WASHINGTON, D.C. — Six years ago, a well-respected researcher was working late into the night when she stepped away from her computer to brush her teeth. By the time she came back, her computer had been hacked.
Jenny Town is a leading expert on North Korea at the Stimson Institute and the director of Stimson’s 38 North Program. Her work is built on on open-source intelligence, Town said on Monday. She uses publicly available data points to paint a picture of North Korean dynamics.
“I don’t have any clearance. I don’t have any access to classified information,” Town said at the conference.
But the hackers, a unit of North Korea’s intelligence services codenamed APT43, or KimSuky, were not only after classified information.
The hackers used a popular remote-desktop tool TeamViewer to access her machine and ran scripts to comb through her computer. Then her webcam light turned on, presumably to check if she had returned to her computer. “Then it went off real quickly, and then they closed everything down,” Town told attendees at the mWISE conference, run by Google-owned cybersecurity company Mandiant.
Town and Mandiant now presume the North Koreans had been able to exfiltrate information about Town’s colleagues, her field of study, and her contact list. They used that information to create a digital doppelganger of Town: A North Korean sock puppet that they could use to gather intelligence from thousands of miles away.
In D.C., every embassy has an intelligence purpose, Town explained. People attached to the embassy will try to take the pulse of the city to gauge what policy might be in the pipeline or how policymakers felt about a particular country or event.
But North Korea has never had diplomatic relations with the U.S. Its intelligence officers can’t stalk public events or network with think tanks.
The country could fill that void by obtaining intelligence through hacking into government systems, a challenging task even for sophisticated actors. But APT 43 targets high-profile personalities and uses them to collect intelligence.
Within weeks, the fake Town began to reach out to prominent researchers and analysts pretending to be her.
“It’s a lot of social engineering. It’s a lot of sending fake emails, pretending to be me, pretending to be my staff, pretending to be reporters,” Town said.
“They’re literally just trying to get information or trying to establish a relationship in the process where eventually they may impose malware, but it’s usually just a…
Click Here to Read the Full Original Article at Top News and Analysis (pro)…