Pyongyang responsible for recent hacking attacks
By Kim Tong-hyung
North Korea was behind the series of cyber attacks that crippled the networks of South Korean television stations and financial companies last month, government sources confirmed Wednesday.
But the South Koreans couldn’t have made the job easier for army hackers in Pyongyang, except for FedExing them their security codes.
According to an announcement by a government-led investigation team, agents from the North Korea Surveillance Bureau used Internet Protocol (IP) addresses from different countries to plant malicious programs in the affected computers around February.
The hijacked computers at broadcasters KBS, MBC and YTN and Jeju, Nonghyup and Shinhan banks wreaked havoc at the companies on March 20, paralyzing communications and customer service systems and inflicting significant financial damage.
The websites of the Ministry of Strategy and Finance, YTN and Daily NK, an online newspaper dedicated to North Korea-related issues, came under similar attacks on March 25 and 26.
Around 48,000 computers, servers and automated teller machines (ATMs) were infected or damaged by the attacks, which involved 76 types of malicious software developed by the North Koreans, government officials said.
''We have found that six computers based in North Korea connected to the computers of South Korean companies more than 1,590 times since June 28 last year and took information from them. A day after the attacks on March 21 this year, the North Korean computers destroyed traces of the attack routes,’’ an official from the Ministry of Science, ICT (information and communication technology) and Future Planning said in a news conference.
''The recent hacking attacks were apparently planned for a long time and 22 of the 49 attack routes we managed to trace were identical to the routes that North Korea used in previous attacks. More than 30 of the 76 types of malicious software had been previously used by the North Koreans,’’ he added, referring to the cyber attack on Nonghyup in 2011 that was also concluded to be a North Korean action.
The announcement effectively put an end to the were-they-or-weren’t-they debate surrounding North Korean involvement in the recent attacks.
Experts who had doubted the link claimed that the country was unlikely to have sophisticated hackers capable of pulling off online attacks of such scale.
But the real problem for South Korea is that it requires only the minimum level of sophistication for hackers to breach its computers. An ill-advised policy decision made 15 years ago has deteriorated the country’s computer security defense to a point where it’s now as porous as Swiss cheese.
At the core of the shaky security environment has been a Microsoft monoculture in computer operating systems and Web browsers, blamed for sticking computer users with outdated technology and making them easy targets for cyber criminals.
Software companies have had critical influence on how the Financial Supervisory Service (FSS) and other regulators write the laws on Internet usage and electronic commerce. Since 1998, these laws have mandated all encrypted online communications be based on electronic signatures that are enabled through a public-key infrastructure.
Since the fall of Netscape in the early 2000s, Active-X, which only functions on Microsoft’s Internet Explorer (IE) browsers, remains the only plug-in tool used to download these public-key certificates. This prevented users of non-Microsoft browsers like Firefox and Chrome from banking and buying products online and accessing e-government services. And Apple Macs were frequently reduced to fashion items.
The biggest problem of Active-X-installed programs is that they create an illusion of security when there is none.
Instead of providing a security-based model, Active-X relies on simple ''yes’’ or ''no’’ confirmations by the user over downloading programs and controls. This is a risky arrangement, since Active-X tools require full access to the operating system and are often abused by hackers to intercept the user’s control of a computer.
Officials have admitted the malicious software used by the North in the recent attacks penetrated the computers through XecureWeb, an Active-X program developed by Seoul-based software firm Soft Forum, which is used to enable electronic banking functions.
Common sense says that anti-virus firms such as Soft Forum and AhnLab, the industry kingpin, should be leading campaigns to educate the public and reduce the reliance on Active-X.
In reality, they have been actually encouraging the use of this risky technology, forcing users to download their security programs through Active-X plug-ins instead of through file downloads.
It’s hard to deny that these firms profited by extending the country’s computer security problems rather than fixing them. What’s weirder is that, in a country knee-deep in a computer security mess, Ahn Cheol-soo, the founder of AhnLab who perfected this destructively opportunistic business model, is considered by some as a political savior.
http://www.koreatimes.co.kr/www/news/nation/2013/04/116_133712.html
Gov't confirms Pyongyang link in March cyber attacks
Amid escalating tension on the Korean Peninsula, the South Korean government on Wednesday announced that North Korea was behind the massive hacking attack that paralyzed networks of local financial firms and broadcasters last month.
Three South Korean banks -- Shinhan, NongHyup and Jeju -- and their insurance affiliates as well as three TV broadcasters -- KBS, MBC and YTN -- were hit by the cyber attack as malicious code infected some 48,000 computers in their networks on March 20.
Following the initial attack, 58 YTN affiliate servers and 14 anti-Pyongyang Web sites, including those operated by North Korean defectors, also suffered another round of attacks on March 25 and 26.
http://www.koreatimes.co.kr/www/news/nation/2013/04/116_133736.html
Somos hacker manolo! rsrsrs