backtop


Print 9 comment(s) - last by Joz.. on Mar 23 at 8:19 PM

Chinese IP address carried out the attack on Wednesday, according to SK officials

Amid flaring tensions with neighboring North Korea, South Korea was hit on Wednesday by a major cyberattack.  The attack left 32,000 servers at media and financial companies damaged, according to government officials.  According to South Korea's National Computing and Information Agency the attack affected nine companies -- three broadcaster, four banks, and two insurance companies -- and was carried out via infectious malware.

I. Damaging Cyberattack Came From Chinese IP, NK Suspected

China has officially condemned recent North Korean nuclear tests, back harsh new UN sanctions for the first time.  But an investigation by the South Korean government raises questions of just how opposed to North Korean aggression China is, as the attack was traced back to a Chinese IP address.

South Korea's Communications Commission announced on Thursday that it had traced the attack back to China.  Hong Lei, a Chinese foreign ministry spokesman, quickly denied that his nation had anything to do with the punishing assault.  He comments, "We have pointed out many times that hacking is a global issue. It is anonymous and transnational.  Hackers would often use IP addresses from other countries to launch cyberattacks."

While the attack's path through China raises tough questions, it is believed that it was North Korea who authored the code involved in the blast.  Adam Segal, a cybersecurity expert with the Council on Foreign Relations, asserts that North Korea is thought to have carried out a similar attack during a rise in tensions a couple of years ago.  He appears to be referring to 2009, 2010, and 2012 attacks, which struck South Korean banking and media institutions.  South Korean officials blamed those attacks on North Korean hackers.

Shinhan bank
The attack crippled ATMs in South Korea on Wednesday. [Image Source: AP]

The damage from the attack was most secure at the financial institutions.  While one of the banks -- Seoul's Woori Finance Holdings Comp. Ltd. (KRX:053000) -- repelled the attack and stayed open, three other banks -- Shinhan Financial Group Comp., Ltd. (KRX:055550), Nonghyup, and Jeju -- were so badly affected, they were forced to close.  Internet banking, ATMs and telecommunication services were all impacted.

At TV stations, the impact was less pronounced; some editing systems were taken offline.

II. North Korea Accused U.S. of Cyberattacks Last Week

North Korea last week scrapped a 60-year-old armistice agreement that ended the Korean War, announcing its plans to attack South Korea.  Since then the U.S. has deployed B-52 bombers flying over South Korea, ready to strike targets in the North if necessary.  The U.S. is also deploying missile interceptors to prevent the crude nuclear missile Washington believes North Korea to be developing from hitting cities in South Korea, Japan, or the U.S.

The cyberattacks may be a two way street.  Last week North Korea's state-run Korean Central New Agency (KCNA) accused the U.S. and South Korea of "intensive and persistent virus attacks."

North Korea
North Korea is on the verge of war with its neighbor. [Image Source: CNN]
 
The two nations have long accused each other of cyberwarfare.  In testimony to Congress last year, Gen. James D. Thurman asserted North Korea was spending a large amount to develop cyberoffensive capacity, commenting, "North Korea employs sophisticated computer hackers trained to launch cyberinfiltration and cyberattacks.  Such attacks are ideal for North Korea, providing the regime a means to attack [South Korea and the U.S.] without attribution."

The malware in Wednesday's attacks is a newer version of a strain of malware known as "DarkSeoul".

The U.S. reportedly has carried out a series of similar attacks against Iran.

Source: CNN



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Great firewall
By MadMan007 on 3/21/2013 11:50:35 PM , Rating: 2
Can someone *please* explain to me how China can handwave away attacks that move across the Great Firewall? If their cross-boarder internet is as locked down and watched as they say and as it seems to be, how does traffic move across it without them being able to track it or do anything about it?




RE: Great firewall
By JPForums on 3/22/2013 8:19:40 AM , Rating: 2
I'm with you. North Korean doesn't strike me as a cyber warfare powerhouse. Their glorious leader doesn't even think the residential districts should be wired, though he does make concessions for the industrial sectors. I have no doubt they could successfully attack South Korea, but getting in and out of the Chinese firewall while making it look like it originated from China seems a bit beyond the capabilities of a nation so opposed to general internet access.


RE: Great firewall
By othercents on 3/22/2013 8:22:59 AM , Rating: 2
Government officials are not bound by the same rules that the rest of the Chinese population is which also puts computers outside of the firewall or better yet, Internet Filter.

Just like companies that have firewalls and filters, an infected computer can still access almost anything from within a company. Would be the same for China.


"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki