North Korea has been pegged as the culprit of four recent cyber attacks, including that of March 20, against some South Korean broadcasting stations and financial institutions. As a result, concerns are rising that cyber terror could be a sort of prelude to military provocation, with the North posing a security risk by threatening to launch nuclear missiles.
Why the North?
On April 10, the South Korean government’s joint task force reached a tentative conclusion that the reconnaissance division of the North Korean army was behind the March 20 cyber attack
It is quite unprecedented that the government itself pointed out the North as the mastermind of cyber terrorism activities against South Korea, although the socialist regime has been assumed to be involved in such attacks on numerous occasions. The biggest reason for this conclusion is that a North Korean IP address was exposed during the attack.
The government has announced that at least six PCs located in North Korea were used in the terrorist activities starting June 28, 2012, with one of them accessing computers in South Korea and issuing commands for virus infection and remote PC control on February 22 this year. Furthermore, 22 out of 49 hacking routes were found to be identical to those used for a similar purpose since 2009, with more than 30 of the 76 malicious codes found to have been reused for this time’s attack.
“It seems that the purpose of recent activities is to cause social chaos rather than steal data,” said Jun Kil-soo, director of the Internet Security Response Team of the Korea Internet & Security Agency. He added, “Though the hackers removed their traces, North Korea’s IP address remained exposed for several seconds while they accessed domestic PCs via a foreign country.”
Cyber Security in Peril
Experts are criticizing the government for failing to detect the cyber attacks that continued for at least eight months from June 28, 2012. The South Korean government failed to notice that the North distributed malware 1,590 times to major broadcasting companies and banking institutions from at least six PCs in order to steal data. Furthermore, the hackers tried to destroy their hacking routes the very next day, March 21, taking advantage of the government’s negligence.
In response, the government has said that it is fundamentally impossible to completely block an advanced persistent threat (APT) that targets PCs and servers. “It is out of the question to block 100% of potential hacking attempts,” the director stated, adding, “The government and private-sector information security service providers are conducting around-the-clock monitoring and will come up with follow-up measures so as to ensure such a mistake is not repeated.”