North Korea Hacking Poker Sites to Fund NUKE Programme???

(Photo: Stripes.com)

It sounds like the plot of a very weak James Bond movie, but according to South Korean financial security experts, the Kim Jong-un regime in North has been targeting gambling websites in order to raise funds for their nuclear weapons programme.

South Korea’s Financial Security Institute claim the impoverished nation to the north has “carried out a series of devastating cyber-attacks around the world to steal cash, as well as classified military and government documents,” with the US government backing the astonishing claims.

It’s not that unusual for gambling sites to be targeted by criminals, last year seeing a suspected Romanian network of cyber-criminals involved in a simultaneous attack on more than 2500 gambling sites – but the funds the North Koreans are believed to have gained from their hacking are connected to the most serious of threats – nuclear war.

Nuclear threat

The South Korean organisation said Kim Jong-un’s regime in Pyongyang ‘has been stepping up its online hacking capabilities as a way of earning hard cash under the chokehold of international sanctions imposed to stop the development of its nuclear weapons programme,’ according to the Daily Star newspaper.

The North are also suspected of being behind concerted attacks on banks and even a major Hollywood studio - last year’s ‘£62 billion heist at Bangladesh’s central bank’ and the 2014 cyber-assault on Sony’s Hollywood studio chief among them – claims that the ‘infamous hacking group Lazarus’ are controlled by the North Korean dictator.

Although no specific sites are named in the Star’s claims, last year’s hacking of the Gambling Professional Webmasters Association, shows how relatively easy it is to access many sites from one source attack.

How the hacking works

The Verge explained in an article last July that ‘visitors to a wide range of gambling sites started reporting unusual behavior. Strange text windows would pop up, offering users special access codes for third-party gambling sites. Links would appear with new affiliate tags, an almost unnoticeable difference that could still prove wildly lucrative for whoever got paid for the new referrals.’

It transpired that ‘traffic bound for a gambling association’s homepage was being rerouted to a Romanian dummy site, which was inserting the ads and affiliate codes on the fly,’ Michael Corfman, the executive director of the GPWA stating that:

"The monitoring we’d done had never shown any issue, which was quite puzzling. We very carefully monitored the traffic coming from our servers because we take that sort of situation extremely seriously.”

But it wasn’t the site itself being hacked, but rather their certification service which approves some 2,476 different affiliated sites – ‘typically gaming portals like PokerListings.com and Penny-slot-machines.co,’ claim Verge, explaining that in this way ‘a single interception attack could compromise visitors from all 2,476 sites at once.’

It is unclear whether or not the North Korean version of the cyber-hacks operate in the same way, but the nuclear threats which the attacks are allegedly funding has already seen top military officials in the US warning that ‘it may have to wage war soon to stop Pyongyang’s nuclear programme’ according to the Star’s report.