“WannaCry” is the most notorious cyber attack in history. It was probably perpetrated by the Lazarus group. Hacker hunter Jonas Walker tells in BILD that the cyber criminals are trained in North Korean training camps.
The Lazarus hackers have been spreading fear and horror for over a decade. In 2009, they began attacking the South Korean government and later stealing over 150 million euros from banks. “Lazarus is a group that is sponsored by the government of North Korea,” explains hacker hunter Jonas Walker. “Wars are increasingly being fought online. And the resources for Cyber War come from their hacks like ‘WannaCry’. ”
In addition to money, the focus is on political motives, for example in the Lazarus attack on Sony Pictures in 2014, which targeted the film “The Interview” – a satirical of North Korea’s dictator Kim Jong-un.
“There were around 30 hackers who used every tool available, spent months preparing and doing nothing but scouring reddit, LinkedIn and Facebook to find information about Sony employees,” says Walker.
Swiss chases hackers in Singapore
The computer scientist sits in front of several screens on the 22nd floor of a skyscraper in Singapore. He moved from Zurich to the Asian high-tech metropolis to neutralize attacks with security programs for FortiGuard Labs.
Often it’s a fight against windmills, because the hackers have significantly greater capacities: “In principle, you get a degree in computer science from the North Korean state. Like the Olympic athletes in North Korea, they get the opportunity to attend hacking training camps in China, ”says Walker.
According to Walker, that’s part of their motivation. Under normal circumstances, North Koreans cannot easily leave their country.
Because the hackers are trained so well, they are among the best in the world. “WannaCry” is the most famous attack by Lazarus. The computer worm exploited a security hole previously used by the US secret service NSA to spy on citizens.
It infects Windows computers with outdated software, encrypts files and sends blackmail messages. In 2017 alone, 230,000 computers in 150 countries were infected and companies, hospitals and ministries were blackmailed.
At Deutsche Bahn, the attacks switched off display panels and Europol spoke of an unprecedented event. Walker registers current “WannaCry” attacks with a program called “Honeypot”, which lures the attacker to a bogus target. “As soon as it runs for five minutes, I’ll see around 10,000 automated attacks!” He says.
This is what a “WannaCry” attack looks like – data on the victim’s computer was encrypted according to the hacker’s warning message, and at the bottom there is the payment notice via Bitcoins
Walker is a hacker himself
To repel the attacks, Walker taught himself to hack. The 37-year-old got his first computer at the age of nine, watched hacker films and, after studying computer science, used free information on blogs and YouTube to understand exactly how to break into systems.
“I’ve never taken a drug, but I could imagine the feeling is similar – you always want to find out more and find out more about your limits,” he says. He now describes himself as a hacker – albeit as a so-called “white hat” who uses his knowledge to close security gaps.
Walker reveals to BILD where the hackers can find the security holes: in public online databases such as exploit-db.com. It is up to the computer owners to protect themselves from this with updates.
The Lazarus hackers are currently attacking cryptocurrencies and, according to Walker, are mainly stealing Bitcoins & Co. in order to support the North Korean state.