Cyber attack capabilities and speculation

According to the Joong Ang Ilbo:

North Korea was caught attempting cyberattacks on Incheon International Airport using viruses planted in game programs, according to the Seoul Metropolitan Police Agency.

A 39-year-old South Korean game distributor was arrested on Sunday for involvement and charged with violating the National Security Law. The National Intelligence Service helped arrest him, police said.

According to the police, the South Korean man, identified by the surname Jo, traveled to Shenyang, northeastern China, starting in September 2009 and met agents of an alleged North Korean trading company. He allegedly asked them to develop game software to be used in the South.

The North Koreans were actually agents from the North’s Reconnaissance General Bureau, and Jo was aware of that, police said.

Jo purchased dozens of computer game software for tens of millions of won, which was a third the cost of the same kind of software in the South. The games were infected with malignant viruses, of which Jo knew, an official at the police agency said.

Jo sold the games to South Korean operators of online games. When people played the games, the viruses used their computers as zombies, through which the cyberattack was launched.

So-called “a distributed denial-of-service attack,” this cyberattack against Incheon International Airport occurred two or three times in March 2011, police said. The attack was fended off by the intelligence authorities in the South.

The police and intelligence authorities also suspect that the North’s Reconnaissance General Bureau is behind a technical glitch in the flight data processor that paralyzed air traffic control at Incheon International Airport for nearly an hour last Sept. 15. It’s not clear if Jo’s viruses were linked. The glitch disrupted the departures of 18 airplanes from the airport. Initially, the Ministry of Land, Transport and Maritime Affairs said it wasn’t linked to North Korea.

AFP reports some slightly different details:

Cho, who was detained on May 23, sold the programmes to South Korean game operators, according to police.

They said the malicious software would paralyse users’ computers and steal personal information. It was not immediately clear how many computers may have been infected.

Cho is also accused of allowing North Korean agents to use his server for distributing denial-of-service (DDoS) attacks on the South’s online systems.

He is alleged to have kept personal information on hundreds of thousands of people from major portals at his home.

Read the full stories here:
Incheon Airport cyberattack traced to Pyongyang
Joongang Ilbo
2012-6-5

S. Korean held for selling N. Korean malware
AFP
2012-6-4

Share

Comments are closed.