DPRK denies cyber attack on Nonghyup Bank

The DPRK has made its first comment on allegations that it was behind a cyber attack on a large South Korean bank and, not surprisingly, has denied any involvement.

Last week South Korean prosecutors said they had found evidence that North Korea was behind the April attack, which brought chaos to the computer system and ATM network of Nonghyup Bank for several days. It was one of the most disruptive cyber attacks to-date on the South Korean financial system.

Prosecutors made the allegations after examining the laptop of an IBM employee working at the bank. The laptop was apparently used as a gateway into the bank’s network. Software in the computer was similar to that seen in previous attacks, local media quoted the prosecutor as saying.

“We found programming methods that were also detected in the previous two cyber attacks, such as the method of encoding the malicious commands,” senior prosecutor Kim Yeong-dae said at a press briefing.

The way the codes were distributed was similar to that of the previous attacks, and the Internet Protocol (IP) of a server used to control the zombie PC was identical as the one used in the distributed denial-of-service (DDoS) attack in March. Nonghyup was one of the targets in both the former attacks.Korea Times, May 3, 2011.

The IP address was linked to North Korea’s Ministry of Posts and Telecommunications and was also used in two large denial of service attacks that hit South Korean Internet sites earlier this year and last year, officials said.

The problem with this explanation is that tracing a cyber attack is often much more complicated than finding an IP address.

Highly sophisticated attacks often involve routing commands through multiple PCs. The address detected might be one of several relay machines, usually being used without the owner’s knowledge.

To-date prosecutors are yet to offer any detailed information that conclusively ties the attacks to the DPRK.

To be sure, the North does appear to have the ability to launch such attacks — if the wealth of previous reports on the country’s cyber security expertise are correct — and it fits the sabre-rattling that often takes place between the two neighbors.

The statement was carried on Voice of Korea and KCNA. Here’s the Voice of Korea statement in English:


And here’s the full text as carried on KCNA:

South Korea reportedly met the "greatest banking computer disturbance  ever in history", in which the banking computer network of the  "National Agricultural Cooperative Federation" has been put at the worst  paralysis since April 12.

This case caused a great loss and south Korea experienced a hot agony of shame in the eyes of the world.

What  is at issue is the fact that the group of traitors let the puppet  Intelligence Service and prosecution finally announce this case as "done  by the north" after making "joint investigation" into it for nearly one  month.

What the group claimed as evidence to link the case with  the DPRK is that the IP used in attacking the said computer network was  identical with the IP of the DPRK Ministry of Post and  Telecommunications and the attack was based on the delicate and accurate  way of remote control whereby its attacker was supposed to be a special  cyber unit. It also asserted that such attack was hard to be carried  out without mighty human and material resources and this was not an  attack for "gaining specified interests" such as stealing fund and data  but repeated attack aimed at "indiscriminate destruction."

Its assertions are just absurd argument based on unreasonable ground.

Even  the members of the federation hard hit by what happened, in actuality,  refuted the announcement that "the north was responsible for the cyber  attack" as a "hasty conclusion" as it lacked scientific accuracy. Even  the Defense Security Command of the puppet army known not to lag behind  others in investigating cases officially declared that the incident  cannot be branded as an "attack made by the north Korean military."

Moreover,  experts cast doubt about the assertion that "it was done by the north,"  querying "Had the IPs used for the above-said attack belonged to U.S.,  Japan or south Korea, the U.S., Japan and south Korea should have been  accountable for having created this confusion."

Last year the  south Korean authorities asserted that the "Cheonan" sinking case was  "linked with the north" as the propelling body of the torpedo they  claimed sank it was inscribed with letters "No. 1." Different circles of  south Korea are now widely jeering at them, putting up questions as to  how many letters "No. 1" were attached to the IPs which were used for  attacking the Federation's banking computer network.

In the final  analysis, the story about "the north's involvement" spread by the group  of traitors is creating fresh suspicion even in its own camp and it is,  therefore, derided by people for being one more farce and charade. The  above-said story floated by the group is aimed at saving its policy of  confrontation with the north from shaking to its very foundation,  weathering the crisis of its state administration fully disclosed in the  closing years of its rule before and after the April 27 by-election and  evade the responsibility for having stemmed the trend of national  reconciliation, unity, peace and prosperity.

All the developments  go to prove that the group of traitors' rumor that "the north was  responsible for what happened" is one more farce staged against the  nation to realize its sinister attempt and an anti-DPRK charade as  ridiculous as the "Cheonan" warship sinking case.

There are sayings that one should reflect on one's deed before pulling up others and one had better mind one's own business.

The group of traitors should boldly discard its bad habit of finding fault with others.

And  it should immediately stop its reckless war exercises, waiting for  someone's "contingency" to take place, unaware of its situation where it  is threatened with total collapse.

The group of traitors should  bear in mind that the more anachronistic anti-DPRK farce and charade it  orchestrates, the bitterer disgrace and fiasco it will face.
An affiliate of 38 North