North Korea Suspected in Cyber Attacks (Update: White House Also Targeted)

If the South Korean leak ticker is right about this, ballistic missile tests weren’t the only mischief Kim Jong Il had in mind for us on the Fourth of July:

The sites of 11 South Korean organizations, including the presidential Blue House and the Defense Ministry, went down or had access problems since late Tuesday, according to the state-run Korea Information Security Agency. [AP, Hyung-Jin Kim]

To be precise about it, South Korean intelligence reports leaked by staffers of National Assembly members, implicate North Korea and/or “pro-Pyongyang forces.” The prevalence of North Korean sympathizers in the South, however, means that the attacks could just as well have been carried out from South Korea itself, or virtually anywhere. Indeed, the suspects are said to include “pro-North Korea forces in South Korea.” Several U.S. government web sites also experienced minor disruptions as a result.

In the U.S., the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the July 4 holiday weekend and into this week, according to American officials inside and outside the government.

I pity anyone who spent the holiday weekend surfing the Federal Trade Commission web site. The choices of Treasury and Secret Service, however, are particularly suspicious. Treasury has just begun the process of re-unplugging North Korea from the global financial system, and Secret Service has been investigating North Korea’s high-quality counterfeiting of U.S. currency for decades.

Unnamed sources call the denial of service attack “unusually lengthy and sophisticated” because it continued to have effects days later. The method of attack was to install a virus in personal computers that caused them to visit the targeted sites, thus overwhelming their bandwidth.
In South Korea, it’s common for member of the National Assembly with access to intelligence to leak it when doing so serves the member’s political motives.

North Korea, where internet access is virtually non-existent, has long been rumored to employ specially trained hackers and operate a growing military cyber warfare unit, known as Unit 121. Depending on which reports you choose to believe, the strength of that unit is anywhere between 100 and a rather improbable 12,000 personnel. According to unsourced reports, the unit has a history of attacking U.S. government sites. South Korea has also set up a cyber warfare unit, a move that was boosted by revelations that in 2004, hackers based in China hacked into South Korean government computer systems and stole sensitive information.

Update: The target list widens:

The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the New York Stock Exchange.

Other targets of the attack included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post, according to an early analysis of the malicious software used in the attacks. Many of the organizations appeared to successfully blunt the sustained computer assaults.

The Associated Press obtained the target list from security experts analyzing the attacks. It was not immediately clear who might be responsible or what their motives were. South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces. [AP, Lolita Baldor]

The State Department, too! Talk about biting the hand that feeds you ….

4 Responses

  1. Homer Simpson says: “Oh well, at least the North Koreans aren’t sending faxes to Springfield. D’oh!”

    If Chinese hackers were suspected then I guess we wouldn’t have a hard time believing they did it. Who would think North Korea could even have hackers, let alone sophisticated ones?

  2. Who would think North Korea could even have hackers, let alone sophisticated ones?

    I was surprised to read that, too. If NK does have its own hackers, they probably learned their trade from government hackers in that friendly nation across the river.

  3. i think actually NK won some sort of programming contest or came in 2nd last year. (i’m trying to find a link.)

    and the participants weren’t just the countries that wishes KJI a happy birthday on his date and then KCNA makes a big deal about it. (i.e. sudan, burma, zimbabwe, etc.)

    there were actual IT respectable countries.

    so it really isn’t a surprise.

  4. Aha! Daily NK’s Chinese version is now reporting that North Korea has had an office staffed with virtual war computer geeks inside a Dandong (China) hotel since 2004.

    12日援引国家情报院的资料报道称,朝鲜从2004年开始在中国的丹东设立虚拟战争据点开展活动。报道将朝鲜指认为近期对韩国和美国的主要机关发动的虚拟攻击的背后。

    A staff of more than 10 computer geeks inside the Xinghai Hotel office use a fiber-optic computer network to conduct their operations, according to a 2005 National Intelligence Service report.

    2005年上半年国家情报院获得的情报表明,朝鲜从2004年中期在中国丹东的星海酒店设立据点。这个据点为115㎡的办公室,有10多名朝鲜人员常住在此,10多台利用光纤联网的电脑是他们的主要工具。

    The North Koreans are building an even bigger computer war room with more advanced equipment in Dandong at a commercial office building across from the Zhonglian Hotel.
    This will be the largest stronghold of North Korean computer hackers in China and there are currently other virtual war offices in Heilongjiang, Shandong, and Fujian provinces as well as Beijing.

    资料称:“朝鲜方面正在丹东开发区的4星级酒店(中连酒店)对面的商务楼中筹建面积大264㎡的新的大型据点。与原先的据点相比,这个据点的设备和互联网要先进得多。” 资料评价,朝鲜目前在中国的黑龙江省、山东省、福建省和北京附近拥有对韩虚拟战争据点,而丹东为最大的据点。

    http://www.dailynk.com/chinese/read.php?cataId=nk00100&num=4350