How can North Korean have top talented hackers? Aren’t their technology and information stuff generally outdated?


I have frequently read news like “North Korean hackers” hacked into a company’s account and stole data, money, etc. In everyone’s impression though, North Korean is a country that has outdated techonology and poor economy development. Their citizens therefore should have bad education.

In: 8685

They are trained relentlessly and ruthlessly once they show any talent. As is often in dictatorships, having a useful talent will get your family privileges. The average citizen is uneducated but the government will provide for you if they think they can use you.

It does seem a bit of a paradox. Essentially, the North Korean government specifically trains hackers. They find young people with certain gifts–like a knock for certain types of mathematics or problem-solving–and they put them through special methods of training and education to cultivate those gifts and direct them toward various means of hacking. If you’re interested, “The New Yorker” had a comprehensive article about the subject.


>Their citizens therefore should have bad education.

Yeah, most of them probably do. But that doesn’t mean their top-tier talent isn’t highly educated. That’s honestly true of basically every country in the world. I mean in the US only about 36% of people can identify North Korea on a map. But that doesn’t mean the US doesn’t have incredibly smart well educated people.

I think it helps a lot that they can escape the consequences, and so get all the tries they want.

Like if a Greek citizen breaks into an American system and they figure who it is, there will be a legal process where America will talk to Greece, and the person will be arrested and possibly extradited. So at the first failure, it’s game over.

But if the same person is in NK instead, what’s the US going to do? NK isn’t going to cooperate and in fact the attacker is doing what NK wants. The US can’t apply diplomatic pressure because everyone on the US side already hates NK as it is, so you can’t really sanction them any more. And going in with weapons is a non-starter. So effectively nothing happens, and the NK hacker gets to try again, and again and again until they get what they want.

First of all, they’ve got plenty of computers there. They have their own linux-based OS. Lots of educated people who can be trained.

You don’t need much more than an internet connection and some free courses to learn how to reliably break into your average company’s network, though that “more” is something usually only governments are good at having: millions of dollars

There’s a grey market of zero-day vulnerabilities (publicly unknown bugs in software like OS’s and browsers) where governments and anyone else with deep pockets can buy that knowledge. Finding those vulnerabilities in software is something that requires lots of talent, but the market means DPRK doesn’t need to foster that talent on its own. They can just skip the hardest part with cash.

You can also use publicly known vulns against targets that haven’t patched their systems, but that’s less reliable. Or use any number of social engineering techniques. But $$$ will mostly just solve that part of the problem for you