BadB
Professional
- Messages
- 1,675
- Reaction score
- 1,592
- Points
- 113
EVERYONE IS AFRAID OF THEM!
How did the first hackers appear and what does MIT have to do with it? What did hackers do in the USSR and how did they hack into large VAZ car factories? What hacker attacks caused a stir around the world? Who are Anonymous? Why does the hacker group Anonymous hack everyone and everything? Why are American intelligence agencies afraid of hackers from Russia? What did Russian hackers do that their PETYA virus was on everyone's lips? But who exactly is currently holding the title of "The most dangerous hackers in the world"? Therefore, today, on the CRYPTUS channel, you will find a new episode of SHIFROPUNK about the most recognizable and dangerous hacker groups, that cyber attacks can surprise everyone. We will tell you about Lazarus Group - this is one of the most dangerous groups from the DPRK, which hack not only government structures and large companies, but also hack crypto projects, including bridges and the recent hack of the Atomic Wallet crypto wallet. You will learn why hacker hacks concern you personally and no one is immune from cyber attacks, especially from the most terrible group Lazarus.
Contents:
Tell me, were there bad neighborhoods in your city? You know, those places that were whispered about in school, where there were dark rumors that if you went there once, you could run into big trouble. You could get mugged for your phone or cash, but some said that you might not come back from there at all. Maybe you, like me, even grew up in such a neighborhood and saw everything with your own eyes.
However, now, in 2023, when Elon Musk wants to provide the entire world with the Internet through space routers, and Apple is releasing gadgets like these, all this talk about bad neighborhoods has become nothing more than folklore with fairy-tale bogeymen who sat on maps, and wood goblins who shouted in the courtyards when drunk. In general, both we and the world around us are becoming modern. We are civilized, and we no longer have the same problems. However, even children know that bad neighborhoods still remain. They are just like paintings that became NFTs.
They were real and became digital. But the essence remained the same.
The dark sides of the Internet - the Darknet, the Deepweb and the Dark Web.
The Internet. Yes, there are safe areas here. For example, VKontakte. This is a city park, parents, kids, music. People gather here in groups. Yes, sometimes a crazy expeditionary can run out, and we will see something we did not really want.
But in general, it is quiet and peaceful here. Or, for example, the local pension club Odnoklassniki. It is also safe here. YouTube is also safe. Here you watch this video, and nothing threatens you. No one will do you harm. But go beyond these safe zones, and you will see that the picture is transformed. Russian, American, Japanese anonymous imageboards, FTP servers, marginal sites and circles of special interests.
These are all strange areas. But let's move on. The Deepweb. A place where the law begins to evaporate. And many sites here are simply blocked by censorship regulators. But this is not the very bottom. Dark Web. This is already a good area. More like ruins. Ruins of human morality. Weapons, documents, drugs, people - all this has its price here.
And it is sold here. SNAV videos or banned books - everything is laid out on the shelves. Is it dangerous? Is it dangerous to be here? Oh yeah, your parents probably wouldn't want you to walk here, but you don't walk, you're on YouTube, right? And what am I telling you, all these dark tales, pouring out horror stories about all sorts of deep internets, what is this strange analogy with the districts for? You see, everything is simple.
So that you, sipping juice in your digital neighborhood, understand that you are far from safe. Even the most seemingly harmless sites hide secrets and traps. You do not see them, although they are always in plain sight, and this is normal, because the hunter in the digital jungle counts on it. He acts on experience, he knows how people think and what they will do next, he has seen it many times, and today an unsuspecting victim goes about his usual business, makes a mistake and gets into trouble.
How did it all begin? The first computer at MIT and the first hackers.
Every story has a beginning and an end, ours begins half a century ago, in a place that is perfect for this - the Massachusetts Institute of Technology, aka MIT 1969 By the way, this year Linus Torvalds was born The same one who would create Linux in the future But for now, little Linus is still too young to do this An IBM 704 computer is already being brought to MIT.
Look at this beauty It takes up most of the room And can even perform 12 thousand additions per second and its cost is simply exorbitant. It is not surprising that IBM sold only 140 of them worldwide. Not everyone could afford such a toy.
But MIT would not be MIT if it did not have such powerful technology for those times. Is it any wonder that such a thing attracted the attention of young students? Of course, they did not have direct access to the new technology, so they had to sneak into the room with the computer while no one was looking. It was in this room that a community with its own code, its own ethics and its own ideals was formed. They were engaged in a detailed analysis of computer technologies and their subsequent improvements.
They did not have a name, but there was a meme word "2HACK", which meant "to hack or understand something". It became the basis for a new culture. In this room, within the walls of the American institute, the first hackers appeared. The word hacker makes us smile today. We imagine a schoolboy in an anonymous mask, threatening to find you by IP, because, according to him, he has already hacked the Pentagon more than once. By the way, popular culture draws us noir heroes, like in the TV series Mr. Robot, or funny eccentrics, like in Silicon Valley.
All these computer dudes are so different, but those who are difficult to call heroes end up in the news with enviable regularity. The fate of the first hackers from MIT has almost completely disappeared into history. They dispersed around the world and began to do their own thing. And along with them, as carriers of knowledge, more and more hackers appeared.
At the same time, more and more powerful computers were appearing in the world every year. Computing power grew and new opportunities appeared. And with opportunities came power. And with power, according to Uncle Ben, responsibility should appear. Here is what the hacker ethicist and cryptographer writer Steven Levy said about this in 1984. Hacker ethics states that every self-respecting hacker should improve the world with the help of his skills and new technologies.
It will be a perfect world. However, as history shows, even the most righteous ideology has an element that will distort, pervert and turn it into something completely different from the original idea. And this element, of course, is man. And it is he who will split the concept of hiking into two opposite parts. The so-called White Hats are ethical hackers who pursue good goals and the same intentions. And Black Hat – they are also crackers – hackers, blackmailers and other types of criminals who pursue their own gain and other eternal goals.
They are like yin and yang, like Jedi and Sith, and their confrontation will give life to a new wave of technological progress and a multi-billion dollar cybersecurity industry. Some protect, others break. And so on forever. But just as life does not like unambiguity, so here, in the best traditions of drama, the line between black and white is sometimes difficult to see.
And it is in such calculations of life that real stories are born.
Hackers in the USSR.
For example, the story of the first Russian, or rather Soviet hacker, a native of Kazakhstan, Murat Urtimbayev, a gifted specialist with bright prospects. In 1978, he worked at AvtoVAZ as a software engineer. He worked hard and diligently, with the bright hope of a promotion that the management promised him.
They promised, but did not give it. And then the disappointed Murat, being a skilled codewriter, wrote a "Logic Bomb", a program that violated the time logic of the conveyor, which put the enterprise in danger, and it was up to none other than Murat himself to save it. A great plan! But Murat failed to save anyone. Alas, the logic bomb went off ahead of time, and the plant suffered massive losses.
And Murat himself was exposed and sentenced to probation for hooliganism, because at that time there was no article for distributing malicious programs. It does not sound very large-scale, but there was one tricky moment in this case. Murat was not the only one and far from the first hacker at AvtoVAZ. Later it turned out that at this very plant for a very long time and effectively worked a group of hackers from among the employees, the so-called Elite, who sabotaged the conveyor, and then fixed the problem and went to the management to kill their bonuses, summer houses, cars and apartments.
In general, everything that the Soviet people loved so much. It is easy to imagine what happened to them later. The cases of the first Soviet hacker and the elite, although they caused a stir in society, were just a small spike in the field. Hacking has long spread around the world, and in the future, humanity will see hacks of the largest companies and government agencies.
And this entire video would not be enough to list every incident in which hackers were involved. Instead, it is better to provide numbers. The income from cybercrime worldwide in 2019 alone reached one and a half trillion dollars. To be clear, the combined income of Tesla, Facebook, Microsoft, Apple, Amazon and Walmart for the same year was 1.3 trillion dollars, that is, less than the income from cybercrime. Or here's another example. The capitalization of the entire cryptocurrency market today does not exceed one and a half trillion dollars.
I think now you can imagine the scale. And so that you can imagine what is happening even more clearly, I will briefly tell you about the most high-profile cases from the world of hacking.
The most high-profile hacker attacks.
From 2007 to 2014, the DarkHotel virus will be introduced into top hotels in Japan, China, Korea and Russia, and steal compromising information from the phones of everyone who connects to local Wi-Fi, including managers of top companies and politicians.
In the 2010s, scandalous data leaks from Twitter and iCloud will thunder, celebrities Avril Lavigne, Kim Kardashian, Scarlett Johansson and dozens of others will suffer. The infamous Jonathan James, at 15, will intercept official correspondence of the US Department of Defense for fun and then gain access to NASA's program code responsible for life support on the ISS.
All this resulted in damages of almost 2 million dollars. After he was exposed, the guy couldn't cope with the stress, and the only way out he found was to shoot himself. Then there's the legendary Kevin Mitnick, who hacked everything from his university days. He specialized in phones, data and software theft.
His specialty was that he wasn't just some genius hacker, but also a talented psychologist who could easily pretend to be someone he wasn't and make people believe it. In other words, he combined hacking computer systems and hacking human consciousness. Nowadays, this so-called hiking discipline would be called social engineering. Kevin was once even called the most dangerous hacker in the world. The damage from his attacks is estimated at tens of millions of dollars today, which doesn't fit with his current image.
This quiet guy writes books about the past and helps the American government and individual corporations with cybersecurity issues. But these were all specific people. However, the main feature of hacking is anonymity, so the faces of most hackers are simply unknown to us. Or they hide under the auspices of some groups.
Anonymous and Russian hackers.
For example, Anonymous. I'm sure you know about them, because they were the most famous group of the last decade, and their mask has become one of the symbols of the Internet. The
only thing that distinguishes these guys from all those I listed is that they do not work for money, because they consider themselves virtual justice, a kind of virtual Robin Hoods of virtual Sherwood. But they are also Internet stars, with their Twitter and YouTube channel. Block child pornography sites, harass Scientologists, leak secret government data that they believe is incriminating to the perpetrators, protect Internet pirates from copyright prosecution, and fight for the ecology of the Arctic plume.
This is all anonymous. And they don’t care who you are, the Russian government, an American Democrat, a Scotland Yard employee, or a manager of a major oil company. If you have something to do with it, they will gladly show it to the whole world. But perhaps the largest large-scale hack in history goes to none other than Russian hackers. At least, that’s what the American intelligence services think.
And, by the way, they have reasons to think so, because the virus was called Petya. It was an encryption virus that encoded important files on a computer and then extorted money for their decryption. But unlike its predecessors, it was distributed among large businesses around the world, large factories in Australia, cash registers in Ukraine, and even Rosneft. Petya's losses amounted to more than 10 billion dollars. And this is just one virus.
But these are all old tales and stories from the past. And what now, you ask? And I will answer you. Now everything has become really tough and there is no time for jokes. Just like a prank that got out of control. Right now, there is someone on the market who is much more dangerous and unprincipled than those we described above. Of course, they are talented and smart, they are technically savvy, but they have nothing in common with the nobility of an anonymous person.
Moreover, they are not afraid of retribution, because they are protected by an entire country. And the worst thing is that they are about to operate right now on the Internet. And their name is Lazarus Group.
The most dangerous hackers in the world are the Lazarus group from the DPRK.
North Korea. A lonely country that has been living in the gray fog of communism for almost a hundred years. The economy there is poor, because the country has been under the Iron Curtain for decades, and every test of some new missile results in another sanctions ban from the world community.
The country, though small, is home to 26 million people, and local production is extremely insufficient to feed them, and after all, communism still needs to be built on something. This is where things get very strange. Under the tacit approval of the North Korean party, the country is engaged in black exports.
Heroin, counterfeit resources, counterfeit dollars, all sorts of gloom, and, of course, cybercrime. Lazarus Group is a highly professional cyber army of about five thousand specialists who work under the wing of the secret services. They work hard for the benefit of the chuchya and the nuclear program. For the DPRK, Lazarus is a faceless hero who, with the help of hundreds of enemy banks and crypto exchanges, brings millions of dollars to the budget.
According to British intelligence, the income from the activities of Lazarus Group is estimated at 1 billion dollars, while the country's overall economic indicator is about 28 billion. I think it is clear that these guys play one of the key roles in the state treasury. What is so scary about them, you ask. And now I will gladly tell you a couple of, so to speak, cases involving the Lazaruses. 2014. The giant company Sony Pictures. They are just filming a comedy movie about two guys who go to North Korea to interview Kim Jong-un himself.
The film, by the way, is so-so. However, the Lazaruses perceive this regarding the Communist Party and defend the name of the leader in the following way. Gigabytes of leaked data, employee correspondence, leaked new films, 75% of the company's servers destroyed, blackmail of the CEO and his severed head on the splash screen for all company employees, apparently in the best traditions of the godfather. The result is that Sony cancels the release of the film, receives many lawsuits and suffers damages in the amount of 35 million dollars.
Soon, in 2016, an attack on the Central Bank of Bangladesh. There, Lazarus used phishing techniques and malware to gain access to the bank's systems and withdraw more than 80 million dollars. This case showed that even government institutions are no obstacle for Lazarus. Next, the attack is over there. 2017. A viral e-mail campaign encrypts data from three hundred thousand computers around the world and demands a ransom.
Large companies and even the supergiant Microsoft suffered. A funny fact. Well, not so funny, but nevertheless. The DPRK sent this virus even to those countries with which they supposedly have warm relations, like China and Russia. Of course, there are no ends to be found, but this precedent shows that for Lazarus specifically, there is no such thing as friendly countries. In general, they have no borders. And if you are not particularly scared, cryptan, you think that this will not affect you, then I ask you not to rush to conclusions.
How did Lazarus hack crypto projects?
After all, the crypto industry is a separate topic for Lazarus. The most delicious morsel for them, and, in principle, for all hackers in general, are cross-chain bridges. Well, if you are suddenly far from the crypto-theme and just came to watch a cool video about hackers, then let me explain in a few words what it is. A cross-chain bridge is a thing that is needed to connect one blockchain to another. Well, just like an ordinary human bridge that connects one bank of a river to another. Only instead of banks, there are two different blockchains.
That's all. However, bridges are a delicate thing. They appeared recently, and therefore they very often have all sorts of critical vulnerabilities. And as long as this happens, hackers will flock to them like bees to honey. And Lazarus is no exception. Last year, they attacked the Ronin bridge from the game Axi Infinity. And squeezed out 650 million dollars. But a few months later, they did the same thing, but with Harmony users.
Horizon Bridge for another $100 million. Total $750 million purely on bridges. And after several more successful attacks, this happens. June 23, almost a month ago, they hacked the hot wallet Atomic Wallet for $35 million. Yes, this is not a bridge. Yes, half of the funds were stolen from only five wallets. But all these facts lead to only one frightening thought. We are living at the peak of Lazarus activity, and this is really scary.
And if now you think that yes, everything is scary and dangerous, but not that much, then you are right, because everything is much, much scarier and more dangerous. After all, Lazarus is only part of the overall picture of the cybercrime market. No matter what the founders, manufacturers, influencers and other talking heads tell you, everything in the crypto world can be hacked. In 2022, the industry experienced a record number of various attacks, approximately $3.5 billion.
And in 2023, our year, this figure will not decrease, because the total amount of crypto exploits in the first three months of this year alone was $1.2 billion. This means that we can successfully approach the estimate of $5 billion in damage, and this is only from cyber attacks. Hackers, of course, already have their own established ecosystem of four consecutive castes. The first are information collectors who systematize huge arrays of data into tables.
Next come analysts. They turn these very tables into vulnerabilities with the help of bots and scripts. The third are the hackers we are familiar with, who carry out attacks on these very vulnerabilities. But the launderers complete this entire cycle. They withstand the stolen funds, sometimes even for up to three years, and then move them to crypto mixers, after which there are no traces to be found. Dozens of top crypto exchanges – Binance, Kucoin, Mt. Gox, top projects like Solana and Arbitrum, bridges, Metamask wallets and even the most reliable of all cold wallets, Ledger.
All of them were victims, or were under attack. Well, to be more precise, everything on the Internet is under attack. And that’s alarming. But since we’re on the subject, let’s raise our alarm to the limit. The crypto industry is just one tasty morsel for hackers on the counter of our huge digital candy store called the Internet. To
put it bluntly, every aspect of your daily life is a potential treat for a hacker.
Hacker attacks can affect you personally.
Lazarus is far from the only hacker group controlled by the secret services. There are similar ones in almost every country, but they can often get out of their control. Anonymous, Sandworm, Lazarus Group, APT28, DarkSide and thousands of other groups attack various sectors of our digital everyday life every day.
Did you guess that only half of the cities in the US have such a budget item as cybersecurity? Yes, municipalities simply don't care about this, unlike global corporations with fat budgets. And this, in turn, unties the hands of hackers in the field of hacking, data management and social engineering. They can encrypt data and blackmail municipalities of some government services.
They can delay and disrupt the work of local airports, they can change the composition of water at substations and blackmail with mass poisoning. They can even hack your smartphone and leak your childhood, well, or not so childhood, photos to all your classmates, fellow students and colleagues. They can send letters from government addresses and download your bank card details through links. And I'm not dramatizing, and I'm not even engaged in jaundice. I'm only talking about what has already happened.
Well, what will happen next, we have yet to find out. Yes, security systems are improving, but, as I said, they will always have an error called "human". This is the main postulate of social engineering - the most effective and sophisticated method of hiking today. Hiking these days is not only working with code and exploits. It is a combination of various penetration techniques and obtaining any kind of information. Including the notorious social engineering.
But why is social engineering so important? Because our brain is essentially a biocomputer with various operating systems, firmware, drivers, and, of course, bugs. It is these bugs that hackers use when they fail to hack the system in the traditional way. And at the moment, there is only one main way to protect yourself and protect your information from social engineering, which we will generously share.
In fact, you don’t need guides, because there is only one basic piece of advice – be attentive and develop critical thinking, because your info is hackers’ money. The crypto industry is still in its infancy and is developing. It is still the Wild West with bandits, drunk sheriffs and cameras that await you at every step.
It doesn’t matter where you keep your funds – on the exchange, in a hot or cold wallet, in your bank or in a five-liter jar – they can all be stolen. Even the safest storage methods cannot guarantee absolute security, especially if you have become a target for hackers for some reason. Hacking technologies, by the way, are also keeping up with the development of cybersecurity, which means the danger will not go away.
Moreover, those who worked as a cybersecurity specialist will be inspired by the figures of some shadow earnings and can go to the dark side in a second, because they are only people. History shows that no one is immune to vulnerabilities and cyber attacks in a world where antiviruses are created by the same people who create the viruses themselves. And the most mysterious thing in this story is the hackers themselves. It will hardly be possible for us to find out the identity of any of the Lazarus, and why, what can you do to them, they are in another city, in North Korea, so neither the police, nor the special forces, nor the National Guard will help you, the guilty will remain unpunished, and even get a bonus.
However, despite all the risks and challenges, you should not panic, because these are the costs of technical progress, for which you have to pay. As I already said, it is important to remain vigilant, because a scammer in Telegram, who offers to exchange cryptocurrency, is also a kind of social engineer, like a two-meter big guy with a soldering iron, who came for your sit-phrase. Traditionally, I do not draw conclusions, you will draw them yourself. Think and answer the question. Who are hackers?
Criminals hidden in the darkness of the Internet? People who want to make a living at any cost? Creators of a better world who have strayed from the righteous path, or simply a bug in technical progress. And we will see each other again. Soon. Bye.
How did the first hackers appear and what does MIT have to do with it? What did hackers do in the USSR and how did they hack into large VAZ car factories? What hacker attacks caused a stir around the world? Who are Anonymous? Why does the hacker group Anonymous hack everyone and everything? Why are American intelligence agencies afraid of hackers from Russia? What did Russian hackers do that their PETYA virus was on everyone's lips? But who exactly is currently holding the title of "The most dangerous hackers in the world"? Therefore, today, on the CRYPTUS channel, you will find a new episode of SHIFROPUNK about the most recognizable and dangerous hacker groups, that cyber attacks can surprise everyone. We will tell you about Lazarus Group - this is one of the most dangerous groups from the DPRK, which hack not only government structures and large companies, but also hack crypto projects, including bridges and the recent hack of the Atomic Wallet crypto wallet. You will learn why hacker hacks concern you personally and no one is immune from cyber attacks, especially from the most terrible group Lazarus.
Contents:
- Dark Sides of the Internet - Darknet, Deepweb and Darkweb
- How it all began? The first computer at MIT and the first hackers
- Hackers in the USSR
- The most high-profile hacker attacks
- Anonymous and Russian Hackers
- The World's Most Dangerous Hackers - Lazarus Group from North Korea
- How did Lazarus hack crypto projects?
- Hacker attacks may affect you personally
Tell me, were there bad neighborhoods in your city? You know, those places that were whispered about in school, where there were dark rumors that if you went there once, you could run into big trouble. You could get mugged for your phone or cash, but some said that you might not come back from there at all. Maybe you, like me, even grew up in such a neighborhood and saw everything with your own eyes.
However, now, in 2023, when Elon Musk wants to provide the entire world with the Internet through space routers, and Apple is releasing gadgets like these, all this talk about bad neighborhoods has become nothing more than folklore with fairy-tale bogeymen who sat on maps, and wood goblins who shouted in the courtyards when drunk. In general, both we and the world around us are becoming modern. We are civilized, and we no longer have the same problems. However, even children know that bad neighborhoods still remain. They are just like paintings that became NFTs.
They were real and became digital. But the essence remained the same.
The dark sides of the Internet - the Darknet, the Deepweb and the Dark Web.
The Internet. Yes, there are safe areas here. For example, VKontakte. This is a city park, parents, kids, music. People gather here in groups. Yes, sometimes a crazy expeditionary can run out, and we will see something we did not really want.
But in general, it is quiet and peaceful here. Or, for example, the local pension club Odnoklassniki. It is also safe here. YouTube is also safe. Here you watch this video, and nothing threatens you. No one will do you harm. But go beyond these safe zones, and you will see that the picture is transformed. Russian, American, Japanese anonymous imageboards, FTP servers, marginal sites and circles of special interests.
These are all strange areas. But let's move on. The Deepweb. A place where the law begins to evaporate. And many sites here are simply blocked by censorship regulators. But this is not the very bottom. Dark Web. This is already a good area. More like ruins. Ruins of human morality. Weapons, documents, drugs, people - all this has its price here.
And it is sold here. SNAV videos or banned books - everything is laid out on the shelves. Is it dangerous? Is it dangerous to be here? Oh yeah, your parents probably wouldn't want you to walk here, but you don't walk, you're on YouTube, right? And what am I telling you, all these dark tales, pouring out horror stories about all sorts of deep internets, what is this strange analogy with the districts for? You see, everything is simple.
So that you, sipping juice in your digital neighborhood, understand that you are far from safe. Even the most seemingly harmless sites hide secrets and traps. You do not see them, although they are always in plain sight, and this is normal, because the hunter in the digital jungle counts on it. He acts on experience, he knows how people think and what they will do next, he has seen it many times, and today an unsuspecting victim goes about his usual business, makes a mistake and gets into trouble.
How did it all begin? The first computer at MIT and the first hackers.
Every story has a beginning and an end, ours begins half a century ago, in a place that is perfect for this - the Massachusetts Institute of Technology, aka MIT 1969 By the way, this year Linus Torvalds was born The same one who would create Linux in the future But for now, little Linus is still too young to do this An IBM 704 computer is already being brought to MIT.
Look at this beauty It takes up most of the room And can even perform 12 thousand additions per second and its cost is simply exorbitant. It is not surprising that IBM sold only 140 of them worldwide. Not everyone could afford such a toy.
But MIT would not be MIT if it did not have such powerful technology for those times. Is it any wonder that such a thing attracted the attention of young students? Of course, they did not have direct access to the new technology, so they had to sneak into the room with the computer while no one was looking. It was in this room that a community with its own code, its own ethics and its own ideals was formed. They were engaged in a detailed analysis of computer technologies and their subsequent improvements.
They did not have a name, but there was a meme word "2HACK", which meant "to hack or understand something". It became the basis for a new culture. In this room, within the walls of the American institute, the first hackers appeared. The word hacker makes us smile today. We imagine a schoolboy in an anonymous mask, threatening to find you by IP, because, according to him, he has already hacked the Pentagon more than once. By the way, popular culture draws us noir heroes, like in the TV series Mr. Robot, or funny eccentrics, like in Silicon Valley.
All these computer dudes are so different, but those who are difficult to call heroes end up in the news with enviable regularity. The fate of the first hackers from MIT has almost completely disappeared into history. They dispersed around the world and began to do their own thing. And along with them, as carriers of knowledge, more and more hackers appeared.
At the same time, more and more powerful computers were appearing in the world every year. Computing power grew and new opportunities appeared. And with opportunities came power. And with power, according to Uncle Ben, responsibility should appear. Here is what the hacker ethicist and cryptographer writer Steven Levy said about this in 1984. Hacker ethics states that every self-respecting hacker should improve the world with the help of his skills and new technologies.
It will be a perfect world. However, as history shows, even the most righteous ideology has an element that will distort, pervert and turn it into something completely different from the original idea. And this element, of course, is man. And it is he who will split the concept of hiking into two opposite parts. The so-called White Hats are ethical hackers who pursue good goals and the same intentions. And Black Hat – they are also crackers – hackers, blackmailers and other types of criminals who pursue their own gain and other eternal goals.
They are like yin and yang, like Jedi and Sith, and their confrontation will give life to a new wave of technological progress and a multi-billion dollar cybersecurity industry. Some protect, others break. And so on forever. But just as life does not like unambiguity, so here, in the best traditions of drama, the line between black and white is sometimes difficult to see.
And it is in such calculations of life that real stories are born.
Hackers in the USSR.
For example, the story of the first Russian, or rather Soviet hacker, a native of Kazakhstan, Murat Urtimbayev, a gifted specialist with bright prospects. In 1978, he worked at AvtoVAZ as a software engineer. He worked hard and diligently, with the bright hope of a promotion that the management promised him.
They promised, but did not give it. And then the disappointed Murat, being a skilled codewriter, wrote a "Logic Bomb", a program that violated the time logic of the conveyor, which put the enterprise in danger, and it was up to none other than Murat himself to save it. A great plan! But Murat failed to save anyone. Alas, the logic bomb went off ahead of time, and the plant suffered massive losses.
And Murat himself was exposed and sentenced to probation for hooliganism, because at that time there was no article for distributing malicious programs. It does not sound very large-scale, but there was one tricky moment in this case. Murat was not the only one and far from the first hacker at AvtoVAZ. Later it turned out that at this very plant for a very long time and effectively worked a group of hackers from among the employees, the so-called Elite, who sabotaged the conveyor, and then fixed the problem and went to the management to kill their bonuses, summer houses, cars and apartments.
In general, everything that the Soviet people loved so much. It is easy to imagine what happened to them later. The cases of the first Soviet hacker and the elite, although they caused a stir in society, were just a small spike in the field. Hacking has long spread around the world, and in the future, humanity will see hacks of the largest companies and government agencies.
And this entire video would not be enough to list every incident in which hackers were involved. Instead, it is better to provide numbers. The income from cybercrime worldwide in 2019 alone reached one and a half trillion dollars. To be clear, the combined income of Tesla, Facebook, Microsoft, Apple, Amazon and Walmart for the same year was 1.3 trillion dollars, that is, less than the income from cybercrime. Or here's another example. The capitalization of the entire cryptocurrency market today does not exceed one and a half trillion dollars.
I think now you can imagine the scale. And so that you can imagine what is happening even more clearly, I will briefly tell you about the most high-profile cases from the world of hacking.
The most high-profile hacker attacks.
From 2007 to 2014, the DarkHotel virus will be introduced into top hotels in Japan, China, Korea and Russia, and steal compromising information from the phones of everyone who connects to local Wi-Fi, including managers of top companies and politicians.
In the 2010s, scandalous data leaks from Twitter and iCloud will thunder, celebrities Avril Lavigne, Kim Kardashian, Scarlett Johansson and dozens of others will suffer. The infamous Jonathan James, at 15, will intercept official correspondence of the US Department of Defense for fun and then gain access to NASA's program code responsible for life support on the ISS.
All this resulted in damages of almost 2 million dollars. After he was exposed, the guy couldn't cope with the stress, and the only way out he found was to shoot himself. Then there's the legendary Kevin Mitnick, who hacked everything from his university days. He specialized in phones, data and software theft.
His specialty was that he wasn't just some genius hacker, but also a talented psychologist who could easily pretend to be someone he wasn't and make people believe it. In other words, he combined hacking computer systems and hacking human consciousness. Nowadays, this so-called hiking discipline would be called social engineering. Kevin was once even called the most dangerous hacker in the world. The damage from his attacks is estimated at tens of millions of dollars today, which doesn't fit with his current image.
This quiet guy writes books about the past and helps the American government and individual corporations with cybersecurity issues. But these were all specific people. However, the main feature of hacking is anonymity, so the faces of most hackers are simply unknown to us. Or they hide under the auspices of some groups.
Anonymous and Russian hackers.
For example, Anonymous. I'm sure you know about them, because they were the most famous group of the last decade, and their mask has become one of the symbols of the Internet. The
only thing that distinguishes these guys from all those I listed is that they do not work for money, because they consider themselves virtual justice, a kind of virtual Robin Hoods of virtual Sherwood. But they are also Internet stars, with their Twitter and YouTube channel. Block child pornography sites, harass Scientologists, leak secret government data that they believe is incriminating to the perpetrators, protect Internet pirates from copyright prosecution, and fight for the ecology of the Arctic plume.
This is all anonymous. And they don’t care who you are, the Russian government, an American Democrat, a Scotland Yard employee, or a manager of a major oil company. If you have something to do with it, they will gladly show it to the whole world. But perhaps the largest large-scale hack in history goes to none other than Russian hackers. At least, that’s what the American intelligence services think.
And, by the way, they have reasons to think so, because the virus was called Petya. It was an encryption virus that encoded important files on a computer and then extorted money for their decryption. But unlike its predecessors, it was distributed among large businesses around the world, large factories in Australia, cash registers in Ukraine, and even Rosneft. Petya's losses amounted to more than 10 billion dollars. And this is just one virus.
But these are all old tales and stories from the past. And what now, you ask? And I will answer you. Now everything has become really tough and there is no time for jokes. Just like a prank that got out of control. Right now, there is someone on the market who is much more dangerous and unprincipled than those we described above. Of course, they are talented and smart, they are technically savvy, but they have nothing in common with the nobility of an anonymous person.
Moreover, they are not afraid of retribution, because they are protected by an entire country. And the worst thing is that they are about to operate right now on the Internet. And their name is Lazarus Group.
The most dangerous hackers in the world are the Lazarus group from the DPRK.
North Korea. A lonely country that has been living in the gray fog of communism for almost a hundred years. The economy there is poor, because the country has been under the Iron Curtain for decades, and every test of some new missile results in another sanctions ban from the world community.
The country, though small, is home to 26 million people, and local production is extremely insufficient to feed them, and after all, communism still needs to be built on something. This is where things get very strange. Under the tacit approval of the North Korean party, the country is engaged in black exports.
Heroin, counterfeit resources, counterfeit dollars, all sorts of gloom, and, of course, cybercrime. Lazarus Group is a highly professional cyber army of about five thousand specialists who work under the wing of the secret services. They work hard for the benefit of the chuchya and the nuclear program. For the DPRK, Lazarus is a faceless hero who, with the help of hundreds of enemy banks and crypto exchanges, brings millions of dollars to the budget.
According to British intelligence, the income from the activities of Lazarus Group is estimated at 1 billion dollars, while the country's overall economic indicator is about 28 billion. I think it is clear that these guys play one of the key roles in the state treasury. What is so scary about them, you ask. And now I will gladly tell you a couple of, so to speak, cases involving the Lazaruses. 2014. The giant company Sony Pictures. They are just filming a comedy movie about two guys who go to North Korea to interview Kim Jong-un himself.
The film, by the way, is so-so. However, the Lazaruses perceive this regarding the Communist Party and defend the name of the leader in the following way. Gigabytes of leaked data, employee correspondence, leaked new films, 75% of the company's servers destroyed, blackmail of the CEO and his severed head on the splash screen for all company employees, apparently in the best traditions of the godfather. The result is that Sony cancels the release of the film, receives many lawsuits and suffers damages in the amount of 35 million dollars.
Soon, in 2016, an attack on the Central Bank of Bangladesh. There, Lazarus used phishing techniques and malware to gain access to the bank's systems and withdraw more than 80 million dollars. This case showed that even government institutions are no obstacle for Lazarus. Next, the attack is over there. 2017. A viral e-mail campaign encrypts data from three hundred thousand computers around the world and demands a ransom.
Large companies and even the supergiant Microsoft suffered. A funny fact. Well, not so funny, but nevertheless. The DPRK sent this virus even to those countries with which they supposedly have warm relations, like China and Russia. Of course, there are no ends to be found, but this precedent shows that for Lazarus specifically, there is no such thing as friendly countries. In general, they have no borders. And if you are not particularly scared, cryptan, you think that this will not affect you, then I ask you not to rush to conclusions.
How did Lazarus hack crypto projects?
After all, the crypto industry is a separate topic for Lazarus. The most delicious morsel for them, and, in principle, for all hackers in general, are cross-chain bridges. Well, if you are suddenly far from the crypto-theme and just came to watch a cool video about hackers, then let me explain in a few words what it is. A cross-chain bridge is a thing that is needed to connect one blockchain to another. Well, just like an ordinary human bridge that connects one bank of a river to another. Only instead of banks, there are two different blockchains.
That's all. However, bridges are a delicate thing. They appeared recently, and therefore they very often have all sorts of critical vulnerabilities. And as long as this happens, hackers will flock to them like bees to honey. And Lazarus is no exception. Last year, they attacked the Ronin bridge from the game Axi Infinity. And squeezed out 650 million dollars. But a few months later, they did the same thing, but with Harmony users.
Horizon Bridge for another $100 million. Total $750 million purely on bridges. And after several more successful attacks, this happens. June 23, almost a month ago, they hacked the hot wallet Atomic Wallet for $35 million. Yes, this is not a bridge. Yes, half of the funds were stolen from only five wallets. But all these facts lead to only one frightening thought. We are living at the peak of Lazarus activity, and this is really scary.
And if now you think that yes, everything is scary and dangerous, but not that much, then you are right, because everything is much, much scarier and more dangerous. After all, Lazarus is only part of the overall picture of the cybercrime market. No matter what the founders, manufacturers, influencers and other talking heads tell you, everything in the crypto world can be hacked. In 2022, the industry experienced a record number of various attacks, approximately $3.5 billion.
And in 2023, our year, this figure will not decrease, because the total amount of crypto exploits in the first three months of this year alone was $1.2 billion. This means that we can successfully approach the estimate of $5 billion in damage, and this is only from cyber attacks. Hackers, of course, already have their own established ecosystem of four consecutive castes. The first are information collectors who systematize huge arrays of data into tables.
Next come analysts. They turn these very tables into vulnerabilities with the help of bots and scripts. The third are the hackers we are familiar with, who carry out attacks on these very vulnerabilities. But the launderers complete this entire cycle. They withstand the stolen funds, sometimes even for up to three years, and then move them to crypto mixers, after which there are no traces to be found. Dozens of top crypto exchanges – Binance, Kucoin, Mt. Gox, top projects like Solana and Arbitrum, bridges, Metamask wallets and even the most reliable of all cold wallets, Ledger.
All of them were victims, or were under attack. Well, to be more precise, everything on the Internet is under attack. And that’s alarming. But since we’re on the subject, let’s raise our alarm to the limit. The crypto industry is just one tasty morsel for hackers on the counter of our huge digital candy store called the Internet. To
put it bluntly, every aspect of your daily life is a potential treat for a hacker.
Hacker attacks can affect you personally.
Lazarus is far from the only hacker group controlled by the secret services. There are similar ones in almost every country, but they can often get out of their control. Anonymous, Sandworm, Lazarus Group, APT28, DarkSide and thousands of other groups attack various sectors of our digital everyday life every day.
Did you guess that only half of the cities in the US have such a budget item as cybersecurity? Yes, municipalities simply don't care about this, unlike global corporations with fat budgets. And this, in turn, unties the hands of hackers in the field of hacking, data management and social engineering. They can encrypt data and blackmail municipalities of some government services.
They can delay and disrupt the work of local airports, they can change the composition of water at substations and blackmail with mass poisoning. They can even hack your smartphone and leak your childhood, well, or not so childhood, photos to all your classmates, fellow students and colleagues. They can send letters from government addresses and download your bank card details through links. And I'm not dramatizing, and I'm not even engaged in jaundice. I'm only talking about what has already happened.
Well, what will happen next, we have yet to find out. Yes, security systems are improving, but, as I said, they will always have an error called "human". This is the main postulate of social engineering - the most effective and sophisticated method of hiking today. Hiking these days is not only working with code and exploits. It is a combination of various penetration techniques and obtaining any kind of information. Including the notorious social engineering.
But why is social engineering so important? Because our brain is essentially a biocomputer with various operating systems, firmware, drivers, and, of course, bugs. It is these bugs that hackers use when they fail to hack the system in the traditional way. And at the moment, there is only one main way to protect yourself and protect your information from social engineering, which we will generously share.
In fact, you don’t need guides, because there is only one basic piece of advice – be attentive and develop critical thinking, because your info is hackers’ money. The crypto industry is still in its infancy and is developing. It is still the Wild West with bandits, drunk sheriffs and cameras that await you at every step.
It doesn’t matter where you keep your funds – on the exchange, in a hot or cold wallet, in your bank or in a five-liter jar – they can all be stolen. Even the safest storage methods cannot guarantee absolute security, especially if you have become a target for hackers for some reason. Hacking technologies, by the way, are also keeping up with the development of cybersecurity, which means the danger will not go away.
Moreover, those who worked as a cybersecurity specialist will be inspired by the figures of some shadow earnings and can go to the dark side in a second, because they are only people. History shows that no one is immune to vulnerabilities and cyber attacks in a world where antiviruses are created by the same people who create the viruses themselves. And the most mysterious thing in this story is the hackers themselves. It will hardly be possible for us to find out the identity of any of the Lazarus, and why, what can you do to them, they are in another city, in North Korea, so neither the police, nor the special forces, nor the National Guard will help you, the guilty will remain unpunished, and even get a bonus.
However, despite all the risks and challenges, you should not panic, because these are the costs of technical progress, for which you have to pay. As I already said, it is important to remain vigilant, because a scammer in Telegram, who offers to exchange cryptocurrency, is also a kind of social engineer, like a two-meter big guy with a soldering iron, who came for your sit-phrase. Traditionally, I do not draw conclusions, you will draw them yourself. Think and answer the question. Who are hackers?
Criminals hidden in the darkness of the Internet? People who want to make a living at any cost? Creators of a better world who have strayed from the righteous path, or simply a bug in technical progress. And we will see each other again. Soon. Bye.
