Cybersecurity researchers have uncovered a new scheme where North Korean hackers are taking advantage of poorly secured Jupyter Notebooks to illegally stream sports content. The discovery was made by cloud security firm Aqua after detecting suspicious activity in their honeypot systems.
The attackers specifically target JupyterLab and Jupyter Notebook installations that lack proper authentication controls. These interactive computing environments, typically used for data science work, are being repurposed to capture and redistribute live sports broadcasts without authorization.
According to Assaf Morag, director of threat intelligence at Aqua, the attack pattern begins with hackers gaining access to unsecured notebooks. They then update the server and install FFmpeg, a popular multimedia processing tool. While installing FFmpeg alone may not trigger security alerts, the attackers use it to record live feeds from beIN Sports network and stream them illegally through ustream.tv.
The investigation revealed that the perpetrators appear to be Arabic-speaking based on an IP address (41.200.191.23) linked to the attacks. However, their exact identity remains unknown.
Beyond the immediate issue of sports piracy, this attack highlights broader security risks. By compromising servers meant for data analysis, attackers could potentially:
- Launch denial-of-service attacks
- Steal or manipulate sensitive data
- Corrupt AI and machine learning processes
- Move laterally into other critical systems
- Cause major financial and reputational damage
This incident serves as a reminder for organizations to properly secure their Jupyter Notebook installations with strong authentication measures. The seemingly simple act of streaming sports illegally could open the door to much more damaging cyber attacks.