Search: Front Page Blog Posts Resources Downloads Magazines Media Videos Login Register for FreeMonday, June 11, 2012Contributed By:Pierluigi Paganini(Translated from the original Italian)According to news published by the Korean JoongAng Daily website, North Korean operatives have beendetected launching cyber attacks on Incheon International Airport systems and spreading a virus planted ingaming programs.
The information was provided by the Seoul Metropolitan Police Agency, noting that a 39 year-old SouthKorean man was arrested for his involvement and charged with violating National Security Law.The man, a game distributor, was arrested with the help of The National Intelligence Service as announced bySouth Korean police.In September 2009, the man traveled to Shenyang in northeastern China to meet agents of an alleged NorthKorean trading company to acquire software games to be sold in the South. Its seems that the South Koreanman was informed of the real identity of the agents which belonged to the North’s Reconnaissance GeneralBureau.The Bureau is responsible for collecting strategic, operational, and tactical intelligence for the Ministry of thePeoples Armed Forces, and it is also responsible for planting intelligence personnel in South Korea.The South Korean man acquired dozens of games for a price that was a third the cost of the same kind ofsoftware in the South. It was later discovered that the games were infected with malware and that the buyerwas informed of its presence.The units were sold by the South Korean man to operators of online games, and the virus infected theapplications and intended to transform users machines in zombies for a botnet created with the purpose tolaunch distributed denial-of-service attacks against Incheon International Airport.In March 2011, at least three times the airport was attacked, fortunately without success thanks to theintelligence response.South Korean intelligence officials suspect that the attacks were prepared by North’s Reconnaissance GeneralBureau. In September a similar attack against the flight data processor paralyzed air traffic control at IncheonInternational Airport for nearly an hour.The main concern is related to the spread of the virus, a cyber weapon used by North Korean government, tointerfere with air traffic control at Incheon International Airport.Many experts are sure that North Korea is conducing a massive cyber campaign against South Korea in aneffort to destroy critical infrastructure such as power plants and water.According to a source, “the North’s Reconnaissance General Bureau has hired group of hackers, mainlylocated in China, to conduct attacks against strategic targets such as the the South."What are the cyber capabilities of North Korea?North Korea has the highest percentage of military personnel in relation to population than any other nationin the world, with approximately 40 enlisted soldiers per 1000 people.North Korea also has capabilities that also include chemical and biological weapons. A defector alsodeclared that North Korea had increased its cyber warfare unit staff to 3,000 people, and is engaged intraining young prodigies to become professional hackers.A large North Korean cyber force responds directly to the command of the country’s top intelligence agency,the General Reconnaissance Bureau. Last year on the internet was published satellite photos of the area that issuspected to host North Korea’s ‘No. 91 Office’, a unit based in the Mangkyungdae-district of Pyongyang
dedicated to computer hacking, and its existence was also revealed in a seminar on cyber terror in Seoul.(click image to enlarge)According to the revelation by Army General James Thurman, the commander of US Forces in South Korea,the government of Pyongyang is heavily investing in cyber warfare capabilities, recruiting and forminghighly skilled teams of hackers to be engaged in offensive cyber operations against hostile governments andto conduct cyber espionage activities.On more than one occasion, North Korea has threatened the South promising waves of attacks, and the cyberoffensive option is the most plausible considering the advantage in terms of efficiency, detection and politicalimpact.Professor Lee Dong-hoon of the Korea University Graduate School of Information Security said that NorthKorea’s electronic warfare capabilities are second only to Russia and the United States. “North Korea has been preparing for cyber warfare since the late 1980s and is now the third strongest after Russia and the U.S.”He also stated at the Defense Security Command’s defense information security conference in Seoul: “In North Korea the state nurtures cyber (warfare) personnel to achieve military aims, and is capable of conducting various cyber attacks including denial of service and hacking.”He referenced the DDoS attack in July 2009 that is suspected to have been launched by the PyongyangComputer Technology University.Recently, from April 28 until May 13, GPS signals were jammed causing difficulties in air and marine trafficcontrols of South Korea, an the origin of attacks were located on the North Korean boundary, leaving littledoubt that it was arranged by North Korean intelligence.According to the security specialist, South Korea is not prepared to respond to the attacks arranged by thePyongyang government and this consideration must induce serious concern regarding the critical politicalsituation in the area.
The same opinion and concerns on North Korea’s cyber warfare capabilities are shared by chief of theDefense Security Command Army Lieutenant General Bae Deag-sig, who declared: “North Korea is attempting to use hackers to infiltrate our military’s information system to steal military secrets and to incapacitate the defense information system. The military is updating the information protection policies and systems as part of the efforts to strengthen its response capabilities.”The evolution of conflicts and the Norths increasing propensity to adopt cyber operations should lead manyconcerns.In the short term, to defend against the cyber threat, it is necessary for significant investments to be made bycountries in the Asia Pacific region to bolster cyber warfare capabilities, and South Korea most of all.I am unfortunately convinced that dialogue with North Korea at this time of profound change for the countrywill prove very difficult.Cross-posted from Security Affairs Share This! | Possibly Related Articles: DHS: Cybersecurity Awareness and the Summer Olympics Did You Get the FakeRean Windows Virus? Commercial DDoS Tools Offer a Competitive Advantage TDSS Rootkit Boasts Self-Propagating Mechanisms Detecting Unknown Application Vulnerabilities "In Flight"Views: 2996Categories: Network->GeneralIndustries: Information Security China malware Cyberwar Attacks DDoS Gaming Cyber Espionage North Korea SouthTags: KoreaPost Rating I Like this!Comments:Cody Renden This is very scary! The stuxnet virus (if American) beginsthis question of the consequences of a "cyberwar". Would South Korea bewithin its rights to bomb North Korea? What is the appropriate response?The attack on Iran is different due to its attack not harming people, andnot being clear who orchestrated it. However, North Korea seems to beintentionally aiming to bring down flights and shut down South Koreasinfrastructure.
If a cyber response is appropriate, I imagine it very difficult to attackNorth Korea. The majority of the country is so far behind in technology,there is probably almost nothing connected to the internet to exploit.3 months agoPierluigi Paganini Hi Cody, I believe that the consequences of a cyberwarcould be devastating. Every cyber attack, such as a conventionaloperation, could kill people...its just a different way to procede. If Idestroy a nuclear plant I can kill people around it. Another point toconsider is that engage a cyber war is quite simple ... far from media,during the years, many country have already started to attack their enemies... in the short term Im sure we will see the effects. ... Flame is nothingRegardsPierluigi3 months agoYou Must Register or Login to CommentThe views expressed in this post are the opinions of the Infosec Island member that posted this content.Infosec Island is not responsible for the content or messaging of this post.Unauthorized reproduction of this article (in part or in whole) is prohibited without the express writtenpermission of Infosec Island and the Infosec Island member that posted this content--this includesusing our RSS feed for any purpose other than personal use.Most Liked Misinformation and Manipulation in the Age of Social Media Army to Integrate Cyber Considerations Across the Board The Data Compromise Evolutionary Clock Is Ticking False Flags, Geopolitics and Cyber Spies On Project ViglioLatest Member Comments "Whenever I post a blog or a response, I try very hard to ensure everyone knows who I am and what affiliations I have. It is important t..."Giving Aid and Comfort to the Enemy... Jeff Bardin on 08-22-2012
"@Jeff Yup, it was cathartic hehe."On Project Viglio... Krypt3ia on 08-22-2012 "Feeling better? :-D Good article. Heres an oldie but goodie that I wrote two years ago when Chet Uber first appeared at Defcon: "BBHC ..."On Project Viglio... Jeffrey Carr on 08-22-2012 "Jackie, yes, my surname is foreign, just like yours. Singh, isnt that from India, one of the trusted proxys of the Soviet Union (and..."Giving Aid and Comfort to the Enemy... Alex Popov on 08-22-2012Latest Posts Sign Dave Lewis Petition for the ISC2 Board Election False Flags, Geopolitics and Cyber Spies The Data Compromise Evolutionary Clock Is Ticking Compliance is Not Always a Four-Letter Word Saudi Aramco: Are We ready for an Escalation of Cyber Attacks? MS-ISAC Meeting Explores Advanced Persistent Threats Cyber Militias in the US: Feasibility, Structure, and Purpose The Unforeseen Risks of the Cloud Messaging Mishaps Have Collateral Damage A Day Without COBOL: The Crucial Role it PlaysLatest Survey ResultsSecurity Awareness Training Is...