Korean Cyberwarfare Update: Leaving The Keys In The Car

Korean news source Chosun Ilbo reports that "An official (South Korean) investigation has concluded that North Korea was behind a massive cyber attack that paralyzed the computer networks of broadcasters and banks on March 20."

The "fingerprints" (IP addresses) of North Korean computers were found all over, at least 1590 times. The targets of the attacks were banks and news websites, including a prominent anti-North Korea conservative website. A shadowy North Korean cyberwarfare unit, the Reconnaissance General Bureau, was assumed to be behind the attack.

What the Chosun Ilbo article did not do is confirm the suspicions of some commentators that North Korea has created its own Stuxnet, the alleged complex computer "worm" developed jointly by the United States and Israel to infect computers in Iran.

The exact level of expertise of North Korean cyberwarriors has not been nailed down by reports of last month's attack. The article reports only that "malware code... using six or more PCs with North Korean IP addresses since June 28 last year" was spread. "Malware code" could range from an annoying cause of slowdown in computer speed to really serious stuff, perhaps a cousin of Stuxnet.

A separate report on the Slashdot website quoted a report which elaborated further on the damage done in the attack: "The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."

If it's any consolation, commenters on the Slashdot website seem to treat the story not as a Stuxnet clone report, but as a case of the watchman falling asleep at the switch. The guardians of computer security in many South Korean websites presumably underestimated the threats to their machines and the abilities of North Koreans. They seemed to, in essence, invite attacks by failing to use all the security procedures available.

A report by Symantec, a leading computer security firm gave details of the computer code which wiped out much South Korean data. Hindsight teaches that proper use of the security procedures available on most computers would have averted this crisis by thwarting the attack. Instead, South Korea has egg on its face.

One writer drew a parallel to the reaction of America to Russia's successful Sputnik flight. America never imagined that the supposedly backwards Soviet Union could or would pull off such an achievement. In the same way, South Koreans might have proverbially left the keys in the ignition, assuming North Koreans did not know how to drive. Going forward, more South Koreans will likely pay more attention to the security of their computers.

Korean news source Chosun Ilbo reports that "An official (South Korean) investigation has concluded that North Korea was behind a massive cyber attack that paralyzed the computer networks of broadcasters and banks on March 20."

The "fingerprints" (IP addresses) of North Korean computers were found all over, at least 1590 times. The targets of the attacks were banks and news websites, including a prominent anti-North Korea conservative website. A shadowy North Korean cyberwarfare unit, the Reconnaissance General Bureau, was assumed to be behind the attack.

What the Chosun Ilbo article did not do is confirm the suspicions of some commentators that North Korea has created its own Stuxnet, the alleged complex computer "worm" developed jointly by the United States and Israel to infect computers in Iran.

The exact level of expertise of North Korean cyberwarriors has not been nailed down by reports of last month's attack. The article reports only that "malware code... using six or more PCs with North Korean IP addresses since June 28 last year" was spread. "Malware code" could range from an annoying cause of slowdown in computer speed to really serious stuff, perhaps a cousin of Stuxnet.

A separate report on the Slashdot website quoted a report which elaborated further on the damage done in the attack: "The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."

If it's any consolation, commenters on the Slashdot website seem to treat the story not as a Stuxnet clone report, but as a case of the watchman falling asleep at the switch. The guardians of computer security in many South Korean websites presumably underestimated the threats to their machines and the abilities of North Koreans. They seemed to, in essence, invite attacks by failing to use all the security procedures available.

A report by Symantec, a leading computer security firm gave details of the computer code which wiped out much South Korean data. Hindsight teaches that proper use of the security procedures available on most computers would have averted this crisis by thwarting the attack. Instead, South Korea has egg on its face.

One writer drew a parallel to the reaction of America to Russia's successful Sputnik flight. America never imagined that the supposedly backwards Soviet Union could or would pull off such an achievement. In the same way, South Koreans might have proverbially left the keys in the ignition, assuming North Koreans did not know how to drive. Going forward, more South Koreans will likely pay more attention to the security of their computers.

RECENT VIDEOS