Security
North Korea behind March web attacks, says McAfee
Jul 6th
North Korea or parties closely tied to the country were almost certainly behind the March cyber attacks that took down several South Korean websites, according to a report from computer security company McAfee.
The report contains a detailed analysis of the attacks and how they were carried out.
Working with the governments of both South Korea and the U.S., the company reverse engineered the computer code used in the attacks to uncover its inner workings.
Infected computers that launched the attacks were controlled by two tiers of command server, communications between the systems was encrypted in several different systems and the whole network More >
North Korea’s Chinese IP addresses
Jun 26th
Cyber attacks against South Korean organizations have been much in the headlines in recent weeks. With each attempt to crash a web server, phish for private information or infiltrate a computer in South Korea, the country’s government points its finger of blame towards North Korea, but concrete evidence is often thin on the ground.
Investigators will typically try to trace a cyber attack by discovering the IP (Internet protocol) address from which it originated. Every computer on the Internet has such an address and discovering the source address will typically help identify the organization or service provider network from which the More >
Defector claims up to 3,000 hackers in North Korea
Jun 2nd
North Korea is continuing to strengthen its ranks of elite hackers and could have up to 3,000 of them, a North Korean defector said in Seoul on Wednesday. (Update: New information below)
Kim Heung-kwang, a former professor at Pyongyang Computer Technology University and member of the North Korea Intellectuals Solidarity group, told a cyber security conference that North Korea likely has around 3,000 hackers, according to local news reports.
The state previously had around 500, but raised the number last year when the cyber warfare unit saw its status raised, Yonhap reported him as saying. The unit sits under the Reconnaissance General More >
South suspects North in military spamming
Jun 1st
South Korean military personnel have been warned against opening suspicious e-mails and attachments as Seoul worries North Korea is further expanding its hacking activities, according to several media reports this week.
Around 60 officers who graduated from Seoul’s Korea Military Academy received e-mails that purported to be from fellow graduates, reports The Korea Herald.
The messages were sent from Hanmail accounts and four of the addresses used were “1co3p@hanmail.net,” “hoyon1241@hanmail.net,” “fmcph@hanmail.net” and “yeobdu@hanmail.net,” said The Seoul Shimun. The messages contained malicious code in attachments.
Breaking into personal computers through such spam mail is a tried and tested method for hackers all over the More >
DPRK denies cyber attack on Nonghyup Bank
May 11th
The DPRK has made its first comment on allegations that it was behind a cyber attack on a large South Korean bank and, not surprisingly, has denied any involvement.
Last week South Korean prosecutors said they had found evidence that North Korea was behind the April attack, which brought chaos to the computer system and ATM network of Nonghyup Bank for several days. It was one of the most disruptive cyber attacks to-date on the South Korean financial system.
Prosecutors made the allegations after examining the laptop of an IBM employee working at the bank. The laptop was apparently used as a More >
Software engineer could have spied for North
May 3rd
South Korean authorities are investigating whether a software engineer with links to North Korea stole government data and passed it to the country, according to several reports from Seoul.
The reports say the man allegedly stole information between 2005 and 2010 while working for a computer company tasked with developing software and systems for the South Korean government, reported The Associated Press from Seoul.
The man, who has not been identified, was convicted in 2002 of posting pro-North Korean information on websites, said the AP.
Despite that conviction, he was allowed to join a project working on the Korean Joint Command and Control More >
North Korea behind Internet attacks, says South
Apr 9th
South Korea’s National Police Agency says North Korea was behind cyber attacks that targeted 30 major websites between March 3 and 5, according to local news reports.
Websites such as the presidential office and Financial Services Commission were brought down by the distributed denial of service (DDoS) attack.
A DDoS attack involves flooding a server with so many requests that it becomes clogged and cannot operate. This is typically done by harnessing a vast network of computers to send the traffic simultaneously and continuously.
Rather than buy and build the computers, hackers usually build this network by infecting PCs with illicit software. At More >
Report: DPRK again jams GPS signals
Mar 7th
North Korea attempted to jam GPS (global positioning system) satellite navigation signals in South Korea on Friday afternoon, according to a Yonhap News report that cited an unnamed South Korean defense official.
Jamming is the act of broadcasting a signal on the same channel as the intended target service so as to confuse or interfere with reception.
The report said GPS disruption was recorded in some devices in the capital Seoul and two cities closer to the border, Incheon and Paju.
One report said the disruption caused some cell phones to show the wrong time. No more details were provided, but that would More >
Uriminzokkiri’s Twitter account still down
Jan 22nd
Uriminzokkiri, the China-based website that carries North Korean news to the world, was the center of attention earlier this month when its Twitter and YouTube channels were hacked.
Four Twitter messages and a YouTube video denigrating Kim Jong Il and his son, Kim Jong Un, were posted on Jan. 8, which is reportedly the birthday of the younger Kim.
The YouTube channel was reinstated within a few days and is back to its usual diet state-TV clips and videos produced by the website, which appears to have close ties to Pyongyang.
However, two weeks on from the hacking and Uriminzokkiri appears to still not More >
FNK Radio attracts North Korean Internet audience
Jan 18th
Free North Korea Radio, one of the handful of independent broadcasters targeting North Korea, attracted a direct connection to its website from inside the DPRK on Wednesday morning.
The site said an incoming connection from North Korea was recorded between 9:30am and 10am on Wednesday morning. It included the following screenshot (see below) from its site showing a connection from what appears to be within the North Korean IP address range that’s recently been activated by Star JV.
Star’s IP addresses run from 175.45.176.0 to 175.45.179.255.
Free North Korea Radio, based in Seoul and run by defectors from the north, broadcasts programming critical of More >
