what we saw them building out. We saw them getting the blueprints and all that stuff ready.
- [16:50]
Dina Temple Raston
So AI suicide drones aren't just a concern anymore. Barney says they may have already actually happened. Which means if there was a countdown for when North Korea would finally start using AI in a big way, it's already reaching zero.
- [17:07]
Michael Barnhart
This is not something that we can drag our feet on. And sooner rather than later, because now we have AI suicide drones. Now we have a $1.4 billion hack. This is all before they got advanced with their AI stuff.
- [17:20]
Dina Temple Raston
North Korea was dangerous before it had.
- [17:22]
Michael Barnhart
AI and Now, all these hacks that we've seen, it's now the tip of the iceberg because they were doing that without all this, we've now just dumped gasoline on top of all of it. If we don't start figuring out now about to be in a world of hurt.
- [17:39]
Dina Temple Raston
This is Click here if you're looking.
- [17:41]
David Soyun Baek
For a daily guide to cybersecurity news and policy, sign up for the Cyber Daily from Recorded Future News. It serves up the day's most interesting and important cyber stories from our sister publication the Record, and then aggregates all of the big cyber stories you might have missed from news outlets around the world. Just go to the Record Media and and click on Cyber Daily to get all you need to know about the world of cybersecurity right in your inbox.
- [18:09]
Dina Temple Raston
Here are some of the top cyber and intelligence stories from the past week, from global malware and drug rings brought down by the feds to the return of a tech visionary with a plan to replace your phone and a new owner for your DNA. It's Tuesday, May 27th. The U.S. department of justice took control of Lumm's Central Command, shutting down its marketplaces. Last week, federal agents made a move on a major player in the cybercrime, Luma, a piece of malware that quietly infected nearly 400,000 computers worldwide. Its job? Stealing your passwords, credit card numbers, even your crypto. And its appeal was simplicity, scale, and unbridled success. That is, until last week's takedown. Microsoft got a court order to wipe More than 2,000 websites tied to the malware, and then a rare display of international coordination. Authorities in Europe and Japan dismantled the rest of Luma's network. Rebuilding it won't be easy, but Microsoft says that the hackers will probably try.
- [19:16]
Michael Barnhart
This organization primarily sells methamphetamine, cocaine, and MDMA that they package here in Los Angeles at various different locations and then put into the U.S. postal system.
- [19:31]
Dina Temple Raston
That's how federal agents say the drugs moved. Last month, an FBI raid on an apartment in Los Angeles led to the takedown of what officials are calling one of the darknet's most prolific drug operations, a group known as Joy, Inc. It was just one part of this sweeping international sting called Operation Raptor, a coordinated law enforcement effort that spanned 10 countries, including the US and UK and South Korea. The goal? Disrupt fentanyl and opioid trafficking on the dark Web. And it worked. Federal agents say they made 270 arrests. They seized over $200 million in cash in cryptocurrency and more than 2 metric tons of drugs. Some 180 firearms were seized as well. The DOJ says it's their largest darknet drug takedown yet. But it didn't come out of nowhere. It was the result of years spent mapping how anonymous users moved drugs, guns and money across hidden marketplaces and in an entirely different corner of the Internet.
- [20:36]
Sean Powers
I think it is the coolest piece.
- [20:38]
Michael Barnhart
Of technology that the world will have ever seen.
- [20:41]
Dina Temple Raston
Jony I've the man who designed the iPhone is back, this time with OpenAI after two years, after years of quietly working together, OpenAI just bought I've's company, Lovefro for $6.5 billion. Their goal? To build something even more revolutionary than the iPhone. But they won't say exactly what it is, except to say that it might not have a screen and that it's meant to free us from our devices. They're planning to ship 100 million of them next year. We don't know what the new object is, but they say it will elevate humanity. And finally, we heard this morning from Regeneron that they did win the bid to acquire 23andMe, a company that once promised to unlock your ancestry just sold your genetic data. 23andMe, the once hyped DNA testing company, has gone bankrupt. And last week it was purchased by the pharmaceutical giant regenerin for $256 million. The price includes something more valuable than just the brand. It includes 15 million DNA profiles. Regeneron says it will use the data to develop new drugs and is pledging to follow privacy rules. Even so, the deal is raising alarms. Consumer groups warn that it's opening a new chapter on who controls our most personal data. The court will rule on the deal July 17. Until then, users can still delete their data.
- [22:22]
Sean Powers
Today's episode was written and produced by Megan Dietre, Zach Hirsch, Erica Gaeda, Dina Temple Raston, and the lead producer was me, Sean Powers. It was edited by Karen Duffin, Fact Checked by Darren Ankrum, and it contains original music by Ben Livingston. We have some other music from Blue Dot Sessions. Our staff writer is Lucas Riley, and our illustrator is Megan Gough. Martin Peralta and Jesse Niswonger are our sound designers and engineers. Click Here is a production of Recorded Future News and prx. Tune in on Friday for Mic Drop, which features our favorite episode of the week. We'll see you then.
- [23:10]
David Soyun Baek
Looking for more of the cybersecurity and intelligence coverage you get on Click Here, then check out our sister publication, the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London and Kyiv, among others, and you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to therecord Media.