Cyber warfare between Koreas, a warning for any cyber power

Pierluigi Paganini January 18, 2013

Earlier this month is has been spread the news that South Korea is investing to improve the cyber capabilities of the country recruiting and training hackers to involve in the cyber defense due the increasing number of attacks suffered.

A cyber attack hit recently the presidential transition team, in particular the press rooms server, but real extent of the damage caused by the event was not determined according the, Yonhap News Agency reports. The authorities has identified the servers used by the attackers, 17 units were located in 10 foreign countries and 2 systems have been found within the country.
One of the servers was constantly connected to an IP address of the Joson Telecommunication Company, an affiliate of North Korea’s Posts and Telecommunications Ministry. North Korean cyber units are accused also for another attack that last year in June hit conservative  JoongAng Ilbo, a newspaper published in South Korea that is considered one of the big three newspapers of the country with an edition of 1.96 million copies. The popular paper also publishes an English edition, Korea JoongAng Daily, in partnership with the English International Herald Tribune.

The news has been provided by the National Police Agency’s Cyber Terror Response Center, the cyber division of the Korean National Police Agency (KNPA), operated within the Agency’s Investigation Bureau, that verified the origin of the attack against the newspaper’s website.

The security specialists form South traced back the attack to an IP address at North Korea’s Ministry of Posts and Telecommunications, the address was used repeatedly by the hackers to access to daily’s main server since a couple of months before the attacks, probably for cyber espionage purpose.

The National Police Agency’s Cyber Terror Response Center declared:

“The first hacking attack on the server was nearly timed with the North Korean Army’s warning on April 23 last year of provocation that a ‘revolutionary force will take action soon,'” “It seems that the North made meticulous preparations once it singled out a particular media outlet for the cyber attack.” 

The hackers gained the access to the administrator’s pc of the journal on June 7th and accessed to production environment two days later, defacing the front end of the Korea JoongAng with a picture of a white cat grinning and covering its mouth with the words, “Hacked by IsOne,” flashing beneath the picture.

The effect of the attacks was serious, it succeeded to blog the production of the paper, the Cyber Terror Response Center of the National Police Agency explained that their investigation was very difficult because the hackers wiped out entire system.

The North Korea, one of the most active countries in the cyber space, is not new to similar offensives, it launched a couple of large DDoS attacks on various targets in South Korea on July 7, 2009 on government website and on March 4th, 2011, state sponsored hackers also attacked Nonghyup Bank’s computer systems and accessed to e-mail accounts of students and alumni of Korea University.

During the attack occurred on July 7th, 435 different servers in 61 countries were used to conduct a distributed denial of service (DDoS) attack against South Korean government Internet sites, meanwhile in the offensive of 2011, March 4th, the DDoS hit state institutions such as the presidential office, the National Assembly and media media.

The national Police also succeeded to trace the origin of the DDoS attack, 17 servers used in the offensive are located in 10 in 10 countries overseas and one them has been also involved in the attack occurred in 2011 on Nonghyup Bank.

The malware used were the same that had been used in the DDoS attacks in July 2009 and in the hacking of the Korea University e-mail accounts. North Korea is considered a country with considerable hacking capabilities, According US official declarations North Korea has added new sophisticated cyber weapons to its arsenal causing much concern in political and military.

The professor Lee Dong hoon at the Center for Information Security Technologies at Korean University in Seoul declared that North Korea has been preparing for cyber warfare since the late 1980s and ranks third worldwide in this field after Russia and the US.

North Korea has the highest percentage of military personnel in relation to population than any other nation in the world, with approximately 40 enlisted soldiers per 1000 people with a considerable impact on the economy of the country.

A defector has declared that North Korea has increased its cyber warfare unit to staff 3,000 people and it is massive training its young prodigies to become professional hackers.

Intelligence sources in South Korea believe that the Nation has a large a cyber force that responds to the command of the country’s top intelligence agency, the General Reconnaissance Bureau that is responsible for collecting strategic, operational, and tactical intelligence for the Ministry of the People’s Armed Forces.

According the revelation of Army General James Thurman, the commander of US Forces Korea, the government of Pyongyang is massive investing in cyber warfare capabilities, recruiting and forming high skilled team of hackers. The groups will could be engaged in offensive cyber operation against hostile government and in cyber espionage activities.

The central government reserves for young hackers several incentives providing best tools on the market and providing living conditions for them and their families extremely advantageous. The importance assigned to the professional development of new cyber military is indicative of the perception of how the cyber warfare is strategic for the nation.

Last year in internet have been published satellite photos of the area that is suspected to host  North Korea’s ‘No. 91 Office’, a unit based in the Mangkyungdae-district of Pyongyang dedicated to computer hacking, its existence was revealed in a seminar on cyber terror in Seoul.

North Korea is a little states that due its cyber capabilities and the affinity with Chinese PLA it could scare the West, we are in the cyber era and every body could became, through the proper investment and political choice, a giant.

Pierluigi Paganini

2013/01/18 UPDATE

Maybe North Korea didn’t hack us after all, says South (transition commitee press room case)

The presidential transition team that Thursday blamed North Korean hackers for an attack on its press room now says there was no hacking. It all appears to have been a misunderstanding.

Reporting on the reversal, Yonhap quoted an official on the team as saying the allegations stemmed from a disconnect in communications within the team.

“Security authorities had asked the administrative office of the transition committee to advise reporters to use antivirus programs and change passwords often as the press room is vulnerable to outside hacking attempts,” spokesman Yoon Chang-jung said.

“There was some misunderstanding in the course of delivering this,” he said. — Yonhap News, January 17, 2013.

So in warning of a potential hacking attack, the message seems to have been misunderstood as a report of an actual hack.

The spokesman declined to say if there was any hacking attempt at all. – Yonhap News, January 17, 2013.

you might also like

leave a comment