"According to South Korean experts, Pyongyang’s electronic warfare capabilities are second only to Russia and the United States."
Not sure how accurate THAT statement is, but North Korea has waged electronic warfare multiple times in the past including jamming SK's GPS systems at one point. They probably have a fully capable electronics warfare unit.
Its also quite possible that China supplies the technology/know how to conduct such attacks and uses NK as a proxy to test systems as SK military procedures are somewhat related to the United States.
Also, South Korea has REALLY bad security. For example, if you want to use some form of online banking you must use an ActiveX control with IE.
"Also, South Korea has REALLY bad security. For example, if you want to use some form of online banking you must use an ActiveX control with IE."
I've heard about that, and that it's a major impediment to the adoption of new browsers, but I'm wondering how that gels with the (uncomfortable/awkward?) zeitgeist of Samsung.
I was under the impression that Japan went 'mobile first' years ago and their phones have been their touchpoint (no pun intended) to the internet from before the iPhone launched and that desktop PCs weren't a big thing.
Are SK residents using their Life Companions* tethered to a PC to do their day-to-day banking on a PC? Akin to iTunes?
Are you suggesting that Russia or the US are supplying North Korea with the know-how? :P
1. He/she was only quoting the Korea Herald.
2. We don't have credentials on these "South Korean experts." I would expect that if they are not part of the military then they might have even less knowledge of what they are talking about.
3. North Korea is a bigger threat to South Korea than China is. That may skew opinions.
A large chunk of NK's income comes through a group called Room 39. They are the experts in Money Laundering, Drug trafficking and cyber warfare.. They also make the best fake dollars around, distributed using restaurant chain Pyongyang.
"A possible cyber attack temporarily shut down computer networks" ... "Operations at the two banks were back to normal later in the afternoon and it was still unclear what caused the disruptions"
So it might have been a cyber attack. It might not.
"President Park Geun Hye’s administration created a cyber crisis headquarters to investigate whether North Korea is behind the outages"
I would have thought it would have been created to see if it actually was a cyber attack before assigning blame.
In the UK banking systems have failed repeatedly in recent months. The first thought isn't a cyber attack. The first thought is banks messed up.
I don't get why tensions would rise if currently they cannot even determine if it is a cyber attack or not.
Because this is exactly the scenario that plays out every time North Korea "attacks" South Korea. No one ever owns it, just like with the submarine http://www.bbc.co.uk/news/10129703. It's an "accident" or it's inconclusive.
Also, neither side wants to conclusively blame the other, because hey, they're still at odds. Stepping a single foot into the DMZ without permission can get you shot at.
SK is probably trying to give them the benefit of the doubt but is relatively sure it was them.
I would think it has little to do with the benefit of the doubt and everything to do with retaliation and escalation.
If the South found that the North definitely sunk a South submarine, the people would (more loudly) call for retaliation. And while everyone is certain what that would lead to, no-one's quite sure where it would end and no-one doubts that the losses for all involved will massively dwarf the loss of a single ship.
And there's always the possibility that the South really was in the wrong. That their ship had violated an agreement by doing something they'd rather not publicize.
(Not unlike the subdued US reaction to the EP3/Mig-21 collision in 2001. Were the US 'innocent' the rhetoric would have sounded much different than it did. But even then, the risks of escalation far outweigh the losses at hand.)
Sometime ago there was news "North Korea under cyber attach" or sth like that. Now this.
So, this is an "attack" or "counter-attack"? Anyway, am I the only who who is smelling that that sense of retaliation was routed from some other country as one can actually doubt North Korea's cyber prowess.
South Korean Internet is micro-monitored like many tyrannies(though not on the same scale" so I guess the attack was sophisticated and of some calibre.
Expect more of the same from South Korea in the weeks, months, and (unfortunately) years to come. These massive attacks have been happening for many years now, and nobody seems to have learned a thing.
The latest news here in Korea says that bank employees' PCs were infected through a compromised third-party package management system. Only two years ago, 35 million accounts at one of South Korea's most popular social networking services was compromised through a similar route: the attackers broke into the update servers of a popular antivirus software, which was used on employees' PCs. Same story, only with different companies.
And of course, by "PC", I mean machines running Windows XP with the user always logged in as administrator and IE's security setting somewhere between Medium-Low and Low, because how else are you going to browse the ActiveX web? The companies that provide package management systems and antivirus software probably also use similar PCs, which is likely to be one of the reasons why they got compromised in the first place.
Macs are getting popular nowadays among chic teenagers and college kids, but on the other hand, a long-time member of an IT forum that I frequent recently asked whether he should upgrade from IE6 to IE8 on his primary computer. We might make the best Android phones in the world, but the rest of South Korea's IT infrastructure is nothing but a series of facepalms.
And the first thing the leaders do is blame North Korea. Which they have been doing every time something similar happened in the last 4-5 years. I don't know whether it's actually NK or not, but as for improving the system, nope, my brother's university still asks him to disable several of IE9's security measures every time he logs in.
A year ago we looked into how feasible it would be to expand operations of our company beyond the US. Because we have a Korean-born Korean as a core team member, it was placed very high on the list of countries to explore. That spot lasted about fifteen minutes. By law in South Korea, you have to use an ActiveX plugin (and therefore IE) to process eCommerce transactions [1].
Looking it up just now to see what has changed in six months, I see that it's not strictly true anymore. The official policy allows for other browsers, but none of the steps necessary to allow those browsers have occurred.
Yep, the official policy now allows for other browsers, and even encourages banks to implement web standards. But nobody is willing to implement the software that is necessary to port the current public key infrastructure to non-Windows, non-IE platforms, simply because there is not much money to be made. Some of the large banks have come up with half-baked cross-platform services to appeal to rich kids with Macs, but payment gateways have not changed at all.
Only geeks use Chrome here, and I'm probably the only person in my town who uses Firefox. Mobile, of course, is a very large market, but banks just write their own Android & iOS apps and call it a day.
Oh well, another country where it is a matter of (little) time until visa/mastercard/16 digit number cards breaks through.
I don't understand these people's reasoning. Relentless innovation is how you become and stay the best. Kicking down the competition, secure in your market position is how you die. It may take a bitcoin, but sooner or later these companies are doomed.
No, I'm referring to the Nate/Cyworld incident, in which an update to the Alyak (알약) antivirus program, developed by ESTsoft, was regarded as a prime suspect. Alyak is extremely popular in Korea, due to the fact that it is free and comes bundled with Alzip (알집), a popular compression utility. IMO the entire Altools (알툴즈) family of programs is utter shit. Their entire domain is blacklisted in every PC I manage.
Ahnlab is a much more respectable company, and I have yet to hear of a major security incident where Ahnlab software was implicated. Their V3 line of software are clearly not the best in the industry, but I would be very surprised if they were any worse than other antiviruses.
Edit: According to the latest news, today's malware was disguised as a component of an antivirus program sold by Hauri, Inc. (하우리)
28 comments
[ 2.6 ms ] story [ 65.5 ms ] threadAnyway with current information one can only speculate on what just happened in Korea and who was behind it.
If that's the maximum NK can do I wouldn't be worried
What would worry me is the old and insecure system South Korea uses (based on IE and ActiveX), that should be their biggest worry right now.
"According to South Korean experts, Pyongyang’s electronic warfare capabilities are second only to Russia and the United States."
Not sure how accurate THAT statement is, but North Korea has waged electronic warfare multiple times in the past including jamming SK's GPS systems at one point. They probably have a fully capable electronics warfare unit.
Its also quite possible that China supplies the technology/know how to conduct such attacks and uses NK as a proxy to test systems as SK military procedures are somewhat related to the United States.
Also, South Korea has REALLY bad security. For example, if you want to use some form of online banking you must use an ActiveX control with IE.
I've heard about that, and that it's a major impediment to the adoption of new browsers, but I'm wondering how that gels with the (uncomfortable/awkward?) zeitgeist of Samsung.
I was under the impression that Japan went 'mobile first' years ago and their phones have been their touchpoint (no pun intended) to the internet from before the iPhone launched and that desktop PCs weren't a big thing.
Are SK residents using their Life Companions* tethered to a PC to do their day-to-day banking on a PC? Akin to iTunes?
*http://www.samsung.com/global/microsite/galaxys4/
Most people have Windows/IE installed together with their preferred OS/browser, myself included.
For mobile banking the situation's a little bit better but it is cumbersome nonetheless.
I think the payment system in S. Korea has a lot of potential for disruption, but the current regulatory laws force the businesses to use ActiveX.
Wow. Here I was thinking CFAA was a bad law.
> China supplies the technology/know how to conduct such attacks
You have your bogeymen in wrong order it seems, if China is behind North Korea in it how can they help?
1. He/she was only quoting the Korea Herald.
2. We don't have credentials on these "South Korean experts." I would expect that if they are not part of the military then they might have even less knowledge of what they are talking about.
3. North Korea is a bigger threat to South Korea than China is. That may skew opinions.
http://en.wikipedia.org/wiki/Room_39
http://en.wikipedia.org/wiki/Pyongyang_(restaurant_chain)
this is similar to ruby's package management hack earlier, but this time at a software level with ability to infect PC's/servers/etc...
"A possible cyber attack temporarily shut down computer networks" ... "Operations at the two banks were back to normal later in the afternoon and it was still unclear what caused the disruptions"
So it might have been a cyber attack. It might not.
"President Park Geun Hye’s administration created a cyber crisis headquarters to investigate whether North Korea is behind the outages"
I would have thought it would have been created to see if it actually was a cyber attack before assigning blame.
In the UK banking systems have failed repeatedly in recent months. The first thought isn't a cyber attack. The first thought is banks messed up.
I don't get why tensions would rise if currently they cannot even determine if it is a cyber attack or not.
Also, neither side wants to conclusively blame the other, because hey, they're still at odds. Stepping a single foot into the DMZ without permission can get you shot at.
SK is probably trying to give them the benefit of the doubt but is relatively sure it was them.
If the South found that the North definitely sunk a South submarine, the people would (more loudly) call for retaliation. And while everyone is certain what that would lead to, no-one's quite sure where it would end and no-one doubts that the losses for all involved will massively dwarf the loss of a single ship.
And there's always the possibility that the South really was in the wrong. That their ship had violated an agreement by doing something they'd rather not publicize.
(Not unlike the subdued US reaction to the EP3/Mig-21 collision in 2001. Were the US 'innocent' the rhetoric would have sounded much different than it did. But even then, the risks of escalation far outweigh the losses at hand.)
So, this is an "attack" or "counter-attack"? Anyway, am I the only who who is smelling that that sense of retaliation was routed from some other country as one can actually doubt North Korea's cyber prowess.
South Korean Internet is micro-monitored like many tyrannies(though not on the same scale" so I guess the attack was sophisticated and of some calibre.
The latest news here in Korea says that bank employees' PCs were infected through a compromised third-party package management system. Only two years ago, 35 million accounts at one of South Korea's most popular social networking services was compromised through a similar route: the attackers broke into the update servers of a popular antivirus software, which was used on employees' PCs. Same story, only with different companies.
And of course, by "PC", I mean machines running Windows XP with the user always logged in as administrator and IE's security setting somewhere between Medium-Low and Low, because how else are you going to browse the ActiveX web? The companies that provide package management systems and antivirus software probably also use similar PCs, which is likely to be one of the reasons why they got compromised in the first place.
Macs are getting popular nowadays among chic teenagers and college kids, but on the other hand, a long-time member of an IT forum that I frequent recently asked whether he should upgrade from IE6 to IE8 on his primary computer. We might make the best Android phones in the world, but the rest of South Korea's IT infrastructure is nothing but a series of facepalms.
And the first thing the leaders do is blame North Korea. Which they have been doing every time something similar happened in the last 4-5 years. I don't know whether it's actually NK or not, but as for improving the system, nope, my brother's university still asks him to disable several of IE9's security measures every time he logs in.
Looking it up just now to see what has changed in six months, I see that it's not strictly true anymore. The official policy allows for other browsers, but none of the steps necessary to allow those browsers have occurred.
[1] http://gadgets.ndtv.com/internet/news/how-south-korea-became...
Only geeks use Chrome here, and I'm probably the only person in my town who uses Firefox. Mobile, of course, is a very large market, but banks just write their own Android & iOS apps and call it a day.
I don't understand these people's reasoning. Relentless innovation is how you become and stay the best. Kicking down the competition, secure in your market position is how you die. It may take a bitcoin, but sooner or later these companies are doomed.
Are you referring to Ahnlab?
I'm convinced that Ahnlab's virus scanner software is itself a form of spyware. Wouldn't surprise me at all if it has been used as an attack vector.
Ahnlab is a much more respectable company, and I have yet to hear of a major security incident where Ahnlab software was implicated. Their V3 line of software are clearly not the best in the industry, but I would be very surprised if they were any worse than other antiviruses.
Edit: According to the latest news, today's malware was disguised as a component of an antivirus program sold by Hauri, Inc. (하우리)