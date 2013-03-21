By Ju-min Park
SEOUL, March 21 A hacking attack that brought
down three South Korean broadcasters and two major banks has
been identified by most commentators as North Korea flexing its
muscles as military tensions on the divided peninsula
sky-rocket.
Officials in Seoul traced Wednesday's breach to a server in
China, a country that has been used by North Korean hackers in
the past. That reinforces the vulnerability of South Korea, the
world's most wired economy, to unconventional warfare.
China's Foreign Ministry said that hacking attacks were a
"global problem", anonymous and cross-border.
"Hackers often use the IP addresses of other countries to
carry out their attacks," ministry spokesman Hong Lei told
reporters.
One government official in Seoul directly blamed Pyongyang,
although police and the country's computer crime agency said it
would take months to firmly establish responsibility.
Jang Se-yul, a former North Korean soldier who went to a
military college in Pyongyang to groom hackers and who defected
to the South in 2008, estimates the North has some 3,000 troops,
including 600 professional hackers, in its cyber-unit.
Jang's alma mater, the Mirim University, is now called the
University of Automation. It was set up in the late 1980s to
help North Korea's military automation and has a special class
in professional hacking.
The North's professional "cyber-warriors" enjoy perks such
as luxury apartments for their role in what Pyongyang has
defined as a new front in its "war" against the South, Jang told
Reuters.
"I don't think they will stop at a temporary malfunction.
North Korea can easily bring down another country in a
cyber-warfare attack," Jang said.
Like much about North Korea, its true cyber capabilities are
hard to determine. The vast majority of North Koreans have no
access to the Internet or own a computer, a policy the regime of
Kim Jong-un strictly enforces to limit outside influence.
The nominee to be the next South Korean intelligence chief
told MPs recently the North was suspected of being behind most
of the 70,000 cyber-attacks on the country's public institutions
over the past five years, local TV channel YTN reported.
North Korea recently threatened the United States with a
nuclear attack and said it would bomb South Korea in response to
what it says are "hostile" war games in the South by Washington
and Seoul.
Threats to bomb the mainland United States are empty
rhetoric as Pyongyang does not have the capacity to do so and
its outdated armed forces would lose any all-out war with South
Korea and Washington, military experts say.
That makes hacking an attractive, and cheaper, option.
"North Korea can't invest in fighter jets or warships, but
they have put all their resources into raising hackers.
Qualified talent matters to cyber warfare, not technology," said
Lee Dong-hoon, an information security expert at Korea
University in Seoul.
However much of North Korea's limited funds go into its
nuclear and ballistic missile programmes.
LIMITED ATTACK
Wednesday's attack hit the network servers of television
broadcasters YTN, MBC and KBS as well as two major commercial
banks, Shinhan Bank and NongHyup Bank.
South Korea's military raised its alert levels in response.
About 32,000 computers at the organisations were affected,
according to the South's state-run Korea Internet Security
Agency, adding it would take up to five days to fully restore
their functions.
It took the banks hours to restore banking services. Damage
to the servers of the TV networks was believed to be more
severe, although broadcasts were not affected.
South Korea's military, its core power infrastructure and
ports and airports were unaffected.
Investigations of past hacking of South Korean organisations
have led to Pyongyang.
"There can be many inferences based on the fact that the IP
address is based in China," said the South Korean communication
commission's head of network policy, Park Jae-moon. "We've left
open all possibilities and are trying to identify the hackers."
North Korea has in the past targeted South Korea's
conservative newspapers, banks and government institutions.
The biggest hacking effort attributed to Pyongyang was a
10-day denial of service attack in 2011 that antivirus firm
McAfee, part of Intel Corp, dubbed "Ten Days of Rain". It said
that attack was a bid to probe the South's computer defences in
the event of a real conflict.
However, the hacking attack on Wednesday doesn't appear to
be state sponsored, security vendor Sophos said, noting the
malicious software it detected was not sophisticated.
"It's hard to jump to the immediate conclusion that this was
necessarily evidence of a cyber-warfare attack coming from North
Korea," said Graham Cluley, senior technology consultant at
Sophos.
North Korea last week said it had been a victim of
cyber-attacks, blaming the United States and threatening
retaliation.
"North Korea is able to carry out much bigger attacks than
this incident such as stopping broadcasts or erasing all
financial data that could panic South Korea," Lee of Korea
University said.