Brief History of North Korean Cyber Attacks
- Wednesday, 07 January 2015 13:39
Is North Korea, widely viewed in the outside world as equal parts backward and crazy, even capable of conducting a cyber attack?
Prior to the cyber attack on Sony, widely though not entirely thought to be the work of North Korea, the North has been blamed for successful cyber attacks on South Korean media companies, military and government networks, banks, and universities. Some of the first attacks blamed on the North occurred in 2009 and the South has regularly blamed the North for cyber attacks since, with Korean and international analysts noting both similar tactics and the attacks’ growing technical sophistication.
While North Korean decision-making may appear opaque and often outlandish to outside observers, this does not mean the country lacks technical skill, as evidenced by its successful nuclear and ballistic missile programs. The North’s technology has even attracted an international following, most notably from Iran.
Read more ...
North Korea and Iran – cyber power BFFs?
- Monday, 15 December 2014 19:12
UPDATE (28 MAY 2015): New report (and here), from a distinctly biased Iranian opposition group with a mixed record of reporting on events inside Iran, says a North Korean Defense Ministry team visited Iran the last week of April to share information on nuclear warhead and ballistic missile development. The technology sharing, if true, would be a repeat of previous violations of UN sanctions prohibiting the countries from exchanging ballistic missile technology.
UPDATE (22 FEB 2015): New story from longtime Korea-watcher Donald Kirk on how Iran’s ties to North Korea may hamper any DC-Tehran nuclear deal.
UPDATE (18 DEC): The U.S. has reportedly concluded that North Korea was responsible for the cyber attack on Sony. The report goes on to mention an Iranian – North Korean connection, based on similar techniques used in the Sony attack and previous attacks in South Korea and Saudi Arabia. No word yet on a decision regarding response measures, if any.
Since the signing of a 2012 pact on IT research cooperation
between Iran and North Korea, there have been a series of reports
on cyber activities and attacks conducted by the two nations. This year alone we have a cyber attack on the Sands Casino
in Las Vegas (widely attributed to Iran), an attack on Sony that’s still making headlines (widely attributed to North Korea), and a report last week
from a leading cyber security firm highlighting Iranian advances in cyber capabilities likely developed in conjunction with North Korea.
Prior to Sony (if indeed that attack was carried out by the North), Pyongyang had been blamed for a series of attacks
on South Korean banking, media, and other websites. In one attack, targeting Nonghyup, the agricultural bank, 30 million customers spent days locked out
of their accounts.
In 2012, Iran was blamed for a series of attacks targeting U.S. banks
and financial institutions. While damage was limited, the banks involved did eventually turn to the NSA for help. Much of the reporting on Iran has highlighted Iranian attention to the cyber domain in the wake of the successful/disastrous (depending on your point of view) Stuxnet attack on Iran’s nuclear program. This attack awakened the regime to both the dangers and opportunities of the cyber domain, and Iran has been rapidly working to expand its capabilities ever since – including the 2012 agreement with North Korea mentioned above.
Read more ...
2009-2013 Internet attacks on South Korea part of ongoing cyber espionage campaign – McAfee Labs
- Friday, 12 July 2013 15:52
McAfee, the Internet security company owned by Intel, has a research lab that just put out a report
covering four years of hacking attacks aimed at South Korea. What previously appeared to be isolated attacks on media, banks, and government websites, many of them detailed here and in the report, are instead part of an ongoing 2009-2013 espionage campaign targeting military forces in South Korea in order to extract classified information. Targets included information on U.S. military forces and their operations in the South.
Image courtesy McAfee Labs
Through examining the evolving code used in the attacks, McAfee Labs found the attacks on South Korean banks, media, universities, elections, government, and other websites shared common source code, one encryption password, similar use of IRC botnets, consistent terminology, and a target set of military keywords. The report, on page 22, even lists the (somewhat poorly translated) Korean keywords used to target military operations in South Korea, including by U.S. forces.
Read more ...
North-South tensions on the Korean peninsula – indicators for the future
- Tuesday, 12 March 2013 16:17
UPDATE (3 April): The North closed entry to Kaesong today for South Koreans, but allowed those present in the complex to either remain in the North or head home to the South. Citing business and production concerns, only 33 of 446 South Korean workers in the complex actually came South, with the rest remaining behind to tend to their work or business interests. Posing the somewhat interesting question – given a choice, would you elect to stay in North Korea right now for your employer or business?
Previous closures have been short-lived, with few repercussions for those remaining behind, those who left, or the businesses located in the zone. Time will tell if this closure ends the same. Either way however, today’s closure signals a further heightening of tensions and worsening of inter-Korean relations.
UPDATE (1 April): The North actually threatened to close the Kaesong complex over the weekend, but most doubt they will follow through on the threat. If the North’s leadership is under the illusion that shutting the facility will hurt the South worse than the North they might be tempted, but short of that level of cluelessness, the North is unlikely to close such a prime hard currency source.
UPDATE (28 March): Reuters catching on to the idea of Kaesong as an indicator of the true level of tension on the Korean peninsula: Despite threats, North Korea keeps border factories open.
Every time tensions rise on the Korean peninsula, people start asking what’s going to happen next. Is there going to be a war? Will tensions cool? Will the North conduct an additional rocket or nuke test? Will there be another cyberattack or similar provocation? While no one outside of the North’s inner circle (now including Dennis Rodman?) can say for sure, there are a few indicators.
Read more ...