Hacking Humans 6.23.22
Ep 201 | 6.23.22

North Korea and a global cyber war.


Geoff White: I mean, you sort of tend to forget that if you rank the top four threats against the U.K., you know, North Korea is in the sort of top four, which, considering how small North Korea is, and also the fact that the bulk of people in the country don't even have access to the internet, that's quite a remarkable turn of events. So the whole point of the podcast and the book was sort of to answer the question, why has that happened? But also how have they done that?

Dave Bittner: Hello, everyone, and welcome to the CyberWire's "Hacking Humans" podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner from the CyberWire, and joining me is Joe Carrigan from the Johns Hopkins University Information Security Institute. Hello, Joe. 

Joe Carrigan: Hi, Dave. 

Dave Bittner: Got some good stories to share this week. And later in the show, Carole Theriault joins us. She's speaking with Geoff White about his new book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." 

Dave Bittner: All right, Joe, before we kick things off with our stories, we have a little bit of follow-up and feedback here. I guess I will go ahead and read this as the official reader. 

Joe Carrigan: Please do. Yes. 

Dave Bittner: This is from a listener who goes by the name of John. And John says, hello, Dave and Joe. First off, I love your show. You both do a great job communicating security-related information and stories. Keep up the good work. Well, thank you, John. You can write us anytime (laughter). 

Joe Carrigan: Yes, please do. Write us more often. Tell us how awesome we are. 

Dave Bittner: John says, last year, I wrote in - well, there you go - about a hacking scheme my son was dealing with and how he potentially compromised his driver's license. We live in Colorado. 

Joe Carrigan: I remember that. 

Dave Bittner: It was easy enough to go to the local DMV and get a new license so the old one could not be used. Great. This year I was notified my driver's license and other personal data had been exposed in the T-Mobile breach. Interestingly, I was notified by a monitoring service I subscribed to and not by T-Mobile. I thought there were changes in the reporting requirements but apparently not involving the notification to people impacted. Also, I find it interesting that T-Mobile seems to be acting like nothing happened. Other companies I deal with who had security breaches have proactively reached out to notify and offer monitoring services for some time period, while T-Mobile seems to be taking the ostrich approach. But I digress. 

Joe Carrigan: (Laughter). 

Dave Bittner: I'll just add as an aside here that perhaps it's because T-Mobile has so many breaches that it's hard for them to keep up. 

Joe Carrigan: Yeah. Yeah, maybe. Maybe that's why. 

Dave Bittner: (Laughter) But back to John. He writes, my first thought was, why did T-Mobile have my information, since the last time I used them was over 20 years ago? My second thought was, I should go to the DMV to void my current one and get a new one, since it was relatively easy based on my son's experience. Well, apparently, something changed in the past year. Now, to get a license reissued, it requires a notarized affidavit and a police report. This means you cannot get a license reissued until after you have experienced some form of identity theft the police are willing to handle and report. Apparently, instead of being helpful, the Colorado government would like its citizens to experience some injury beyond the annoyance of dealing with the DMV. 

Joe Carrigan: (Laughter) Yeah, that is - that in and of itself is an injury. 

Dave Bittner: Injury to insult. 

Joe Carrigan: Yes. 

Dave Bittner: I would be interested in hearing your views on this. 

Joe Carrigan: I have a few things. Number one, if the last time you did business with T-Mobile was 20 years ago, then wouldn't your license have long expired? 

Dave Bittner: That's true. Yes. The license they would have on file would be long gone. 

Joe Carrigan: Yeah, so I don't know that I'd be concerned about it if that was - if this is truly 20-year-old information. Maybe something - maybe John has some other information in here that I - it's not clear, or maybe he has another concern. 

Dave Bittner: Good point. 

Joe Carrigan: But aside from that, there are two main concerns here. Number one, why do companies keep your data forever? If you haven't done business with that company in 20 years, why do they still have it? That's a valid question. 

Dave Bittner: (Laughter) Yes. 

Joe Carrigan: I would like somebody from T-Mobile to answer that question. 

Dave Bittner: Yeah. 

Joe Carrigan: Maybe the next step is for you to call T-Mobile and go, hey, listen. My data was breached when you guys got breached, and I haven't done business with you for 20 years. I'm going to send you a letter that commands you or instructs you to delete my data since we don't have a business relationship anymore. I don't know if you can get away with that at all. I don't know if you have any force or, you know, any - there's no right to be forgotten in the United States yet. 

Dave Bittner: Right. 

Joe Carrigan: Soon there will be... 

Dave Bittner: Yeah. 

Joe Carrigan: ...Where - when you will have the force of law behind that request. But you can still make the request. And then I'd be in touch with my legislators to ask about this. What's going on here? You know, you need to make it so that if I think I've been breached, I can go out and get my license replaced before I suffer an identity theft incident. 

Dave Bittner: Yeah. I also wonder, for John, what if he just went to DMV and said, I lost my license? 

Joe Carrigan: That's a good point. 

Dave Bittner: I guess what - but I guess what he's looking for is, like, a reissue with a different number on it, I guess, as opposed to just a reprint of the existing license, which presumably has the compromised information, perhaps. I think that's the line of thinking John is following here. So that's... 

Joe Carrigan: Right. Yeah. I don't know how it works in Colorado, but I know in Maryland, if I go out and get a new license, I have the exact same license number. 

Dave Bittner: I see. 

Joe Carrigan: And in fact, the license number is a soundex that's actually easy to derive. And because my son and I have the same name, our driver's license numbers are almost identical. 

Dave Bittner: Really? 

Joe Carrigan: Yeah. 

Dave Bittner: Interesting. You know, I got a notice (laughter) - I got a notice probably six months ago of a data breach. And it was from an organization that I had not done business with since I was about 11 years old, Joe. 

Joe Carrigan: Really? 

Dave Bittner: Forty years (laughter) I had not heard from this organization. And I got a letter one day in the mail that said, hey, guess what? We had a data breach. And sort of to your point, I was like, what are you doing with my information still on file? It's been 40 years. Like - and this is - I haven't - this is the first I hear from you... 

Joe Carrigan: Right? 

Dave Bittner: ...After 40 years. 

Joe Carrigan: Not, gee, Dave, we miss. 

Dave Bittner: No. 

Joe Carrigan: What does an 11-year-old want that a 51-year-old wants? 

Dave Bittner: Yeah, money. 

Joe Carrigan: Yeah, money. 

Dave Bittner: (Laughter) That's it, money. Yeah. So the other thing I will add here is that a lot of privacy folks that I've spoken to have suggested that you consider the data of your customers to be radioactive. 

Joe Carrigan: Right. It's a nuclear material. 

Dave Bittner: Yes. If you have too much of it in one place, bad things happen. 

Joe Carrigan: Yes. 

Dave Bittner: So get rid of it. Have some sort of rules in place where after X number of years, it gets destroyed. I know it's easy to be a packrat with this and storage is basically free these days. 

Joe Carrigan: Right. 

Dave Bittner: We all do it, right? We all never throw anything away. 

Joe Carrigan: That's right. 

Dave Bittner: I have a Google drive to prove it (laughter). 

Joe Carrigan: I've got way too much - yeah, I actually had to start paying Google $1.99 a month so that I could keep stuff on my Google drive. And I already pay for a terabyte of storage at Microsoft. 

Dave Bittner: Oh, the humanity. 

Joe Carrigan: I just haven't moved it over. I said, it's just easier to pay the two bucks a month. 

Dave Bittner: Yeah, it's just - exactly. But if you're an organization, you get yourself in trouble. 

Joe Carrigan: Yeah. 

Dave Bittner: So to your point, Joe, hopefully things are moving in the right direction. We'll see some legislature or legislation, rather, about this and maybe we'll be headed in the right direction. So good questions, John. Thank you for writing in. We do appreciate it and also for the kind words. We would love to hear from you. If you have a question for us, you can write us. It's hackinghumans@thecyberwire.com. 

Joe Carrigan: Also that's the address where you can send your Catches of the Day. 

Dave Bittner: Excellent. All right. Well, let's dig into our stories this week. I will start things off for us. My story comes from ZDNet. This is written by Liam Tung, and it's titled "2,000 Arrests in Crackdown on Social Engineering and Business Email Scams." 

Joe Carrigan: When this came across my newsfeed this week, a big smile went across my face, Dave. 

Dave Bittner: (Laughter) It's good news. 

Joe Carrigan: It is. 

Dave Bittner: It's good news. So the fine folks at Interpol announced that they had raided over 1,700 locations over the period of about two months. They seized $50 million in fraudulent gains and arrested about 2,000 people, which they described as operators, fraudsters and money launderers, as part of their crackdown on social engineering and business email compromise rackets. This was an international effort. They say some 76 countries participated in the crackdown against organized crime and these social engineering scams. They were going after people who were taking part in telephone deception, romance scams, email deception, financial crime, all that good stuff. In addition, they identified about 3,000 suspects, and there were 4,000 bank accounts that were frozen. 

Joe Carrigan: That's a lot of bank accounts. 

Dave Bittner: (Laughter) It's a lot of - a lot. 

Joe Carrigan: And only $50 million. That's not a lot of money for this kind of a crackdown. But I imagine the money moves through these criminal organizations very quickly. 

Dave Bittner: Yeah. And if you can - now, that was the question I had for you was, to what degree do you think something like this makes a difference? 

Joe Carrigan: What I think makes the biggest difference is the fact that you've arrested 1,700 people and got 2,000 more people to arrest. That makes the difference. 

Dave Bittner: Yeah. 

Joe Carrigan: That's going to be the incentive or disincentive, if you will, to not participate in this. You know, the idea that these guys have is, hey, we can just get away with this. We do this because we're operating outside of the force of the laws of the countries we're targeting. 'Cause they usually target more wealthy countries. And I get the wealth disparity issue. 

Dave Bittner: Yeah. 

Joe Carrigan: But that doesn't excuse criminality. So they work in an environment where law enforcement may not be as tough as it is here in the United States. I mean, we have some pretty tough law enforcement in this country to the point where there are some problems with it, right? Like, I'm not happy with the amount of surveillance that goes on in this country. And there are other issues as well that I'm not happy with. But - so it's - if you're in the U.S., it's pretty easy for law enforcement to catch you doing financial crimes in the U.S. Outside of the country, you may feel like they're never going to be able to catch me. 

Dave Bittner: Right. 

Joe Carrigan: And that gives you that incentive to do this. 

Dave Bittner: Right. 

Joe Carrigan: So I think to answer your question, as I have always done, I've given a long answer to a very simple question. But your simple question is, does this matter? I think, yes, it does because these people are going to have to interact with their legal system now. And that is never a good situation for anybody. 

Dave Bittner: I think it's good to have the them looking over their shoulders, too. 

Joe Carrigan: Yeah. Absolutely. 

Dave Bittner: That if I'm running that phone bank in one location and the folks down the street got collared... 

Joe Carrigan: Yep. 

Dave Bittner: ...I'm going to think twice about it. Maybe it's time to move on to something else. 

Joe Carrigan: Yeah, absolutely. Because a lot of these companies have legitimate businesses and they run the legitimate businesses as call centers, and then they have another room where all the scammers work, right? And that's probably more profitable, but maybe it's not worth spending 10 years in prison for. 

Dave Bittner: Right, right. 

Joe Carrigan: Right. 

Dave Bittner: Right. All right. Well, good to share some good news, so I thought I would pass that along. The guys at - guys and gals at Interpol, doing some good work with all their international partners. You know, it's good to see that this stuff is being paid attention to, and there are some crackdowns. So I think it's a good reminder. All right, Joe, that's my story. What do you have for us this week? 

Joe Carrigan: Dave, my story is a reminder that the bad guys have calendars hanging up in their offices with the seasons of hacking on them. 

Dave Bittner: OK. 

Joe Carrigan: I like to say, think of it as an evil liturgical calendar where there is no such thing as ordinary time. 

Dave Bittner: OK. 

Joe Carrigan: It's always some scam season. And last week was Father's Day season. 

Dave Bittner: Oh. 

Joe Carrigan: Right? 

Dave Bittner: Yeah. 

Joe Carrigan: Hack season, scam season. 

Dave Bittner: Yeah. 

Joe Carrigan: Hacking season, scam season. My story comes from Jennifer Meierhans over at the BBC, and the title of the story is "Heineken says Father's Day Beer Contest is a Scam." 

Dave Bittner: Uh-oh. 

Joe Carrigan: So there is a scam going around on WhatsApp where you get this picture of a cooler pack of Heineken, and it says, hello, welcome to the Heineken Beer Father's Day Contest. Take the quiz, find the hidden prize and win a cooler full of Heineken beer. Now, part of me goes, what's second prize - two coolers full of Heineken beer? 

Dave Bittner: Oh, now, Joe, you're a rascal. 

Joe Carrigan: (Laughter) I'm not a big fan of Heineken, but it's not - if somebody handed me a Heineken beer at a party, I wouldn't turn it down. 

Dave Bittner: Yeah. 

Joe Carrigan: I would ask, is this the best you have (laughter)? 

Dave Bittner: And that's why you don't get invited to many parties, Joe. 

Joe Carrigan: And that's why I don't get invited to parties. Right. 


Joe Carrigan: But interesting on this scam is that there are - there's a thing at the bottom that says 250 gifts left. And if you go - there's another picture here that says, Heineken Beer Father's Day Contest 2022, 5,000 coolers of Heineken, and the URL ends in .ru, right? I don't know if you are aware of where Heineken is made, but it is not made in Russia. 

Dave Bittner: No (laughter). 

Joe Carrigan: So naturally, Heineken is very upset with this, as they should be, right? And they're telling everybody, it's a scam. Delete it immediately. Don't - you know, we're aware of the phishing scam circulating on social networks. It's not sanctioned by Heineken, and we have alerted the relevant authorities. 

Dave Bittner: Right. 

Joe Carrigan: Now, one of the places that will never have a crackdown on these kind of scams - one of the places where these guys do operate with impunity when they go outside of the country - is Russia. Russia doesn't cooperate with foreign law enforcement at all. 

Dave Bittner: Right. 

Joe Carrigan: So I think the fact that this is linking to a .ru URL is a clear indicator that it might be being run out of Russia. 

Dave Bittner: It's a red flag. Sure. 

Joe Carrigan: Yeah, it's a red flag. 

Dave Bittner: Yep. 

Joe Carrigan: So a couple of things that are interesting in here - one is from - one quote is from Ian McShane, who I think we've had on this show... 

Dave Bittner: Sounds familiar, yeah. 

Joe Carrigan: ...From Arctic Wolf. 

Dave Bittner: Oh, sure. Yeah. 

Joe Carrigan: And he says the response - the message often says, only the first X number of people will win, and that ends - lends to the credibility of the scam. Online threats - or onlinethreatalerts.com said this scam is spreading like wildfire, and it was difficult to track within private messages. WhatsApp and their parent company, Meta, I guess, are saying that you should report these fraudulent messages to them so they can take some action. What that action is, I don't know. You know, I don't have any hope in that producing anything when you're talking about Meta. 

Dave Bittner: Right. 

Joe Carrigan: I just don't have a lot of faith in that company as a whole. That's a personal opinion... 

Dave Bittner: Yeah. 

Joe Carrigan: ...Not - you know, I'm not telling anybody anything they don't already know anyway. 

Dave Bittner: (Laughter) They've earned it. 

Joe Carrigan: They've earned - right. 

Dave Bittner: Yeah. 

Joe Carrigan: So my point of picking the story is, there's always something, right? It's always something. Next - what's it going to be next week? Hey, Independence Day giveaways - right? - 'cause Independence Day is coming up here in the United States - or, let's see, new fiscal year, right? For a lot of companies, they begin fiscal years on July 1. That's where a lot of accounting scams might be coming in. 

Dave Bittner: Yeah. 

Joe Carrigan: Right. And all that information on publicly traded companies is out there on the internet. And you can see when somebody's fiscal year begins and ends, if they're publicly traded. 

Dave Bittner: Right. 

Joe Carrigan: So these are the kind of things you need to be aware of - what's going on around you, what's going on at this point in time, and how these phishing scams work and how they usually start. Just ignore them. And if... 

Dave Bittner: It's like retailers, you know? 

Joe Carrigan: Right. 

Dave Bittner: You got your - what do we go? Christmas, Valentine's Day, Saint Patrick's Day... 

Joe Carrigan: Right. Yeah. 

Dave Bittner: ...Easter, Fourth of July. 

Joe Carrigan: Memorial Day. 

Dave Bittner: Memorial Day. 

Joe Carrigan: Presidents Day. 

Dave Bittner: Thanksgiving and then Christmas - and it's all over again, right? 

Joe Carrigan: Yeah. 

Dave Bittner: There's never a time when the store is not decorated. 

Joe Carrigan: Yes, exactly. 

Dave Bittner: And this is similar to that. 

Joe Carrigan: Yeah. Car dealerships are like that, too. 

Dave Bittner: Yeah. 

Joe Carrigan: There's always some sales event going on. It's always Toyotathon... 

Dave Bittner: Right. Right. 

Joe Carrigan: ...It seems. 

Dave Bittner: Yes. 

Joe Carrigan: I don't know. Jenn is always saying something about some sale event that's going on at Toyota dealerships. 

Dave Bittner: Right. 

Joe Carrigan: You know - and I kind of object to that. You know, I almost look at that as it's an insult to my intelligence - right? - when it's coming from a retailer. But for some reason, when it's coming from a criminal enterprise, I'm like, I should be cautious of this. And I wonder if those two are related in my head, right? Like, I'm cautious of it because it's coming from a retailer, but I'm cautious of it because it's coming from a scammer as well. 

Dave Bittner: Yeah. 

Joe Carrigan: I wonder if that provides me any protection - like, any mental protection from these kind of things. Like, these Jedi mind trick... 

Dave Bittner: It just rubs you the wrong way. 

Joe Carrigan: It does just - it rubs me the wrong - there are a lot of things that rub me the wrong way. 

Dave Bittner: Yeah. 

Joe Carrigan: And this is one of them. Another one is when somebody tries to instantly pretend there's a rapport between the two of you. 

Dave Bittner: Oh. 

Joe Carrigan: You and somebody else. 

Dave Bittner: Really. 

Joe Carrigan: That makes the hair on the back of my neck stand up. 

Dave Bittner: Is that right? 

Joe Carrigan: Yeah. 

Dave Bittner: By the way, I wanted to tell you what a lovely shirt you're wearing today. 

Joe Carrigan: Dave, coming from you, it's fine. 

Dave Bittner: (Laughter). 

Joe Carrigan: You and I do have a good rapport. You and I have years of working together. 

Dave Bittner: Right. OK. 

Joe Carrigan: It's fine. You can tell me that. 

Dave Bittner: I see. 

Joe Carrigan: Right? If somebody else comes up and says... 

Dave Bittner: But when you walk into the car dealership and the guy says, hello there, sir, what a lovely shirt you're wearing today. 

Joe Carrigan: I'm like, ugh. 

Dave Bittner: (Laughter). 

Joe Carrigan: I'm not here to talk about my shirt, and you know it. And don't... 

Dave Bittner: Right. 

Joe Carrigan: That... 

Dave Bittner: Yeah. 

Joe Carrigan: There you go. That's a perfect example, Dave. 

Dave Bittner: Yeah. 

Joe Carrigan: Thank you. That's exactly what I'm talking about. 

Dave Bittner: Yeah. Yeah. All right - well, interesting story. We will have a link to that in the show notes. Again, we would love to hear from you. You can write us at hackinghumans@thecyberwire.com. All right, Joe, it's time to move on to our Catch of the Day. 


Joe Carrigan: Funny that our second story was about Heineken because our Catch of the Day also comes from the Netherlands. Joram writes, hi - Jave and Doe. 

Dave Bittner: (Laughter). 

Joe Carrigan: Like we're the Heaven's Gate cult, right? Ti and Do. Hi, Joe and Dave. I have my own cybersecurity business, and I'm always trying to find new sources to learn more. I fairly recently discovered your podcast in that search. I really love the show. It's both very informative as well as fun and easy to listen to. Well, those are kind words. Thank you, Joram. 

Dave Bittner: Very nice. 

Joe Carrigan: Appreciate it. When checking my spam folder in my personal inbox - which I do on occasion - I came across a fun but futile attempt to scam for money. Dave, why don't you read this? It starts with, my greetings. 

Dave Bittner: (As scammer) I am Miss Julia Iris, a retired economic operator, hospitalized for health reasons. I suffer from heart disease, and the results of some of my medical tests showed that my days on Earth are numbered. While I have in my bank a sum of money of 3,425,000 euros, unfortunately I have no family of children who will be able to benefit from this money. I was advised by the Catholic bishop and my spiritual guide to inherit it from a person who I must choose at random who can put these funds to good use. The reason why I'm contacting you today by email, given that I am under hospitalization in order to live the rest of my life - you are, therefore, the beneficiary of 3,425,000 euro. I offer it to you from the bottom of my heart. I just ask for prayers in return so that my soul may rest in peace on the last day. Please write to me by email. May the lord God, creator of heaven and earth, hear your prayers. Amen. 

Joe Carrigan: (Laughter) All right. So one of the things that Joram said - and this stuck out to me when I read it as well - is - there's a line in here, I was advised by the Catholic bishop my spiritual guide to inherit it from a person whom I must choose at random. All right. I don't know if you know how a lot of charitable organizations work. 

Dave Bittner: Yeah. 

Joe Carrigan: Right? But they run on money. 

Dave Bittner: (Laughter) It's - yes, it's the unfortunate reality of... 

Joe Carrigan: Correct. 

Dave Bittner: ...The world in which we live. Right. 

Joe Carrigan: And there are many people who, when they die, they leave a large gift to a charitable organization. 

Dave Bittner: Sure. 

Joe Carrigan: And people do that with their churches. 

Dave Bittner: Yeah. 

Joe Carrigan: And I find it difficult to believe that a bishop would recommend randomly picking somebody to give money to, as opposed to saying, you know, perhaps you should make a post-mortem donation to the church. 

Dave Bittner: (Laughter) That's right. Exactly. You'd think, at the very least, he would throw his hat in the ring and say... 

Joe Carrigan: Right, yes. 

Dave Bittner: ...Maybe you could split it between us and something else that is special to you (laughter). 

Joe Carrigan: Yes. 

Dave Bittner: Right? 

Joe Carrigan: Absolutely - which is - you know, if you're a Catholic, that's not a bad thing to do with your money. 

Dave Bittner: No, no judgment at all. 

Joe Carrigan: Yeah. 

Dave Bittner: I mean, the church - you know, you've got to keep the lights on. 

Joe Carrigan: Right. It's - but I find it difficult to believe that they would say, just give it to some rando (laughter). 

Dave Bittner: Right. No, we're good. 

Joe Carrigan: Yeah. 

Dave Bittner: We're good. 

Joe Carrigan: I could - you know, I picture a guy in, you know, the big pointy hat, with the long cane and... 

Dave Bittner: Yeah - gold scepter. 

Joe Carrigan: Yeah. 

Dave Bittner: Yeah (laughter). 

Joe Carrigan: ...Gold scepter - walking by the hospital door. Your Eminence, should I - what should I do with this money? Oh, just give it to some rando. 

Dave Bittner: Yeah. No, we're good. 

Joe Carrigan: Yeah. Keep going. 

Dave Bittner: Yeah, exactly. 

Joe Carrigan: Thank you, Joram, for sending that in. That's a great Catch of the Day. 

Dave Bittner: Yeah, absolutely. All right. And again, we would love to hear from you. You can send it to us at hackinghumans@thecyberwire.com. 

Dave Bittner: All right, Joe. It is always a treat to welcome Carole Theriault back to the show. And this week, she is speaking with author Geoff White about his new book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Here's Carole Theriault. 

Carole Theriault: So today we are talking with Geoff White, investigative journalist, auteur, podcaster, climber - anything else? 


Geoff White: No, that about covers it. Yes - enough for one man. 

Carole Theriault: Well, today we are going to talk about your upcoming book, "The Lazarus Heist - From Hollywood To High Finance: Inside North Korea's Global Cyber War." That's quite a title, Geoff. It's snappy. 

Geoff White: It is. 

Carole Theriault: (Laughter). 

Geoff White: They always ask you to come up - you come up with the title, and you work really hard for the title. And they say, we need another bit after it. We need colon something or other. And then you spend weeks thinking of that. I'd rather just call it, the thing, and then that'll be it. But unfortunately... 

Carole Theriault: Yeah. 

Geoff White: ...You have to describe them what the book is actually about. 

Carole Theriault: Right. OK. Well, I'll refer to it as "The Lazarus Heist" for time. 


Carole Theriault: Now, this book of yours was adapted from the BBC hit show "Lazarus Heist" podcast, which you host. 

Geoff White: Co-host - yes. 

Carole Theriault: Yes, with Jean Lee. And I wanted to ask you, what made you decide to go down the literary route? 

Geoff White: The idea, originally, I think, when we developed the podcast, they said, well, we'll try and maybe get a book out of this as well. And I sort of thought, yeah, well, we'll see what happens with that. I'll believe it when I see it. But, fair enough, you know, audiences really did seem to like the podcast. You know, the BBC were very happy with the podcast and then, you know, went to a publisher and the end up being Penguin. And they thought, well, there's much more to tell. That was part of my pitch - there's lots more to tell beyond the podcast. There's all those little wrinkles and things you can't fit into the podcast. But over and above that, you know, the North Koreans have been accused of more and more hacks. So there's always more to put in. So I think the idea was, we can just do more and say more in a book, I think. 

Carole Theriault: So maybe we should take a step back. And why don't you give us the gist of "The Lazarus Heist" and why it grabbed you more than any other cybergang stories out there? 

Geoff White: Yeah, it's interesting. I mean, "The Lazarus Heist" podcast and (inaudible) the book is the story of how North Korea became a cyber superpower, a computer-hacking superpower. I mean, you sort of tend to forget that if you ask the U.K. government, the U.K. intelligence community to sort of rank the top four threats against the U.K., it'll generally be sort of China, Russia in first and second place interchangeably, but third and fourth places are usually either Iran or North Korea and, again, change between the one or the other. So, you know, North Korea's in the sort of top four, which, considering how small North Korea is and also the fact that the bulk of people in the country don't even have access to the internet, that's quite a remarkable turn of events. 

Geoff White: So the whole point of the podcast and the book was sort of to answer the question, why has that happened, but also, how have they done that? And so we followed through, you know, the trail of the Lazarus Group, the so-called Lazarus Group, who are behind a lot of these hacks, who alleged to be working on behalf of the North Korean government, to look at where they come from, where they spring from, the kind of hacks they carry out and the evolution that's gone on, their gradual growth in tactics and effectiveness. That's really what we've been concentrating on. 

Carole Theriault: Were you learning as you went, or did you have it all sorted out before you went live with the podcast and started talking about it? 

Geoff White: No, we were learning as we go. I mean, I'd written a book a couple years ago called "Crime Dot Com" and... 

Carole Theriault: Right. 

Geoff White: ..."The Lazarus Heist" story really was one chapter in "Crime Dot Com." And if you had said to me, well, that chapter, we'll make it into a 10-part podcast series, I would have said, no, no, that's not going (laughter) to happen. There's - I've found out everything I can about that Bangladesh bank hack that the North Koreans were accused of doing. But you find out more and more, and stuff does come to light as you make the podcast. There was this intriguing connection of a Japanese guy who ends up getting involved in the process of laundering money allegedly stolen by the North Koreans. And he was always a sort of shadowy character. And we had a few leads, but we never quite, you know, managed to nail him down. As we were making the podcast, he sort of responded to the email and said, yeah, hey, I'll have a chat; I'll do an interview. I just fell off my chair at that point and thought, will you? (Laughter) OK, fair enough. 

Carole Theriault: (Laughter). 

Geoff White: So you get him on the phone, and you sort of are asking some questions. So, yes, stuff always develops. And as I say, you know, even in the course of making the second series of the podcast - we've got a second series coming out in October - you know, we've had the Axie Infinity Ronin bridge cryptocurrency attack being attributed to North Korea. We've had some convictions around a cryptocurrency conference that was held in North Korea. (Inaudible) and the U.S. have been convicted for his involvement in that. There's a couple of other warrants out. So stuff just keeps developing. I hope at some stage the North Koreans just take a breather while we finish the series before doing anything else. 

Carole Theriault: (Laughter) So your book, "The Lazarus Heist," is going to be hitting the digital shelves in June. Is that right? 

Geoff White: And the physical shelves in June. It's paper. It's audio. It's e-book - all the formats, not mime. We have avoided mime. I thought that was a bit of too much of a challenge. 


Geoff White: Modern dance. 

Carole Theriault: Do you ever worry, you know, you're covering this. You're probably going to become the Lazarus gang's biggest expert in terms of their entire life cycle. Does that worry you at all? 

Geoff White: Well, listen, for a start, I don't know anywhere near as much as some of the technical experts we're speaking to. So in terms of how they work and what they do, there are lots of people in the world who have far more knowledge of that than I do. But, yes. We take these risks extremely seriously. The BBC and Penguin take it very seriously. I mean, look, one of the stories we cover in both the podcast and the book is the hacking of Sony, which is a big media organization that did something North Korea didn't like, put together a film called "The Interview," which was pretty mocking of Kim Jong-un, the leader of North Korea. And the North Koreans, it seems, did not like that one bit and were accused of hacking into Sony and demolishing the company for a period of time. 

Geoff White: Obviously, the BBC and Penguin are big media organizations. We're doing something that the North Koreans might not like by covering the hacking. You know, the last thing we want is for them to put us in the same position Sony was in. So we do take this very, very seriously. Usefully, as you go along, you know, you cover these hacks, and you cover these attacks, and you get an insight into what the tactics are. Depressing list - a lot of it's still phishing emails. But so that's kind of helped us, I think, stay a bit more secure - hopefully, touching wood - because we kind of know what the tactics are because we're hearing those tactics from victims. Hopefully we can keep ourselves safe against them as well. 

Carole Theriault: Well, I very much hope so because what you do is important. And thank you for sharing all your research with us. 

Geoff White: Great speech - thanks for having me on. 

Carole Theriault: Listeners, this was Geoff White, author of "The Lazarus Heist," which will be available in June. 

Dave Bittner: All right, Joe, what do you think? 

Joe Carrigan: Well, I'm glad to have Carole back on the show. 

Dave Bittner: Yeah. 

Joe Carrigan: I always like hearing her. 

Dave Bittner: Yeah. 

Joe Carrigan: One of the things that stands out in this interview to me is that North Korea is one of the top five hacking nation-states. North Korea is so prolific in the hacking that Geoff can do two podcast series and a book on them. 

Dave Bittner: Right. 

Joe Carrigan: Right. 

Dave Bittner: Right. I would - just as an aside, I would recommend folks check out Geoff's podcast. It's excellent. 

Joe Carrigan: I haven't listened to it yet. But... 

Dave Bittner: Yeah. 

Joe Carrigan: Geoff is actually on a lot of other podcasts right now, pushing this book. 

Dave Bittner: Yeah. 

Joe Carrigan: And I'll talk about that in a minute... 

Dave Bittner: Yeah. 

Joe Carrigan: ...Because this is a short interview. 

Dave Bittner: Yeah. 

Joe Carrigan: If you want to hear longer interviews, I'll just say this now. If you want to hear longer interviews, Perry Carpenter - "8th Layer Insights" has a bonus episode - as of this recording, it's the most recent bonus episode - with Geoff. 

Dave Bittner: Yeah. 

Joe Carrigan: And Jack Rhysider on - over at "Darknet Diaries" also has an episode with Geoff... 

Dave Bittner: Right. 

Joe Carrigan: ...Episode 119. 

Dave Bittner: OK. 

Joe Carrigan: And I'm about halfway through that episode. But I listened to the Perry Carpenter one, the "8th Layer Insights" with Perry. And that was really good. 

Dave Bittner: Yeah. 

Joe Carrigan: And, you know, Jack's show is always great. 

Dave Bittner: Sure. 

Joe Carrigan: And so is Perry's, by the way. 

Dave Bittner: Yeah. 

Joe Carrigan: You should check out - you know, I'll - you know what? Shameless plug for Perry's - fellow CyberWire - I'm also going to be on an upcoming episode of that show. 

Dave Bittner: Oh, terrific. 

Joe Carrigan: So... 

Dave Bittner: Yeah. Perry's a really good storyteller. 

Joe Carrigan: Yeah, he is. 

Dave Bittner: So if you haven't checked out "8th Layer Insights," give it a listen. 

Joe Carrigan: But back to Geoff... 

Dave Bittner: Yeah. 

Joe Carrigan: ...Something that amazes me about these hackers - you know, the fact that Geoff can produce all this media on North Korean hackers - these hackers don't grow up with computers, right? They may not even grow up with electricity, Dave... 

Dave Bittner: Yeah. 

Joe Carrigan: ...Or constant electricity. You know, I've heard stories. I've listened other podcasts about what it's like in North Korea. And they have - you don't get a computer. 

Dave Bittner: Right. 

Joe Carrigan: Very few people get computers. I've seen stories where you go into a North Korean data center, and there's just people sitting at computers. But all they're doing is looking at the Google search screen. Like, that's what you're doing, what you do. They've loaded up Google and are just looking at it. 

Dave Bittner: OK. 

Joe Carrigan: So what they do - and I heard this on - I think it was Jack's show. Geoff said this. They take people who are good at math, and they turn them into hackers. And then they send them out of the country to hack because there is no infrastructure in the country. 

Dave Bittner: Oh, I see. 

Joe Carrigan: Right? - which is another key point about North Korea. We could not win a cyber war with North Korea - right? - because it is completely asymmetrical. They could hack and do thousands of dollars in damage, millions of dollars in damage, billions of dollars in damage to our infrastructure. And we can't do it to them because they just don't have that infrastructure. 

Dave Bittner: Oh, I see what you're saying. OK. 

Joe Carrigan: Right. So, I mean, if it's just a pure cyber war, we can't win. We just have to - you know... 

Dave Bittner: They just don't have as much to lose. 

Joe Carrigan: They just don't have as much to lose. Exactly. 

Dave Bittner: OK. 

Joe Carrigan: I'm not sure if it's even within their capabilities to do it, but it's probably not within what they want to do. 

Dave Bittner: Yeah. 

Joe Carrigan: They probably don't want to do that because it's probably not in their own interests. 

Dave Bittner: No. And I think they're - you know, things are pretty brittle over there... 

Joe Carrigan: They are. 

Dave Bittner: ...Just in general. So... 

Joe Carrigan: Yeah. 

Dave Bittner: How much do you want to poke the bear? 

Joe Carrigan: Yeah. What they really are interested in is keeping the money flow coming in. 

Dave Bittner: Yep. Yep. 

Joe Carrigan: That's what they want. 

Dave Bittner: Yep. 

Joe Carrigan: Key takeaway - North Korea, one of the most advanced nation-state actors in the world, and their most frequently used tool is just phishing, right? That's why shows like this are important. That's why it's important to have security awareness training. It is probably the most efficient and effective way to get into an organization - is just by phishing. 

Dave Bittner: Yeah. 

Joe Carrigan: That's why it's so popular and why it's such a big problem. 

Dave Bittner: Yeah. And I guess I wonder, in terms of North Korea's threat, to what degree is - do they actually have true sophistication with the things they're developing, and to what degree are they just persistent? And, you know, they use the stuff that works... 

Joe Carrigan: Right. 

Dave Bittner: ...Like you said, because their priority is getting the money flowing. So it's just volume, volume, volume of these sort of scammy things to finance their government. 

Joe Carrigan: Yeah. I get the impression that there are other people involved in this as well that aren't North Koreans, people that North Koreans pay. 

Dave Bittner: Yeah. 

Joe Carrigan: I don't know if - you know, maybe if I listen to Geoff's podcast, which I do plan on doing, there is information about that out there. I think I recall something in one of these interviews him talking about somebody who is in Japan as part of the organization. 

Dave Bittner: Yeah. 

Joe Carrigan: ...That helped them. So... 

Dave Bittner: Yeah. 

Joe Carrigan: It seems like they might - what they might be doing is building an international network of people to provide these tools and services to them. 

Dave Bittner: Yeah, I've heard there's some coziness between them and China, for example. 

Joe Carrigan: Oh, yeah, there is a coziness between them and China. There has been since the inception of North Korea. 

Dave Bittner: Yeah. 

Joe Carrigan: That's kind of the point or the Chinese point for the existence of North Korea. I'm very sad to hear that the book is not coming out in my format. 

Dave Bittner: (Laughter). 

Joe Carrigan: But I am perfectly happy to hear that it's not coming out in modern dance. 

Dave Bittner: Well, there you go - small miracles. 

Joe Carrigan: Yes. 

Dave Bittner: Right? 

Joe Carrigan: I would also not like to see the book come out in ballet if you're looking for other kinds of dance I don't like. 

Dave Bittner: OK. 

Joe Carrigan: Modern dance and ballet are my two least favorite kinds of dance. 

Dave Bittner: All right. 

Joe Carrigan: I love listening to ballets, though. 

Dave Bittner: Duly noted. Right. All right. Well, then... 

Joe Carrigan: Tchaikovsky wrote some great stuff. 

Dave Bittner: Again, our thanks to Carole Theriault for bringing us that interview with Geoff White. The book is "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War" and definitely worth a look there. 

Dave Bittner: All right. That is our show. We want to thank all of you for listening. Thanks to the Johns Hopkins University Information Security Institute for their participation. You can learn more at isi.jhu.edu. The "Hacking Humans" podcast is proudly produced in Maryland at the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our senior producer is Jennifer Eiben. Our executive editor is Peter Kilpe. I'm Dave Bittner. 

Joe Carrigan: And I'm Joe Carrigan. 

Dave Bittner: Thanks for listening.