A statement delivered by President of the Republic of Korea (ROK) Park Geun-hye in April, confirming that ROK is getting ready to launch an anti-cyberterror
We witnessed the first phase of the “hacker hysteria” back in the fall. At that time intelligence officers shared a story about an alleged cyberattack the North Korean hackers inflicted upon the computer network of 30-40 South Korean parliamentarians
However, this incident “blue the lid off” North Koreans and the public learned that DPRK allegedly employees some 58,000 hackers and trolls; 1,100 of them are professional hackers stationed in China and Malaysia; that they earn up to $3,000 per month, but have to give $2,000 back to the state and spend the rest of the money to pay for living and put money in savings accounts.
According to a lawmaker representing Saenuri Party, a parliamentary investigation revealed a North Korean trace in the cyberattack targeting computer network of Seoul Metro Corporation in July 2015. In the course of investigation, it was discovered that 213 computers had evidence of unauthorized access; the corporate network was infected with a virus; information had been leaking for several months. After it was discovered that the computer system was compromised, additional security software was installed on all Corporation’s PCs, amounting to 4,000. Somehow, only recently it became clear that the hackers who attacked the servers of Seoul Metro and hackers involved in earlier attacks used similar methods. Another head-spinning revelation: the DDOS attack is not a widely used hacker maneuver, but a method designed and used exclusively by DPRK’s military intelligence.
Meanwhile, malicious viruses were also detected in the computer networks of the major ROK’s defense companies, including ten computers used by the PR department of LIG Nex 1, ROK’s leading defense company. LIG Nex 1 is engaged in the development of military equipment and weapons of different category and class, including advanced missiles and fighters. ROK’s military counterintellige
On February 19, 2016, the leader of the South Korea’s parliamentary intelligence committee Lee Cheol Woo predicted another cyberattack in March or April. How does he know? Well, he based his prediction on the “fact” that hackers commit attacks some time after a nuclear test, and if this is so, then it is not difficult to deduce who organizes them. Earlier that week police forces reported that a huge part of the massive bulk of spam received by ROK’s public organizations is sent by North Korean hackers.
On March 8, 2016, representatives of defense and law enforcement agencies held an emergency meeting following an alleged attack of North Korean hackers targeting smartphones of high-ranking South Korean state security officials. According to the National Intelligence Service, the North has allegedly launched approximately 50 attacks at the end of February, beginning of March of this year. In ten cases, the hackers managed to successfully deliver malicious code via text messages. As representatives of the National Intelligence Service reported, the code allowed to record voice messages, steal files and gain access to text messages, call rosters and lists of contacts. A South Korean software company involved in the development and supply of security programs for online banking was also hit by hackers.
Some defectors immediately jumped at an opportunity to show their “profound knowledge” of the situation. Two men claiming they used to serve in the DPRK cyber command (and it does not matter that for some reason they decided to talk about their “career path” only now) said that North Korean hackers are recruited mainly from graduates of Pyongyang University of Science and Technology opened in 2009 as part of the inter-Korean cooperation program. They also said that North Korean national defense and public safety educational institutions send their students for internship to this university. What conclusion can be drawn from this revelation? That cooperation in this field must be immediately halted.
Pyongyang rejects accusations of its involvement in the hacker attacks. In the article published in Rodong Sinmun (the official newspaper of the Central Committee of the Workers’ Party) last Sunday, North Korea perceives Seoul’s accusations as part of a sweeping propaganda campaign “launched for political reasons with an objective to aggravate the inter-Korean relations.”
Meanwhile, the ROK’s financial control committee began a security testing of the computer networks of 16 banks and insurance. A number of South Korean financial companies have reinforced their cybersecurity. Banks Woori and Shinhan beefed up their security testing systems and set up emergency task groups charged with monitoring the networks for possible cyberattacks. Other banks as well as companies operating on the securities market are also revamping their security systems.
Please note that this was the second attempt to gain access to the private messaging systems. The first one ended in a scandal after it was discovered that ROK tried to procure software allowing to read text messages and monitor conversations exchanged via KakaoTalk. Rumor has it that DPRK’s authorities banned South Korean smartphones after this incident.
Konstantin Asmolov, Ph.D, Leading research fellow of the Center for Korean Studies, Institute of Far Eastern Studies, Russian Academy of Sciences, exclusively for the online magazine “New Eastern Outlook.”