Hot Clicks: The Life of a North Korean Hacker

Rounding up IT and advanced tech-related news impacting government and industry.

The country’s hacker army isn’t interested in exposing security vulnerabilities or stealing state secrets. Its goal is to make the government money. The regime in Pyongyang sends hundreds of hackers into China, India and Cambodia to raise millions for North Korea. Jong Hyok, a “foot soldier” in the country’s hacker army, said he lived and worked in a crowded home in a Chinese city with other hackers, required to earn up to $100,000 a year any way they could.

Hyok said he wasn’t part of more recent attacks like WannaCry, but was of an earlier wave sent by Kim Jong Il, the father of current leader Kim Jong Un. Kim Jong Il started this programming effort to rebuild the country’s economy during the 1990s. He formed a cyber army to expand the country’s hacking activities. When he died, his son grew the program.

Hyok was recruited after graduation. He said his conditions were better than most; but all had strict guidelines and targets to meet, arduous hacking tasks and little freedom. Most hackers were paid very little, given poor medical care, faced severe consequences and lived in cramped unsanitary buildings. In fact, this isn’t really Hyok’s name, as he eventually fled the regime and his hacking duties to later find refuge and a new life in South Korea. Bloomberg Businessweek

Is NASA Selling the International Space Station?

NASA’s fiscal year 2019 budget proposes an end to funding for the International Space Station in 2025, but does open the possibility of handing it over fully or partially to industry. NASA examined many options for the future of the ISS after a congressionally-mandated transition plan; like continuing ISS the way it is beyond 2024 or de-orbiting the station entirely. The administration decided to end NASA funding of ISS in 2025, and support the development of commercial successors.

SpaceNews obtained an internal agency document saying the 2019 budget proposal will offer $150 million to support these commercial capabilities in low-Earth orbit to take over ISS, to ensure the station or elements of it are still operational when needed. It doesn’t mean the end of the station, as industry could continue to operate it as a future commercial platform. In fact, the administration is hoping to have commercial facilities in operation by 2025, potentially making NASA a customer of those facilities in low-Earth orbit to continue research.

But questions remain around how the plan will coordinate with ISS international partners, and there’s sure to be some congressional opposition. SpaceNews

White House Revisits Self-Driving Car Guidelines

And it’s hosting a summit to do so. On March 1, auto manufacturer, tech companies, road safety advocates and policymakers will come together to “identify priority federal and nonfederal activities that can accelerate the safe rollout” of autonomous cars, according to the Transportation Department.

The announcement of the conference comes after the Trump administration said it plans to revise self-driving car guidelines this summer, and rewrite regulations that are legally getting in the way

The National Highway Traffic-Safety Administration is also looking for ideas on how it can remove “unnecessary regulatory barriers” to robot cars, especially ones that lack controls for a human driver. It’s looking for comments on what research to conduct before rewriting regulations, because finalizing rule change can take years. The event will host stakeholder breakout sessions on topics too, and is open to the public. It’ll be held at the department’s headquarters in Washington, D.C. Reuters

Making Robots Smarter on Their Own

Robots are best at simple jobs because of how much work goes into programming them to do so. But researchers at Brown University and MIT are teaching robots to complete more complex tasks without having to actually input that information in their system. Instead, they’re programming robots to manipulate simple objects in a room, like opening cupboards and flipping light switches, while taking in its surroundings. By using simple motor skills, the robots are able to process information through the algorithms developed by the researchers, and learn abstract concepts about the objects in the room.

For example, a two-armed robot was able to learn the doors need to be closed before they can be opened. It also learned the light inside the cupboard was too bright for its sensors, so to complete its task of manipulating a bottle inside the cupboard, the robot had to turn off the light. To turn off the light, the cupboard door needed to be closed because it was blocking access to the switch. In the end, the robot learned to associate an object with one of the abstract concepts on its own.

According to the researchers, it’s a “common language” developed between the robot and human that doesn’t require complex coding, and this “adaptive quality” allows the robot to complete a wider variety of tasks in different environments. This way, robots become more intelligent when they’re given a goal and can decide the behavior on their own. TechCrunch

Weekend Cryptomining Hack Could Have Been Much Worse

On Feb. 11, security researcher Scott Helme noticed an attack on the web plugin Browsealoud, a popular suite of accessibility and translation tools. This attack allowed hackers to inject thousands of websites with a code that accessed visitors’ computers to mine cryptocurrency. All of the targeted sites were using Browsealoud, including some U.S. and U.K. government websites (like USCourts.Gov).

Helme said hackers edited the plugin with a script to use a site visitors’ computer to mine the currency Monero. This can greatly slow down the user’s computer, because mining digital currencies requires a lot of computing power. It’s possible the mining script was injected into 4,275 websites, assuming all sites using Browsealoud were hit.

But what’s most concerning is the attack loaded malicious Javascript on the computers of those visiting the sites, and though the hackers chose to cryptomine, they could have done whatever they wanted. For example, the hackers could have installed a keylogger to infect computers with a more invasive malware. Luckily, the attack was found quickly, but a word to the wise: be careful of the third-party content loaded on web pages. Motherboard

-- Sign up for our weekly newsletter to receive the latest analysis and insights on emerging federal technologies and IT modernization.