Tag Archives: cyber

Brief History of North Korean Cyber Attacks

Is North Korea, widely viewed in the outside world as equal parts backward and crazy, even capable of conducting a cyber attack?

Yes.

Prior to the cyber attack on Sony, widely though not entirely thought to be the work of North Korea, the North has been blamed for successful cyber attacks on South Korean media companies, military and government networks, banks, and universities. Some of the first attacks blamed on the North occurred in 2009 and the South has regularly blamed the North for cyber attacks since, with Korean and international analysts noting both similar tactics and the attacks’ growing technical sophistication.

While North Korean decision-making may appear opaque and often outlandish to outside observers, this does not mean the country lacks technical skill, as evidenced by its successful nuclear and ballistic missile programs. The North’s technology has even attracted an international following, most notably from Iran.

Share

Read more ...

North Korea and Iran – cyber power BFFs?

UPDATE (28 MAY 2015): New report (and here), from a distinctly biased Iranian opposition group with a mixed record of reporting on events inside Iran, says a North Korean Defense Ministry team visited Iran the last week of April to share information on nuclear warhead and ballistic missile development. The technology sharing, if true, would be a repeat of previous violations of UN sanctions prohibiting the countries from exchanging ballistic missile technology.

UPDATE (22 FEB 2015): New story from longtime Korea-watcher Donald Kirk on how Iran’s ties to North Korea may hamper any DC-Tehran nuclear deal.

NK-IRAN-US

UPDATE (18 DEC): The U.S. has reportedly concluded that North Korea was responsible for the cyber attack on Sony. The report goes on to mention an Iranian – North Korean connection, based on similar techniques used in the Sony attack and previous attacks in South Korea and Saudi Arabia. No word yet on a decision regarding response measures, if any.

Since the signing of a 2012 pact on IT research cooperation between Iran and North Korea, there have been a series of reports on cyber activities and attacks conducted by the two nations. This year alone we have a cyber attack on the Sands Casino in Las Vegas (widely attributed to Iran), an attack on Sony that’s still making headlines (widely attributed to North Korea), and a report last week from a leading cyber security firm highlighting Iranian advances in cyber capabilities likely developed in conjunction with North Korea.

Prior to Sony (if indeed that attack was carried out by the North), Pyongyang had been blamed for a series of attacks on South Korean banking, media, and other websites. In one attack, targeting Nonghyup, the agricultural bank, 30 million customers spent days locked out of their accounts.

In 2012, Iran was blamed for a series of attacks targeting U.S. banks and financial institutions. While damage was limited, the banks involved did eventually turn to the NSA for help. Much of the reporting on Iran has highlighted Iranian attention to the cyber domain in the wake of the successful/disastrous (depending on your point of view) Stuxnet attack on Iran’s nuclear program. This attack awakened the regime to both the dangers and opportunities of the cyber domain, and Iran has been rapidly working to expand its capabilities ever since – including the 2012 agreement with North Korea mentioned above.

Share

Read more ...

2009-2013 Internet attacks on South Korea part of ongoing cyber espionage campaign – McAfee Labs

McAfee, the Internet security company owned by Intel, has a research lab that just put out a report covering four years of hacking attacks aimed at South Korea. What previously appeared to be isolated attacks on media, banks, and government websites, many of them detailed here and in the report, are instead part of an ongoing 2009-2013 espionage campaign targeting military forces in South Korea in order to extract classified information. Targets included information on U.S. military forces and their operations in the South.

Image courtesy McAfee Labs

Image courtesy McAfee Labs



Through examining the evolving code used in the attacks, McAfee Labs found the attacks on South Korean banks, media, universities, elections, government, and other websites shared common source code, one encryption password, similar use of IRC botnets, consistent terminology, and a target set of military keywords. The report, on page 22, even lists the (somewhat poorly translated) Korean keywords used to target military operations in South Korea, including by U.S. forces.

Share

Read more ...

South Korea hit with cyber attacks on major banks, media outlets … again; North Korea blamed … again

UPDATE (10 April): The South made its preliminary case today that a North Korean espionage agency was behind the 20 March cyber attacks. According to the South’s report, the North began preparing for the attack last June, with systems testing beginning in late February. Of the 76 types of malicious code used in the attack, 30 were similar to previous attacks by the North, and 22 of 49 IP addresses overlapped with previous addresses used during cyber attacks traced to the North since 2009.

Graph courtesy Yonhap News

Graph courtesy Yonhap News



UPDATE (22 March): The South’s communications commission issued an update today declaring the cyber attack started from an IP address at a domestic bank (Nonghyup), not a Chinese address, as they reported yesterday. Meaning, aside from an irritated China and embarrassed Korean bureaucrats, that the attack erupted from a domestic source. How the code was placed on that server, by whom, and how it spread is still under investigation – an investigation likely to be much more circumspect in placing blame during future announcements.

Share

Read more ...

North-South tensions on the Korean peninsula – indicators for the future

UPDATE (3 April): The North closed entry to Kaesong today for South Koreans, but allowed those present in the complex to either remain in the North or head home to the South. Citing business and production concerns, only 33 of 446 South Korean workers in the complex actually came South, with the rest remaining behind to tend to their work or business interests. Posing the somewhat interesting question – given a choice, would you elect to stay in North Korea right now for your employer or business?

Previous closures have been short-lived, with few repercussions for those remaining behind, those who left, or the businesses located in the zone. Time will tell if this closure ends the same. Either way however, today’s closure signals a further heightening of tensions and worsening of inter-Korean relations.


UPDATE (1 April): The North actually threatened to close the Kaesong complex over the weekend, but most doubt they will follow through on the threat. If the North’s leadership is under the illusion that shutting the facility will hurt the South worse than the North they might be tempted, but short of that level of cluelessness, the North is unlikely to close such a prime hard currency source.

UPDATE (28 March): Reuters catching on to the idea of Kaesong as an indicator of the true level of tension on the Korean peninsula: Despite threats, North Korea keeps border factories open.

Every time tensions rise on the Korean peninsula, people start asking what’s going to happen next. Is there going to be a war? Will tensions cool? Will the North conduct an additional rocket or nuke test? Will there be another cyberattack or similar provocation? While no one outside of the North’s inner circle (now including Dennis Rodman?) can say for sure, there are a few indicators.

Share

Read more ...


  • Ridiculous that #SouthKorea gov't fears this site. Hopefully Moon changes. North Korea Tech & censorship in SK https://t.co/vKZK7lKNSD - posted on 26/06/2017

  • Interesting use of NGO social media counternarrative capabilities: How Facebook Can Fight the Hate https://t.co/8TFLeYNXrC - posted on 25/06/2017

  • A state that desires isolation is punished ...by being isolated? Huh? - Do American Travelers Belong in North Korea? https://t.co/nkgblnVoWQ - posted on 22/06/2017

  • If only policy was to beg China, up sanctions, pass UN res., & make mil threats, then we'd ... oh wait. #NorthKorea https://t.co/dpUAWi0jX8 - posted on 11/06/2017

Ads from Google

  • Postdoctoral Fellow, Modeling Interdisciplinary Inquiry
    Institution: Washington University in St. LouisLocation: Missouri, United StatesPosition: Post-Doctoral Fellow Primary Category: Humanities Secondary Categories: African American History / Studies , African History / Studies , American History / Studies , Ancient History , Anthropology , Archaeology , Architecture and Architectural History , Archival Science , Area Studies , Art and Art History , […]
  • Assistant Professor of Chinese
    Institution: Middlebury CollegeLocation: Vermont, United StatesPosition: Assistant Professor Primary Category: Chinese History / Studies Secondary Categories: None
  • Assistant Professor of Creative Writing - Prose
    Institution: Macalester CollegeLocation: Minnesota, United StatesPosition: Assistant Professor Primary Category: NoneSecondary Categories: None
  • Research Development Specialist in the Humanities
    Institution: University of KansasLocation: Kansas, United StatesPosition: Research Professional Primary Category: Humanities Secondary Categories: None