WEBVTT - How North Korea Became A Crypto Hacking Powerhouse

0:00:02.520 --> 0:00:06.359
<v Speaker 1>I'm Stacy Marie Ishmael, Managing editor of Crypto for Bloomberg News,

0:00:06.360 --> 0:00:09.760
<v Speaker 1>and this is Bloomberg Crypto at Daily Bloomberg. I heard podcast.

0:00:10.039 --> 0:00:25.680
<v Speaker 1>It's Tuesday, August sixteen. In late July, allegations surface that

0:00:25.800 --> 0:00:29.760
<v Speaker 1>some North Koreans were plagiarizing online resumes to try to

0:00:29.800 --> 0:00:35.000
<v Speaker 1>trick companies, including crypto companies, into hiring them. It was

0:00:35.040 --> 0:00:37.080
<v Speaker 1>all part of a broader effort to raise money from

0:00:37.120 --> 0:00:40.519
<v Speaker 1>North Korea's government weapons program and an attempt to help

0:00:40.560 --> 0:00:44.680
<v Speaker 1>the authoritarian nation evade global sanctions. But how did North

0:00:44.720 --> 0:00:48.080
<v Speaker 1>Korea get so good at tricking crypto employers? And what

0:00:48.159 --> 0:00:50.599
<v Speaker 1>does all of this mean for the security of these companies?

0:00:51.159 --> 0:00:54.720
<v Speaker 1>This is geopolitics, and there's a lot of ugliness to this,

0:00:54.840 --> 0:00:58.279
<v Speaker 1>But some of these tactics are really innovative. I mean

0:00:58.320 --> 0:01:01.440
<v Speaker 1>they're very impressive. Bloom of reports to Jeff Stone joins

0:01:01.480 --> 0:01:08.600
<v Speaker 1>me today to explain. Jeff, what a pleasure. Thank you

0:01:08.640 --> 0:01:10.240
<v Speaker 1>so much for being here, Thank you for having me.

0:01:10.360 --> 0:01:12.440
<v Speaker 1>So what is it you do at Bloomberg? I read

0:01:12.440 --> 0:01:16.280
<v Speaker 1>about cybersecurity, which is a busy task. It's a collision

0:01:16.319 --> 0:01:20.360
<v Speaker 1>of crime and espionage and business and money and theft

0:01:20.400 --> 0:01:23.520
<v Speaker 1>it's endlessly fascinating. That sounds fun even writing a lot

0:01:23.520 --> 0:01:26.360
<v Speaker 1>about North Korea and hackers. What are North Korean hackers

0:01:26.440 --> 0:01:29.600
<v Speaker 1>up to in crypto? They are similarly busy in crypto.

0:01:29.680 --> 0:01:32.200
<v Speaker 1>According to the United States, that is, North kreen hackers

0:01:32.280 --> 0:01:37.319
<v Speaker 1>increasingly are focusing on on cryptocurrency services as a means

0:01:37.440 --> 0:01:41.160
<v Speaker 1>of generating money on behalf of the government of Kim

0:01:41.240 --> 0:01:43.720
<v Speaker 1>Jong Un. According to the US government, that is and

0:01:43.880 --> 0:01:47.880
<v Speaker 1>um independent cybersecurity researchers. That means they are looking at

0:01:47.920 --> 0:01:55.280
<v Speaker 1>everything from hacking exchanges. They're also impersonating people. They are

0:01:55.280 --> 0:01:59.040
<v Speaker 1>sending fake jobless things and pretending to be people who

0:01:59.080 --> 0:02:02.040
<v Speaker 1>they aren't in or to get as much information as

0:02:02.040 --> 0:02:04.800
<v Speaker 1>they possibly can about the world of virtual currency. So

0:02:05.440 --> 0:02:09.160
<v Speaker 1>I'm a North Korea hocko. I look up somebody's linked

0:02:09.200 --> 0:02:11.560
<v Speaker 1>in profile. Thought person seems like they have a fancy

0:02:11.639 --> 0:02:14.080
<v Speaker 1>job at a fancy crypto company. I steal some of

0:02:14.080 --> 0:02:16.600
<v Speaker 1>their credentials. I present them as my own. I try

0:02:16.639 --> 0:02:20.360
<v Speaker 1>to interview at name and exchange. In the process of

0:02:20.360 --> 0:02:21.880
<v Speaker 1>that interview. What am I doing. I'm trying to get

0:02:21.919 --> 0:02:24.600
<v Speaker 1>information out of them. It's kind of like, you know, spying,

0:02:25.000 --> 0:02:27.200
<v Speaker 1>or is it something else? You're doing two things. I

0:02:27.200 --> 0:02:29.359
<v Speaker 1>think you're you are trying to get as much information

0:02:29.360 --> 0:02:31.440
<v Speaker 1>as you possibly can from the person that you're speaking with,

0:02:31.480 --> 0:02:33.560
<v Speaker 1>because that just might help you if you don't get

0:02:33.560 --> 0:02:35.720
<v Speaker 1>the job. You also are trying to get the job.

0:02:36.360 --> 0:02:39.200
<v Speaker 1>According to the researchers that we have spoken with, they

0:02:39.200 --> 0:02:45.440
<v Speaker 1>have observed freelance contractors if you will secure employment at

0:02:45.600 --> 0:02:48.639
<v Speaker 1>some of these services. We don't know which services candidly,

0:02:49.120 --> 0:02:51.400
<v Speaker 1>but um, if they are involved in some of these

0:02:51.720 --> 0:02:55.560
<v Speaker 1>bridge projects, for instance, or the future of Ethereum, that

0:02:55.760 --> 0:02:58.440
<v Speaker 1>gives them not only a salary, which according to one

0:02:58.919 --> 0:03:03.640
<v Speaker 1>recent US governmental alert, could be as much as dollars

0:03:02.919 --> 0:03:07.680
<v Speaker 1>crypto Paz, and also it also does bring the espionage angle,

0:03:07.680 --> 0:03:09.840
<v Speaker 1>as you just alluded to, like, yeah, we can kind

0:03:09.840 --> 0:03:13.080
<v Speaker 1>of share this information in our country and use this

0:03:13.160 --> 0:03:15.200
<v Speaker 1>to kind of get around some of these sanctions. Right,

0:03:15.240 --> 0:03:17.320
<v Speaker 1>So I'm not only interviewing because I want to get

0:03:17.320 --> 0:03:19.240
<v Speaker 1>stuff out of my interview. I'm interviewing because, as you say,

0:03:19.280 --> 0:03:21.040
<v Speaker 1>I'm actually trying to work there and find even more

0:03:21.040 --> 0:03:22.880
<v Speaker 1>stuff outs. Right, And if you don't get the job

0:03:23.240 --> 0:03:25.400
<v Speaker 1>or if you get fired, it's probably not the end

0:03:25.400 --> 0:03:30.040
<v Speaker 1>of the world, because you're you're you're already employed. Yeah, right,

0:03:30.720 --> 0:03:35.240
<v Speaker 1>wild Now. So North Korea, when did they first start

0:03:35.400 --> 0:03:39.160
<v Speaker 1>realizing the kind of crypto could be a meaningful revenue

0:03:39.200 --> 0:03:42.160
<v Speaker 1>generator for them. It's difficult to peg that to a

0:03:42.240 --> 0:03:45.240
<v Speaker 1>specific date, but some of the conversations that we've had

0:03:45.600 --> 0:03:49.000
<v Speaker 1>indicate this would have happened probably four or five six

0:03:49.120 --> 0:03:52.520
<v Speaker 1>years ago. You might remember the Bangladesh Bank heist um

0:03:52.560 --> 0:03:56.200
<v Speaker 1>there was a number of financial, big financial hacks. They

0:03:56.200 --> 0:03:58.600
<v Speaker 1>tried to steal a billion dollars from the Bangladesh Bank

0:03:59.200 --> 0:04:03.680
<v Speaker 1>um central Bank via the Swift network. Bangladesh, the central bank,

0:04:03.720 --> 0:04:08.000
<v Speaker 1>which is pretty vulnerable to a cyber attack, has been attacked.

0:04:08.520 --> 0:04:10.800
<v Speaker 1>It is a murky story, and it's a murky story

0:04:10.800 --> 0:04:14.920
<v Speaker 1>about vulnerability, and it's about cyber Two sort of transactions.

0:04:15.000 --> 0:04:18.960
<v Speaker 1>The first one was about eighty one million U S dollars.

0:04:19.480 --> 0:04:24.400
<v Speaker 1>There was another attempted transaction nearly a billion dollars. People

0:04:24.480 --> 0:04:27.159
<v Speaker 1>look at this and I think this is very, very shady. Indeed,

0:04:28.480 --> 0:04:30.560
<v Speaker 1>that was kind of a big watershed moment in the

0:04:30.600 --> 0:04:33.760
<v Speaker 1>world of financial security. A lot of banks started to

0:04:33.839 --> 0:04:36.280
<v Speaker 1>kind of improve the way that they were verifying that

0:04:36.400 --> 0:04:39.159
<v Speaker 1>users are who they say they are, so right around

0:04:39.200 --> 0:04:42.479
<v Speaker 1>that time is when cryptocurrency started to become more real.

0:04:42.800 --> 0:04:46.320
<v Speaker 1>Last year, we know according to analysis, for instance, UM,

0:04:46.400 --> 0:04:48.720
<v Speaker 1>some of these North Korean hackers were involved in like

0:04:48.839 --> 0:04:53.200
<v Speaker 1>seven hacks. We've already seen that, you know, significantly more

0:04:53.320 --> 0:04:57.080
<v Speaker 1>and raising more money in the first half, so you know,

0:04:57.240 --> 0:04:59.320
<v Speaker 1>you say, there there is even more money in this year,

0:04:59.360 --> 0:05:01.640
<v Speaker 1>Like what are the sums that we're talking about? According

0:05:01.640 --> 0:05:05.000
<v Speaker 1>to public charges, at least the Lazarus Group, which is

0:05:05.400 --> 0:05:08.919
<v Speaker 1>North Korea's state sponsored hacking organization, took as much as

0:05:08.960 --> 0:05:12.080
<v Speaker 1>six hundred million dollars in the hack on Xi Infinity

0:05:12.120 --> 0:05:16.359
<v Speaker 1>and March. That's already significantly more than they are accused

0:05:16.360 --> 0:05:19.880
<v Speaker 1>of stealing last year, which was four hundred million dollars UM,

0:05:19.920 --> 0:05:23.560
<v Speaker 1>and there have only been more incidents since then. The

0:05:23.600 --> 0:05:27.279
<v Speaker 1>blockchain company Harmony said in June attacker stole an additional

0:05:27.360 --> 0:05:31.279
<v Speaker 1>hundred million dollars and um, there's Nomad breach, which is

0:05:31.440 --> 0:05:35.200
<v Speaker 1>still an investigation, but attackers stole a million from bridge

0:05:35.240 --> 0:05:38.640
<v Speaker 1>protocol tool there. So again it's hard to pin it

0:05:38.680 --> 0:05:41.680
<v Speaker 1>down to its specific figure, but it's it's significantly we've

0:05:41.720 --> 0:05:43.440
<v Speaker 1>seen that's that's a lot of money, and all of

0:05:43.480 --> 0:05:45.279
<v Speaker 1>those are hacks that are big enough for you know,

0:05:45.360 --> 0:05:47.400
<v Speaker 1>us to cover them here at Bloomberg. So there's certainly

0:05:47.400 --> 0:05:50.280
<v Speaker 1>things that we're paying attention to. Well, what I'm getting

0:05:50.279 --> 0:05:51.960
<v Speaker 1>from you is it sounds like the North Korean hackers

0:05:51.960 --> 0:05:54.080
<v Speaker 1>are good at their jobs. Sure, let's talk about the

0:05:54.080 --> 0:05:56.120
<v Speaker 1>people who seem to need to be better at their jobs. Like,

0:05:56.200 --> 0:05:59.920
<v Speaker 1>I'm a recruiter. Why am I getting spoofed by somebody

0:06:00.000 --> 0:06:02.000
<v Speaker 1>with a fake resume? Like? What's going on? It's hard

0:06:02.040 --> 0:06:04.800
<v Speaker 1>to find people? Just you know, this is not a

0:06:04.800 --> 0:06:06.960
<v Speaker 1>problem that's limited to crypto. We know this is happening

0:06:06.960 --> 0:06:10.440
<v Speaker 1>in other industries, the technology industry, software development, but crypto

0:06:10.520 --> 0:06:13.839
<v Speaker 1>specifically is really being targeted. I think that it's also

0:06:14.600 --> 0:06:18.800
<v Speaker 1>as they are trying to find the right people. Um,

0:06:18.880 --> 0:06:22.440
<v Speaker 1>you do have to take steps to be more flexible

0:06:22.480 --> 0:06:25.440
<v Speaker 1>in terms of allowing remote work for instance. Or I

0:06:25.480 --> 0:06:27.719
<v Speaker 1>was gonna say, like, are these folks flying from North

0:06:27.800 --> 0:06:30.440
<v Speaker 1>Korea to the US. Not that we're aware of, but

0:06:30.880 --> 0:06:33.520
<v Speaker 1>you know, there is a small number of people who

0:06:33.720 --> 0:06:37.320
<v Speaker 1>have these skills, as you know, and um, as they

0:06:37.440 --> 0:06:39.240
<v Speaker 1>as they try to find the right people, you kind

0:06:39.240 --> 0:06:41.880
<v Speaker 1>of need to make certain allowances. Maybe someone doesn't sound

0:06:41.920 --> 0:06:44.359
<v Speaker 1>quite right on the phone, but Hey, they have this

0:06:44.360 --> 0:06:46.480
<v Speaker 1>this skill and they're willing to take this salary for

0:06:47.120 --> 0:06:49.000
<v Speaker 1>um X number of dollars, so we can't find anybody

0:06:49.000 --> 0:06:54.120
<v Speaker 1>else to do it. So Okay, I'm a recruiter. I'm stressed,

0:06:54.160 --> 0:06:56.880
<v Speaker 1>I'm busy. I have some CEO being like hire more people.

0:06:56.920 --> 0:07:01.719
<v Speaker 1>I'm hiring more people. Fine, humans make mistakes. But the

0:07:01.800 --> 0:07:04.400
<v Speaker 1>thing that seems bigger to me is the fact that

0:07:04.440 --> 0:07:06.880
<v Speaker 1>these as you describe them, crypto bridges, which you can

0:07:06.920 --> 0:07:09.239
<v Speaker 1>think of as like protocols that let you move crypto

0:07:09.320 --> 0:07:11.720
<v Speaker 1>from one thing to another thing, and you know, a

0:07:11.800 --> 0:07:14.840
<v Speaker 1>highly simplified version of what's going on, these things get

0:07:14.880 --> 0:07:19.560
<v Speaker 1>hacked a lot for a lot of money, fairly frequently.

0:07:20.200 --> 0:07:22.400
<v Speaker 1>And that's before you get to the other like completely

0:07:22.480 --> 0:07:26.640
<v Speaker 1>run of the mill scams like fishing or spoofing. As

0:07:26.680 --> 0:07:30.800
<v Speaker 1>an as an industry, is crypto getting better at its

0:07:30.800 --> 0:07:34.080
<v Speaker 1>security practices, From like your perspective of someone who's covered

0:07:34.120 --> 0:07:39.160
<v Speaker 1>this more broadly, from my perspective, it is not. Candidly.

0:07:40.160 --> 0:07:42.880
<v Speaker 1>We talked about the Bangladesh bank hast a few years ago,

0:07:43.000 --> 0:07:45.080
<v Speaker 1>there was a number of big financial hacks. I would

0:07:45.080 --> 0:07:48.640
<v Speaker 1>expect personally this first six months of this year to

0:07:49.040 --> 0:07:52.240
<v Speaker 1>really be kind of you know, no industry can stand

0:07:52.280 --> 0:07:56.280
<v Speaker 1>to lose x number billion dollars a year. It's it's embarrassing.

0:07:56.320 --> 0:07:58.440
<v Speaker 1>It creates you know, there's the issues that have to

0:07:58.480 --> 0:08:01.400
<v Speaker 1>do with trust, which obviously so much of um the

0:08:01.520 --> 0:08:04.600
<v Speaker 1>root of this industry. So to lose so much money

0:08:04.680 --> 0:08:07.120
<v Speaker 1>so quickly, we know that real people are are really

0:08:07.120 --> 0:08:11.720
<v Speaker 1>losing significant amount of cash. And we're we're hearing candidly

0:08:11.760 --> 0:08:14.200
<v Speaker 1>from people who are trying to get more into crypto

0:08:14.280 --> 0:08:17.240
<v Speaker 1>and see it as a investment opportunity and something cool

0:08:17.280 --> 0:08:19.400
<v Speaker 1>and new and interesting to think about. And it's hard

0:08:19.440 --> 0:08:23.200
<v Speaker 1>to know the difference between scams and real services because

0:08:23.640 --> 0:08:26.520
<v Speaker 1>the names and you know, it's it's just really scary

0:08:26.560 --> 0:08:30.200
<v Speaker 1>to hear about these massive dollar figures. Yeah, and this

0:08:30.280 --> 0:08:32.160
<v Speaker 1>is this is an industry that loves to say, you know,

0:08:32.240 --> 0:08:34.880
<v Speaker 1>do your own research, but it sounds like even the

0:08:34.920 --> 0:08:37.360
<v Speaker 1>people who are doing their research are still getting into trouble.

0:08:37.640 --> 0:08:39.640
<v Speaker 1>Is there is there kind of a degree of sophistication

0:08:39.679 --> 0:08:42.240
<v Speaker 1>that's being deployed against these companies or is it you know,

0:08:42.440 --> 0:08:44.640
<v Speaker 1>much more run of the mill. It is it is

0:08:44.720 --> 0:08:47.280
<v Speaker 1>as run of the mill as a typical email scam

0:08:47.320 --> 0:08:49.480
<v Speaker 1>that you might have seen against a bank um a

0:08:49.480 --> 0:08:52.880
<v Speaker 1>few years ago. We previously have have written about some

0:08:52.920 --> 0:08:57.760
<v Speaker 1>instances where these crypto scammers were hijacked Twitter accounts for instance.

0:08:58.480 --> 0:09:00.800
<v Speaker 1>Those Twitter accounts will be off to be verified. They

0:09:00.880 --> 0:09:03.280
<v Speaker 1>belong to real people and often like heads of state,

0:09:03.800 --> 0:09:07.640
<v Speaker 1>you know, very specific people on the internet. Yet great example,

0:09:07.679 --> 0:09:11.439
<v Speaker 1>they are soliciting donations. They are raising a ton of

0:09:11.480 --> 0:09:13.480
<v Speaker 1>money in a very short amount of time, even before

0:09:13.480 --> 0:09:16.600
<v Speaker 1>those crypto scams are removed from Twitter. So you know,

0:09:16.679 --> 0:09:19.000
<v Speaker 1>I think there's some board a activity earlier this year

0:09:19.000 --> 0:09:21.640
<v Speaker 1>that was fraudulent, or yeah, the board of Instagram got

0:09:21.640 --> 0:09:24.520
<v Speaker 1>hacked because of you know, probably like social engineering. Somebody

0:09:24.520 --> 0:09:26.120
<v Speaker 1>clicked on a link they shouldn't have clicked on. Social

0:09:26.160 --> 0:09:29.679
<v Speaker 1>engineering is not complicated stuff. It's it's sending a fake

0:09:29.760 --> 0:09:32.640
<v Speaker 1>text message that looks real that tricks the wrong person

0:09:32.679 --> 0:09:34.880
<v Speaker 1>into providing their user name password. You only need to

0:09:34.920 --> 0:09:37.040
<v Speaker 1>do it successfully once in order to make a lot

0:09:37.040 --> 0:09:38.760
<v Speaker 1>of money. So you know, as an example of that,

0:09:38.800 --> 0:09:41.880
<v Speaker 1>I get constant text messages like pretending to be this

0:09:42.000 --> 0:09:43.839
<v Speaker 1>is chased and you need to change your password, and

0:09:43.880 --> 0:09:46.120
<v Speaker 1>here's this really skeptical looking link that you should click

0:09:46.160 --> 0:09:47.840
<v Speaker 1>on and give us all your information. But it can

0:09:47.880 --> 0:09:51.160
<v Speaker 1>also be you know, somebody calling someone up and saying, hey,

0:09:51.240 --> 0:09:54.120
<v Speaker 1>I work here and I've locked myself out of my password?

0:09:54.160 --> 0:09:56.800
<v Speaker 1>Can you help me reset it? That seems to happen.

0:09:57.080 --> 0:10:00.120
<v Speaker 1>We've also you all have also been reporting on things

0:10:00.160 --> 0:10:04.320
<v Speaker 1>sim swapping, which sounds fun like, what does that mean? Exactly? Well,

0:10:04.360 --> 0:10:08.760
<v Speaker 1>sim swopping is endlessly fascinating. Similarly broadly defined um it

0:10:08.880 --> 0:10:13.240
<v Speaker 1>involves you losing control of your phone number. So if

0:10:13.320 --> 0:10:16.440
<v Speaker 1>you have your forgot passwords set up so that if

0:10:16.480 --> 0:10:19.640
<v Speaker 1>you can't remember your credentials, it will send a text.

0:10:19.800 --> 0:10:22.240
<v Speaker 1>It will send a text to your phone. If someone

0:10:22.320 --> 0:10:26.880
<v Speaker 1>identifies you as a particularly valuable target, they will call

0:10:27.000 --> 0:10:29.920
<v Speaker 1>the phone company. There have been public charges, for instance,

0:10:30.000 --> 0:10:34.240
<v Speaker 1>of crypto scammers or sim swappers, I should say bribing

0:10:34.559 --> 0:10:39.000
<v Speaker 1>customer service employees at cell providers. A T T had

0:10:39.000 --> 0:10:40.560
<v Speaker 1>a major problem with this a few years ago. There

0:10:40.559 --> 0:10:42.199
<v Speaker 1>have been a number of indictments against former A T

0:10:42.360 --> 0:10:44.760
<v Speaker 1>T employees. They're not paid a lot of money when

0:10:44.760 --> 0:10:46.960
<v Speaker 1>they're working in a retail store. It is as simple

0:10:47.080 --> 0:10:51.439
<v Speaker 1>as bribing a retail employee to m make this change

0:10:51.480 --> 0:10:54.560
<v Speaker 1>to someone's phone account. You take over their number. You

0:10:54.600 --> 0:10:56.640
<v Speaker 1>then have access to their best words. So anybody who's

0:10:56.679 --> 0:10:59.920
<v Speaker 1>texting me, whether that is you know, my Gmail rees

0:11:00.040 --> 0:11:03.280
<v Speaker 1>set or like my friends in the group text, that's

0:11:03.320 --> 0:11:06.000
<v Speaker 1>all going to somebody else's phone. It's that's correct. You

0:11:06.040 --> 0:11:07.880
<v Speaker 1>can access your phone at all, you can't access any

0:11:07.880 --> 0:11:10.080
<v Speaker 1>of your apps or your accounts. I should say that's

0:11:10.080 --> 0:11:12.840
<v Speaker 1>not a problem with crypto necessarily, it's a problem with

0:11:12.880 --> 0:11:17.000
<v Speaker 1>the way that users are authenticated typically in the United States,

0:11:17.080 --> 0:11:19.719
<v Speaker 1>is not a problem as much elsewhere, but the way

0:11:19.720 --> 0:11:23.160
<v Speaker 1>that our phone numbers have become social security I was

0:11:23.160 --> 0:11:25.400
<v Speaker 1>going to say the same thing, they are super important,

0:11:25.440 --> 0:11:27.320
<v Speaker 1>and that that is a real vulnerability that people are

0:11:27.360 --> 0:11:29.840
<v Speaker 1>learning to exploit and make a lot of money rapidly.

0:11:30.520 --> 0:11:32.560
<v Speaker 1>We'll be right back with more from Bloomboog Reports at

0:11:32.600 --> 0:11:43.920
<v Speaker 1>Jeffstone on the threat of North Korea and crypto. Is

0:11:43.960 --> 0:11:47.640
<v Speaker 1>there anything that has proven effective against these crypto hackos

0:11:47.640 --> 0:11:50.920
<v Speaker 1>and scammas, especially the North Korean groups. The problem with

0:11:51.120 --> 0:11:54.600
<v Speaker 1>trying to stop some of these attacks in these campaigns

0:11:54.679 --> 0:11:59.520
<v Speaker 1>is they are developing as quickly as this technology. Some

0:11:59.559 --> 0:12:02.760
<v Speaker 1>of the kind stations that we had recently with folks

0:12:02.920 --> 0:12:06.679
<v Speaker 1>from mandy It, for instance, indicated that no longer are

0:12:06.720 --> 0:12:11.040
<v Speaker 1>these hackers just targeting end users. They're no longer just

0:12:11.160 --> 0:12:14.880
<v Speaker 1>targeting the exchanges. They are now trying to get jobs

0:12:14.880 --> 0:12:18.360
<v Speaker 1>with these bridge services, for instance, and get an edge

0:12:18.400 --> 0:12:21.160
<v Speaker 1>into um some of the changes to Ethereum that might

0:12:21.160 --> 0:12:23.960
<v Speaker 1>be coming up. So I don't think there is any

0:12:24.040 --> 0:12:27.240
<v Speaker 1>silver bullet to solving these issues. It's just a matter

0:12:27.240 --> 0:12:31.839
<v Speaker 1>of constant diligence and really I think adopting the mentality

0:12:31.880 --> 0:12:35.600
<v Speaker 1>that you are vulnerable and people are trying to get

0:12:35.640 --> 0:12:38.080
<v Speaker 1>in there in ways that maybe you didn't expect. I

0:12:38.080 --> 0:12:41.120
<v Speaker 1>know that's not super helpful, but it's what we're seeing. Well.

0:12:41.200 --> 0:12:43.880
<v Speaker 1>Certainly one of the other things that we're starting to

0:12:43.960 --> 0:12:47.720
<v Speaker 1>see is that the US government is really cracking down,

0:12:48.400 --> 0:12:52.920
<v Speaker 1>you know the recently the U. S. Treasury Department issued

0:12:53.400 --> 0:12:57.640
<v Speaker 1>sanctions on something called a crypto mixer. And if if

0:12:57.640 --> 0:13:00.320
<v Speaker 1>you think about what a crypto mixer is, it's a egine.

0:13:00.360 --> 0:13:03.079
<v Speaker 1>You have, you know, some bitcoins, some Ethereum, some she

0:13:03.240 --> 0:13:06.120
<v Speaker 1>but you knew some doge and you want to, shall

0:13:06.160 --> 0:13:10.360
<v Speaker 1>we say, obscure the origin of those various bits of

0:13:10.480 --> 0:13:12.480
<v Speaker 1>currency and where you got them from. You would put

0:13:12.520 --> 0:13:17.640
<v Speaker 1>them into a mixer, which effectively like anonymizes those transactions

0:13:17.640 --> 0:13:20.000
<v Speaker 1>and spits out something that's a little bit harder to trace.

0:13:20.400 --> 0:13:22.920
<v Speaker 1>You can imagine that services like that might be very

0:13:22.960 --> 0:13:28.280
<v Speaker 1>attractive to say, North Korean hackers, And so what what

0:13:28.280 --> 0:13:30.200
<v Speaker 1>what is the U. S Treasury Department been trying to

0:13:30.200 --> 0:13:33.640
<v Speaker 1>do with these services? They're trying to stop North Korean

0:13:33.679 --> 0:13:36.520
<v Speaker 1>hackers from using them in whatever way they that they can.

0:13:37.080 --> 0:13:39.760
<v Speaker 1>What's particularly interesting about this is the way that these

0:13:39.800 --> 0:13:43.000
<v Speaker 1>mixing services have become kind of an extension not in

0:13:43.080 --> 0:13:45.280
<v Speaker 1>every case, in some cases, according to the US government,

0:13:45.280 --> 0:13:48.800
<v Speaker 1>though they have become an extension of this larger UM

0:13:48.960 --> 0:13:53.240
<v Speaker 1>cybercrime issue. You know, we we've saw as recently as

0:13:53.440 --> 0:13:58.200
<v Speaker 1>as earlier this year allegations that a different mixing service

0:13:58.280 --> 0:14:01.959
<v Speaker 1>was used, particularly for ransomwares. So, um, it's not only

0:14:02.040 --> 0:14:04.760
<v Speaker 1>this kind of large scale crypto AFT, it's when something

0:14:04.840 --> 0:14:08.120
<v Speaker 1>is taken via extortion, they can you know, kind of

0:14:08.320 --> 0:14:11.199
<v Speaker 1>run it through some of these UM mixing services to

0:14:11.280 --> 0:14:13.520
<v Speaker 1>kind of hide their activity in a more effective way.

0:14:13.559 --> 0:14:15.160
<v Speaker 1>And of course the goal of that is to make

0:14:15.200 --> 0:14:17.439
<v Speaker 1>it harder to trace those funds and ever get them

0:14:17.440 --> 0:14:19.560
<v Speaker 1>back for the people who have been scammed have to

0:14:19.640 --> 0:14:23.360
<v Speaker 1>extort it. Yeah, like you said, pretty much an arms race.

0:14:23.520 --> 0:14:25.520
<v Speaker 1>It is very much as an arms race. It's very

0:14:25.560 --> 0:14:27.600
<v Speaker 1>interesting in the U. S. Government. Look, I don't think

0:14:27.640 --> 0:14:30.040
<v Speaker 1>a few years ago, UM, I'll speak for myself, I

0:14:30.080 --> 0:14:32.960
<v Speaker 1>didn't expect the United States to move as quickly as

0:14:33.000 --> 0:14:35.440
<v Speaker 1>they have in terms of trying to combat some of

0:14:35.440 --> 0:14:39.000
<v Speaker 1>this stuff. We've seen some really big seizures over the

0:14:39.000 --> 0:14:42.560
<v Speaker 1>past year or so that UM not long ago would

0:14:42.560 --> 0:14:45.600
<v Speaker 1>have been obviously significantly more difficult. We know they're trying

0:14:45.600 --> 0:14:49.760
<v Speaker 1>to staff up very rapidly. Is there anything else that

0:14:49.800 --> 0:14:53.920
<v Speaker 1>has surprised you other than perhaps the size and frequency

0:14:53.920 --> 0:14:57.120
<v Speaker 1>of these hacks, like you, as a reporter in cybersecurity,

0:14:57.160 --> 0:14:59.400
<v Speaker 1>suddenly now having to get up to speed on what

0:14:59.440 --> 0:15:03.000
<v Speaker 1>a bridge is and what it makes. Yes, that has

0:15:03.040 --> 0:15:05.280
<v Speaker 1>been that. Thank you for pointing that out. That's one's

0:15:05.320 --> 0:15:07.840
<v Speaker 1>extremely surprising to me. I didn't expect that. But the

0:15:07.880 --> 0:15:13.200
<v Speaker 1>way that these suspected North Korean hackers are attuned to

0:15:13.480 --> 0:15:17.720
<v Speaker 1>the culture of not only Western culture and the US,

0:15:17.760 --> 0:15:21.040
<v Speaker 1>but really like Silicon Valley, there was there was research

0:15:21.080 --> 0:15:25.600
<v Speaker 1>that came out from Google UM not long ago indicating

0:15:25.640 --> 0:15:28.160
<v Speaker 1>that that this group, the Lazarus group, this is the

0:15:28.200 --> 0:15:31.160
<v Speaker 1>same group that carried out the Bangladesh bank heist. The

0:15:31.200 --> 0:15:34.120
<v Speaker 1>same group that targeted Sony Pictures years ago and released

0:15:34.120 --> 0:15:38.080
<v Speaker 1>all of those emails and um inspired a condemnation from

0:15:38.480 --> 0:15:42.800
<v Speaker 1>former President Obama. The same group is now like creating

0:15:42.840 --> 0:15:46.560
<v Speaker 1>fake versions of Indeed dot com creating fake versions of

0:15:46.600 --> 0:15:50.360
<v Speaker 1>a Disney careers page, and they're using those in really

0:15:51.000 --> 0:15:54.400
<v Speaker 1>targeted espionage operations to get a little bit of information

0:15:54.840 --> 0:15:59.320
<v Speaker 1>from a very small, specific set of targets and it works.

0:15:59.560 --> 0:16:03.320
<v Speaker 1>So is really um, you know, this is crime, and

0:16:03.360 --> 0:16:06.320
<v Speaker 1>this is this is geopolitics, and there's a lot of

0:16:06.400 --> 0:16:10.240
<v Speaker 1>ugliness to this and obviously the North Korean government being

0:16:10.280 --> 0:16:14.080
<v Speaker 1>what it is, but some of these tactics are really innovative.

0:16:14.120 --> 0:16:17.440
<v Speaker 1>I mean they're very impressive and very there. They are surprising.

0:16:17.600 --> 0:16:20.720
<v Speaker 1>No wonder they're get hired by crypto companies. Yeah right,

0:16:22.840 --> 0:16:25.720
<v Speaker 1>it's kind of joke. That's a true story. Well, thank

0:16:25.760 --> 0:16:27.080
<v Speaker 1>you so much for being on the podcast. I really

0:16:27.120 --> 0:16:28.840
<v Speaker 1>appreciate you taking the time. Thank you for having me.

0:16:28.840 --> 0:16:31.120
<v Speaker 1>I'm such a fan. You can find more of Jeff

0:16:31.120 --> 0:16:34.440
<v Speaker 1>stones reporting on the Bloomberg Terminal on Bloomberg dot com

0:16:34.560 --> 0:16:38.320
<v Speaker 1>or follow him on Twitter. He's at Jeff Stone five hundred.

0:16:41.760 --> 0:16:46.440
<v Speaker 1>On the next episode of Bloomberg Crypto. Cars, especially luxury cars,

0:16:46.760 --> 0:16:49.760
<v Speaker 1>have always been a marker of wealth, but for many

0:16:49.840 --> 0:16:54.560
<v Speaker 1>crypto investors, no single car has driven so much interest

0:16:54.800 --> 0:16:58.480
<v Speaker 1>as the Lamborghini. To better understand how the Lambo came

0:16:58.560 --> 0:17:00.760
<v Speaker 1>to be one of the most visible status symbols in crypto,

0:17:01.160 --> 0:17:03.760
<v Speaker 1>I'll be joined by Bloomberg Report to Hannah Miller and

0:17:03.800 --> 0:17:11.240
<v Speaker 1>crypto venture capitalist Peter Saddington. This is Bloomberg Crypto, a

0:17:11.320 --> 0:17:14.720
<v Speaker 1>daily podcast from Bloomberg and I Heart Radio. For more

0:17:14.720 --> 0:17:17.400
<v Speaker 1>shows from I Heart Radio, visit the I Heart Radio app,

0:17:17.640 --> 0:17:21.760
<v Speaker 1>Apple Podcasts, or wherever you get your podcasts. Send us

0:17:21.760 --> 0:17:24.640
<v Speaker 1>your comments, questions, or suggestions for the show to Crypto

0:17:24.720 --> 0:17:27.840
<v Speaker 1>at Bloomberg dot net or find us on Twitter. We're

0:17:27.880 --> 0:17:34.080
<v Speaker 1>at Crypto. The supervising producer of Bloomberg Crypto is Vicky Vergalina.

0:17:34.480 --> 0:17:38.520
<v Speaker 1>Our senior producer is Janet Babin. Our producer is Shannon Barrero.

0:17:38.840 --> 0:17:42.720
<v Speaker 1>Associate producer is Thy Butler. Desta wonder At is our engineer.

0:17:43.160 --> 0:17:47.640
<v Speaker 1>Original music by Leo Sidrn. I'm Stacy Maria Shmal. We'll

0:17:47.640 --> 0:17:48.400
<v Speaker 1>be back tomorrow