Information Warfare: North Korea Decloaks


March 12, 2011: North Korea is suspected as responsible for a recent (March 4-5) attack on South Korean bank and government networks. These DDOS (distributed denial of service) attacks prevent users from using the attacked sites. What was different here was that the DDOS attacks were carried by thousands of South Korean PCs that had been secretly infected with a program that turned those PCs into "zombies". Apparently controlled, secretly, by someone in North Korea, some 34,000 of these zombies were used for the recent DDOS attacks. Worse, those controlling the zombies sent them an order to erase their hard drive. This appears to be a wartime type attack, designed to do maximum disruption and damage.

This is the third year in a row that such attacks have taken place. In 2009, there were several days of DDOS attacks on government and military web sites in South Korea and the United States. Last year, there was another series of similar attacks. Unlike the 2009 attacks, the 2010 ones caused little damage or disruption. The attacks last year were transmitted by 260,000 hijacked PCs. Most of those have since been identified and cleaned up. The hacker code was programmed to attack U.S. and South Korean web sites every year, between July 4th and 7th. But some PCs (under 500) did not have the hacker code removed, and, on schedule, went at it again, it was a much weaker attack.

Last year's attacks were initially believed to have been organized by North Korea. But no conclusive evidence could be found for this. But investigators did eventually collect a lot of evidence pointing north. The DDOS "attack PCs" first have to be hijacked. This is done by using a computer virus (often delivered as an email attachment or via an infected web site), that installs a secret Trojan horse type program, that allows someone else to take over that computer remotely, and turn it into a "zombie" for spamming or DDOS attacks. There are millions of zombie PCs out there, and these can be rented, either for spamming or launching DDOS attacks. Anyone with about $100,000 in cash, including North Korea, could have carried out the attacks. But now the North Koreans appear to be creating their own zombies and devising attacks from North Korea.

You can equip a web site to resist, or even brush off, a DDOS attack, and some of those attacked were prepared. But others were not. But the zombines and computer viruses left behind evidence, which pointed to North Korea as the origin of much of the recent hanking.

For the 2009 and 2010 attacks, there were no obvious suspects, other than perhaps bored teenagers or someone with a grudge against the U.S. and South Korean governments. A lot of hacker attacks on government computer networks appear to be aimless, and seemingly for thrills, not espionage or making a political statement. But that has changed, and it's now believed that North Korean Cyber War operatives were very closely involved for the last three year's worth of attacks.

A few months ago, South Korea has completed the installation of special hardware and software to protect government and military Internet sites from the massive attacks they have received recently. These defensive preparations are expensive, and ISP (Internet Service Provider) companies have to be convinced, or compelled, to cooperate and install the needed equipment that can deflect these attacks. The latest attacks ran into these defenses, and the damage was limited. But then it emerged that the infected South Korean zombie PCs were also getting a message to erase all their data.





Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close