Wednesday, March 20, 2013

South Korea Says Chinese Code Used in Computer Attack





The biggest cyberattack on South Korean computers in two years used malware code from China, according to an initial investigation that is focusing on possible links to North Korea.

Around 32,000 servers were damaged in yesterday’s attack on broadcasters and banks, the Korea Communications Commission said today in a statement. President Park Geun Hye set up a team to investigate whether North Korea is responsible, after computer shutdowns hit companies including Shinhan Bank (1558), Nonghyup Bank, Munhwa Broadcasting Corp., YTN and Korea Broadcasting System.

The attack occurred less than a month after Parkbecame president of Asia’s fourth-largest economy, and amid an increase in friction over North Korea’s nuclear weapons program. Kim Jong Un’s regime, which detonated an atomic device in February, has threatened to attack the U.S. with nuclear weapons and today said American bases in Guam and Japan are within striking range.

“Discovering that the code was from China makes it more likely that the attack was from North Korea, because a lot of North Korean hackers operate there,” said Ryou Jae Cheol, a professor of computer engineering and securities at Chungnam National University. “Who else would be making this kind of attack at this scale and timing other than North Korea?”

China’s Foreign Ministry didn’t immediately respond to faxed questions seeking comment.
South Korean stocks were little changed at 11:48 a.m. in Seoul, after the Kospi Index (KOSPI) yesterday lost 1 percent. The won traded at 1,116.80 per dollar, near a six-month low. in Seoul, according to data compiled by Bloomberg. The yield on South Korea’s 2.75 percent bonds due December 2015 was unchanged at 2.60 percent, according to prices from Korea Exchange Inc.

‘Firmly Committed’

Lieutenant Colonel Damien Pickart, a Pentagon spokesman, today in an e-mailed statement declined to discuss American cybersecurity capabilities, while saying the U.S. “is firmly committed to the defense of Korea in any domain -- to include cyberspace.”

General James Thurman, the commander of U.S. forces in South Korea, last year told Congress that North Korea has “growing cyber warfare capability.”

Kim Jong Un’s regime “employs sophisticated computer hackers trained to launch cyber infiltration and cyber attacks against” South Korea and the U.S., Thurman told the House of Representatives last March.
Malware code was distributed through targeted organizations’ servers, destroying their computers’ ability to boot, the Korea Communications Commission said yesterday.

“This is the biggest and most serious cyberattack in two years,” said Shin Hong Sun, an official at the KCC in Seoul. “There haven’t been simultaneous attacks on more than one target since 2011.”

Website Attacks

South Korea blamed North Korea for an attack on about 40 websites in 2011. The South also blamed the North for an attack on Nonghyup a month later that kept almost 20 million clients from using automated teller machines and online banking services. South Korean police believe the most recent cyberattack by the North was last June, against the JoongAng Ilbo newspaper.

The worst cyberattack in South Korea occurred in 2003, when a computer virus shut down servers at the country’s largest Internet service provider, KT Corp. (030200), disconnecting 5 million customers from the web, according to Chon Kwan Ho, another KCC official. The police did not find North Korean links in that attack, Chon said.

Min Byung Ho, the spokesman for broadcaster YTN (040300), said the outage affected half of the computers in its newsroom and broadcasting facilities from about 2 p.m. Only one of Seoul’s four biggest media companies, Seoul Broadcasting System (034120), reported being unaffected by the outages.

‘Highly Probable’

South Korea has been monitoring for possible hacking since North Korea’s Feb. 12 nuclear test, the KCC said March 12.

“It’s highly probable that North Korea used Chinese IPs for the attacks,” said Lim Jong In, dean of Korea University’s Graduate School of Information Security. “These are sentimental attacks, aimed at spreading confusion to the whole society by paralyzing media and financial institutions. But it will take some time to exactly track who’s behind this as China is unlikely to actively cooperate.”

Military tensions in the region remained at the highest since at least 2010. North Korea’s Kim led two precision-attack drills using drones and rockets, the official Korean Central News Agency said yesterday. The exercise rehearsed an attack against South Korea, according to the statement.

The U.S. is increasing its defense capability in the region after Kim’s regime this month threatened to use atomic weapons in response to tougher United Nations sanctions.

B-52 Flight

The U.S. Pacific Air Forces Command successfully carried out its latest B-52 training flight, according to a statement on its website. A B-52 can carry nuclear warheads and air-to-ground missiles with a range of 3,000 kilometers (1,864 miles).

North Korea today reiterated its threats, saying the U.S. “will meet catastrophic end by the strong military counteraction of the DPRK,” if the bombers are flown again over the peninsula. The DPRK is the acronym for North Korea’s official name, the Democratic People’s Republic of Korea.

U.S. Defense Secretary Chuck Hagel said March 15 he will shift $1 billion from a European missile shield to install 14 additional missile interceptors in Alaska against threats by Iran and North Korea.

In a phone call yesterday with Chinese President Xi Jinping, Park reiterated her resolve to “firmly respond” to any attacks, while promising to give aid to North Korea if it gives up nuclear weapons and “chooses the right path,” according to a statement on her website.

No comments:

Post a Comment