South suspects North in military spamming

South Korean military personnel have been warned against opening suspicious e-mails and attachments as Seoul worries North Korea is further expanding its hacking activities, according to several media reports this week.

Around 60 officers who graduated from Seoul’s Korea Military Academy received e-mails that purported to be from fellow graduates, reports The Korea Herald.

The messages were sent from Hanmail accounts and four of the addresses used were “[email protected],” “[email protected],” “[email protected]” and “[email protected],” said The Seoul Shimun. The messages contained malicious code in attachments.

Breaking into personal computers through such spam mail is a tried and tested method for hackers all over the world.

It’s typically used to install malware that’s used for a range of nasty purposes. They can include logging key strokes, looking for credit card numbers or passwords, or simply sitting dormant until triggered to take part in a denial or service attack.

“A warning was issued by the Cyber Command last week, advising officers not to open these emails as a malicious code could be activated just by opening them or downloading attached files,” a military official in Seoul said, asking not to be named due to the sensitivity of the issue.

“We believe North Korea sent these emails to break into our military computer network,” he said. – The Korea Herald, May 31, 2011.

Whether the suspected hackers managed to get any information is unclear, the report said.

“We are trying to find out how much information North Korea has managed to collect via these spam mails,” he said. “We believe this has been going on for a long time, but important military data would have been inaccessible as officers cannot log on to hanmail accounts in the base.”- The Korea Herald, May 31, 2011.

That Hanmail access is blocked from military bases might not be enough. If soldiers are able to connect their own PCs to the base network or transfer data onto base PCs using USB memory sticks, the malware might have a path onto the secure network.

An affiliate of 38 North