As the world waits with bated breath to see how North Korea’s testing of intercontinental ballistic missiles will play out, the “Hermit Kingdom” has put online poker sites in its crosshairs.
In a report released on July 27 by the South Korean Financial Security Institute (FSI), internet security analysts revealed that online poker players have been targeted as part of North Korea’s government-authorized computer program.
A North Korean hacking collective known as Lazarus has previously been linked to several high-profile attacks, including the 2014 intrusion into Sony Pictures Entertainment, and the more recent globally-aimed “WannaCry” ransomware case.
But as the most recent FSI report details, Lazarus has spawned a pair of offshoot hacking groups known as Bluenoroff and Andariel. Per the report – which hasn’t yet been made public but was provided to major media outlets like the New York Times and Reuters – the Andariel group has transitioned from causing pure mayhem to the pursuit of monetary gain since at least May of 2016.
As the New York Times detailed, the FSI report links Andariel to a series of hacking attempts targeting debit and credit card data, from both ATMs and online gambling platforms:
“The report said the Andariel group had increasingly shifted from destructive attacks on computer networks to crimes like stealing bank-card data and using it to draw cash from bank customers’ accounts or selling the data on the black market.
The group also used malware to cheat at online poker and on other gambling websites.
‘Andariel is believed to focus on earning hard currency,” the report said.”
In text released from the actual FSI report, the South Korean cybersecurity agency offered the following description of the new hacking collectives:
“Bluenoroff and Andariel share their common root.
If Bluenoroff has attacked financial firms around the world, Andariel focuses on businesses and government agencies in South Korea using methods tailored for the country.”
The FSI was launched two years ago to bolster the existing investigative powers provided by South Korea’s top financial regulator, the Financial Services Commission (FSC), along with the Financial Supervisory Service (FSS).
While the shift from destructive attacks to outright theft is noticeable to North Korea experts, it’s nothing new. In an FSI report from July, the agency stated that North Korean hackers have been actively attempting to raise funds – presumably for the nation’s budding nuclear program”
“It’s a clear fact that these menacing groups are continuously preparing or attempting attacks on the financial sector.”
Online casinos, poker rooms, and sportsbooks are all prohibited under South Korea’s strict gambling laws, punishable for both operators and players. Even so, players there have little trouble using virtual private networks (VPNs) and other technological tricks to evade detection.
PokerStars and other major operators also actively market in the country, through live tournament series and other indirect advertisement.
In a Bloomberg report titled “How the World’s Biggest Cyberheist Was Laundered by a Baccarat Binge,” which was published August 3, a team of reporters outlines how North Korean hackers launder their ill-gotten gains through Chinese-controlled casinos in the Philippines and Macau.
The report details an attack from February of 2016, which managed to pilfer $81 million from a bank in Bangladesh:
“Security companies, including Symantec Corp. and BAE Systems Plc, say Lazarus hackers working for the rogue state were probably behind the attack.
They cite similarities between the methods used in the Bangladesh attack and those in other cases, such as the hack of Sony Pictures Entertainment Inc. in 2014, which U.S. officials attributed to North Korea.”
According to the report, the stolen funds were then diverted to Chinese nationals named Ding Zhize and Gao Shuhua. The partners were eventually caught, but not before laundering tens of millions of dollars through Manila’s Solaire casino by playing high-stakes baccarat for $20,000 per hand.