North Korea Suspected in Cyber Attacks (Update: White House Also Targeted)
If the South Korean leak ticker is right about this, ballistic missile tests weren’t the only mischief Kim Jong Il had in mind for us on the Fourth of July:
The sites of 11 South Korean organizations, including the presidential Blue House and the Defense Ministry, went down or had access problems since late Tuesday, according to the state-run Korea Information Security Agency. [AP, Hyung-Jin Kim]
To be precise about it, South Korean intelligence reports leaked by staffers of National Assembly members, implicate North Korea and/or “pro-Pyongyang forces.” The prevalence of North Korean sympathizers in the South, however, means that the attacks could just as well have been carried out from South Korea itself, or virtually anywhere. Indeed, the suspects are said to include “pro-North Korea forces in South Korea.” Several U.S. government web sites also experienced minor disruptions as a result.
In the U.S., the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the July 4 holiday weekend and into this week, according to American officials inside and outside the government.
I pity anyone who spent the holiday weekend surfing the Federal Trade Commission web site. The choices of Treasury and Secret Service, however, are particularly suspicious. Treasury has just begun the process of re-unplugging North Korea from the global financial system, and Secret Service has been investigating North Korea’s high-quality counterfeiting of U.S. currency for decades.
Unnamed sources call the denial of service attack “unusually lengthy and sophisticated” because it continued to have effects days later. The method of attack was to install a virus in personal computers that caused them to visit the targeted sites, thus overwhelming their bandwidth.
In South Korea, it’s common for member of the National Assembly with access to intelligence to leak it when doing so serves the member’s political motives.
North Korea, where internet access is virtually non-existent, has long been rumored to employ specially trained hackers and operate a growing military cyber warfare unit, known as Unit 121. Depending on which reports you choose to believe, the strength of that unit is anywhere between 100 and a rather improbable 12,000 personnel. According to unsourced reports, the unit has a history of attacking U.S. government sites. South Korea has also set up a cyber warfare unit, a move that was boosted by revelations that in 2004, hackers based in China hacked into South Korean government computer systems and stole sensitive information.
Update: The target list widens:
The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the New York Stock Exchange.
Other targets of the attack included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post, according to an early analysis of the malicious software used in the attacks. Many of the organizations appeared to successfully blunt the sustained computer assaults.
The Associated Press obtained the target list from security experts analyzing the attacks. It was not immediately clear who might be responsible or what their motives were. South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces. [AP, Lolita Baldor]
The State Department, too! Talk about biting the hand that feeds you ….
Homer Simpson says: “Oh well, at least the North Koreans aren’t sending faxes to Springfield. D’oh!”
If Chinese hackers were suspected then I guess we wouldn’t have a hard time believing they did it. Who would think North Korea could even have hackers, let alone sophisticated ones?
Who would think North Korea could even have hackers, let alone sophisticated ones?
I was surprised to read that, too. If NK does have its own hackers, they probably learned their trade from government hackers in that friendly nation across the river.
i think actually NK won some sort of programming contest or came in 2nd last year. (i’m trying to find a link.)
and the participants weren’t just the countries that wishes KJI a happy birthday on his date and then KCNA makes a big deal about it. (i.e. sudan, burma, zimbabwe, etc.)
there were actual IT respectable countries.
so it really isn’t a surprise.
Aha! Daily NK’s Chinese version is now reporting that North Korea has had an office staffed with virtual war computer geeks inside a Dandong (China) hotel since 2004.
12æ—¥æ´å¼•å›½å®¶æƒ…报院的资料报é“称,æœé²œä»Ž2004年开始在ä¸å›½çš„丹东设立虚拟战争æ®ç‚¹å¼€å±•æ´»åŠ¨ã€‚报é“å°†æœé²œæŒ‡è®¤ä¸ºè¿‘期对韩国和美国的主è¦æœºå…³å‘动的虚拟攻击的背åŽã€‚
A staff of more than 10 computer geeks inside the Xinghai Hotel office use a fiber-optic computer network to conduct their operations, according to a 2005 National Intelligence Service report.
2005年上åŠå¹´å›½å®¶æƒ…报院获得的情报表明,æœé²œä»Ž2004å¹´ä¸æœŸåœ¨ä¸å›½ä¸¹ä¸œçš„星海酒店设立æ®ç‚¹ã€‚这个æ®ç‚¹ä¸º115㎡的办公室,有10多åæœé²œäººå‘˜å¸¸ä½åœ¨æ¤ï¼Œ10多å°åˆ©ç”¨å…‰çº¤è”网的电脑是他们的主è¦å·¥å…·ã€‚
The North Koreans are building an even bigger computer war room with more advanced equipment in Dandong at a commercial office building across from the Zhonglian Hotel.
This will be the largest stronghold of North Korean computer hackers in China and there are currently other virtual war offices in Heilongjiang, Shandong, and Fujian provinces as well as Beijing.
资料称:“æœé²œæ–¹é¢æ£åœ¨ä¸¹ä¸œå¼€å‘区的4星级酒店(ä¸è¿žé…’店)对é¢çš„商务楼ä¸ç¹å»ºé¢ç§¯å¤§264㎡的新的大型æ®ç‚¹ã€‚与原先的æ®ç‚¹ç›¸æ¯”,这个æ®ç‚¹çš„设备和互è”网è¦å…ˆè¿›å¾—多。†资料评价,æœé²œç›®å‰åœ¨ä¸å›½çš„黑龙江çœã€å±±ä¸œçœã€ç¦å»ºçœå’ŒåŒ—京附近拥有对韩虚拟战争æ®ç‚¹ï¼Œè€Œä¸¹ä¸œä¸ºæœ€å¤§çš„æ®ç‚¹ã€‚
http://www.dailynk.com/chinese/read.php?cataId=nk00100&num=4350