Possible Cyber Attack Against South Korean Banks and TV Stations

B3ryllium writes "At least four broadcasters and two banks in South Korea are reporting massive computer accessibility issues, saying that their networks are 'paralyzed' by what looks like a cyber attack. Additional reports from Twitter suggest that hundreds of computers in the country powered off simultaneously at 2:20am, and reported "Boot device not found" errors. South Korea's military has upgraded its "Information Operation Condition (INFOCOM)" level from Level 4 to Level 3 in response to this situation."

Re:

[emho24]

INFOCOM LEVEL 3

Boo, I thought this was a text adventure game that I somehow overlooked when I was younger.

Re:

[Qzukk]

> get me the President on the horn.

I only understood you as far as wanting to get yourself.

Re:

[Hsien-Ko]

When it gets to level 0, they are more likely to have them eaten by a grue.

Re:

[ajlitt]

Level 1 is when they put on the Peril Sensitive Sunglasses.

Re:

[Looker_Device]

At level 0 Slim Pickens releases the great DDoS.

Re:

[WhatAreYouDoingHere]

from the summary: "Information Operation Condition (INFOCOM)"
Shouldn't that be INF O CON? There's no M in Condition.
Also, I thought INFOCOM was an old game company...

It's OK: battle.net is still up!

[Anonymous Coward]

South Korea citizens breathed a collective sigh of relief upon learning that battle.net servers were unaffected by the outage.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Dahamma]

Kim Jong Un probably plays Starcraft, too.

Additional updates since the initial crash

[bugbeak]

According to additional reports throughout the day, malware was transmitted through patch management servers, affecting hundreds of PCs at the broadcasters and banks. The malware was designed to target the master boot records of the computers, taking them offline, and according to another article, local security experts say that this is an example of an advanced persistent threat.

Re:

[c0lo]

security experts say that this is an example of an advanced persistent threat.

Are you sure is not a botched antivirus/windows update that "cures a MBR infection"?

(the advanced persistent threat may be quite a justified description if running Windows - especially if it's XP)

Re:

[bugbeak]

Are you sure is not a botched antivirus/windows update that "cures a MBR infection"?

(the advanced persistent threat may be quite a justified description if running Windows - especially if it's XP)

Investigations are still ongoing, and I'm just quoting and translating local media reports as they come.

Re:

[B3ryllium]

This is exactly why I described it as a "possible" cyber attack. Could just be a bad patch push. :)

Re:

[tokencode]

So let me understand, NK gains access to patch servers, can upload an infected update/patch to several hundred computers essentially letting them run arbitrary code and the best they could do was it make it so they did boot? It is either the most pathetic attempt at a government-sponsored cyber-attack to date (consistent with Fat Kim III regime's track-record) or it really was just some bad update....

Re:Additional updates since the initial crash

[Daetrin]

local security experts say that this is an example of an advanced persistent threat.

That sounds like an apt description of events.

Re:

[bugbeak]

That sounds like an apt description of events.

I see what you did there... I have to admit, that took me a few seconds to process.

Re:

[Sloppy]

That sounds like an apt description of events.

Let's wait to see what yummy details emerge.

It is pitch black.

[DarthVain]

You are likely to be eaten by a grue.

BBC News Article with followup

[billstewart]

BBC article [bbc.co.uk] says it's malware, not DDOS as originally speculated.

Even so, there was chaos, anarchy, dogs and cats living together, people having to pay cash at Starbucks...

Post informational era

[c0lo]

when computers and net are so ubiquitously integrated in society's life that can offer support for an attack. Too pity human nature didn't evolve past Neolithic: we continue to attack each other, even if examples show alternatives are possible [wikipedia.org]

Re:

[shentino]

Sometimes mere survival is not enough.

If you're a pig headed nation out for international supremacy, you must become better than your competition.

In the immortal words of Ray Kroc

"It is not enough that I succeed. Others must fail"

All politics is local

[billstewart]

Some nations are out for international supremacy. But some just have crazy people in charge who need to keep the level of crazy pumped up as a way of keeping their subjects in line. Fortunately, it's only exceptionally crazy countries like Best Korea that have that problem, and it would never happen here in the US.

Re:

[bill_mcgonigle]

we continue to attack each other

Most people are born into societies where violence is the controlling mechanism of regulation and such mechanisms are even venerated (loyalty pledges in schools, songs to its honor, mass media that glorifies the violence). It takes a certain level of intellectual rigor and honesty to understand this and move past it.

BTW, great link outlining the aspects of satyagraha that people need to accept to move past the old ways of primitive humans. I find that the lust for retributi

Re:

[c0lo]

My money is on Seagate Barracuda as I've had one sort of fail (it won't boot - the BIOS says it's not there, but the filesystem is fine and accessible once a LiveCD is booted instead) just the other day.

What makes Seagate Barracuda-s spinning in SK more special than in other places in this world?

This is a good thing.

[headhot]

Look at it this way, North Korea just blew its load and showed the world how it has compromised their networks. Now we can better defend our systems going forward, assuming businesses take away a lesson from this.

Re:This is a good thing.

[Xest]

I'm intrigued to know whether given the closed nature of North Korea and it's poor education systems whether it has the ability to perform this type of attack entirely indigenously or whether China has helped or given some kind of training on this.

I'm usually one to defend China as I think the threat of it is normally quite overblown, but I'm having a hard time believing North Korea has the talent to have done this entirely by itself.

Re:

[codegen]

North Korea has detonated several Nuclear Devices recently. While in general the education system is poor, there is a privileged elite that does get good education. So while I have to wait and see, I'm not going to be terribly surprised if the trail leads to NK. But I won't be surprised if it leads to China either.

Re:

[turgid]

North Korea has detonated several Nuclear Devices recently.

North Korea has claimed to have detonated 3 nuclear devices. There is no evidence that any of the explosions were nuclear in nature. No fission products (i.e. "radiation") have been detected.

Re:

[Xest]

I know where you're coming from, and whilst it's true that the privileged few in North Korea get sent to Western universities and so forth I have to ask if that's really enough?

Consider that most talented hackers in the world today whether from the West or from places like Russia are talented because they've grown up with the internet, they've been sat on it day in day out. That doesn't seem a realistic possibility in North Korea given that the pool of people with decent access is so utterly tiny it seems u

Re:

[Xest]

Who are these foreigners? am I a foreigner? Which country are we making some arbitrary assumption about that I come from here? Who has taken my job? It's the first I've heard of it, certainly never heard about any North Koreans getting employment around here.

Personally I'm quite happy for "foreigners" to come and "take" jobs in my country, I've always felt if someone can come from another country, often with a poorer education system, and sometimes with less experience with the English language then beat a

Re:

[bryan1945]

China has backed NK for a while now. I wouldn't be surprised if that included helping train computer specialists. They might not be backing NK now, but they could have the experience already.

Re:

[Dahamma]

Well, considering the same general thing has been accomplished by antisocial 16 year olds, it probably didn't require an army of formally trained computer scientists to pull this off...

Re:

[Xest]

As I mentioned in my other thread though, the key difference is that those antisocial 16 year olds that normally pull this off are still quite uncommon relative to the general internet population their age, and for them to exist they have to be found from a wide pool of internet users who have had (near?) life long access to the internet. That sort of environment with a wide pool of people with widespread internet access to produce these sorts of folk naturally just doesn't exist in North Korea.

Re:

[thevikas2]

North Korea has actually built a fairly good IT skill set recently (with a help of close friend-you know who). http://investvine.com/laos-signs-software-deal-with-north-korea/ [investvine.com] For example Korea Computer Center is getting orders from the west too besides some asian countries. Is it scary for us? or will it bring food for countrymen? or maybe both?

Not really

[slashmydots]

It was merely an attempt to contain Gangnam Style.

Re:

[davidbrit2]

Don't worry, Harlem Shake (whatever that is) appears to have taken care of that problem.

Re:

[bryan1945]

Oh no, you 2 just gave someone the idea for the Gangnam Shake: Harlem Style!

job done!

[auric_dude]

Send in Team America backed up by https://en.wikipedia.org/wiki/Cyberwarfare_in_the_United_States [wikipedia.org]

prelude to what the west can expect from china

[WindBourne]

Nk gets its help from its partner; China. I would not be surprised to find that the bios/eeprom was shipped with back doors.

Re:

[c0lo]

I wouldn't be surprised to hear about a really bad windows update for the Korean edition either (MS has more backdoors on computers running Windows than China would ever hope to have. But... yeah... being scared of China is more enticing, I reckon).

Re:

[WindBourne]

Look, c0lo, I understand that you want peace. I saw ppl like you in the 60's. The problem is that the Chinese gov is purposely on a collision course with the west. It should be obvious to anybody that china promises a lot, but breaks there word constantly. Even when pressed about it, they continue it.

From where I am sitting, this is a redux of USSR/the west, only we are at 1947, with USSR making lots of promises while pushing massive spying operations on their friends.

Re:

[c0lo]

From where I am sitting, this is a redux of USSR/the west, only we are at 1947, with USSR making lots of promises while pushing massive spying operations on their friends.

And, indeed, heaps of good resulted from the clash during '60-ies (with the NK being a very result of it).

Well, at least the music is still nice and somehow relevant ("Watch out where those huskies go" springs into mind), even if a pity I can't see a revival of the flower-power movement with the nowadays generation (e.g. I guess "Hair" lyrics would cause too much of outrage today, even be borderline to crime [allmusicals.com])

Re:

[WindBourne]

Well, First off, NK happened in 1945, in which the 38th parallel was used to split the country in 2 while things were sorted out. The northern half was under Soviet control and the southern half was under US control. Both nations promised to allow them free elections and when it came time, the Soviets renegged on that treaty and installed their own person. So, no, NK was NOT a cold war product, though NK's invasion of SK WAS a product of that. It was encouraged by USSR and Communist China (even though we ha

Re:

[c0lo]

I showed possible and (in my opinion) probable explanations on why the SK computers may have stopped working (and I even admit I might be wrong). From my perspective, would be enough to at least cast a doubt on the assumption it was an act of "aggression".

I'm seeing you in sticking to your position of attempting to infer an intentional attack and decline any possibility it may have just an act of incompetence [sophos.com].

The malware, detected proactively by Sophos products as Mal/EncPk-ACE, has been dubbed "DarkSeoul" by experts analysing its code at SophosLabs.

What's curious is that the malware is not particularly sophisticated. Sophos products have been able to detect the malware for nearly a year, and the various commands embedded in the malicious code have not been obfuscated.

For this reason, it's hard to jump to the immediate conclusion that this was necessarily evidence of a "cyberwarfare" attack coming from North Korea.

Backing up the evidence that the attack was targeted against South Korean computers, Sophos experts have determined that "DarkSeoul" attempts to disable two popular anti-virus products developed in the country: AhnLab and Hauri AV.

I'm also seeing you in putting words into my mouth and constructing a straw man for you to have so

Re:

[History's Coming To]

If this was company X (Windows) and company Y (Linux) we'd be laughing at X and saying they should be following company Y's example.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Oh Apple

[TheSkepticalOptimist]

Leave Samsung alone.

Re:

[LeadSongDog]

If Google had kept Android under the GPL, Apple wouldn't need to crack in to Samsung just to get the source...

Dependent on Old IE

[Anonymous Coward]

South Korea is one of the last strongholds of IE6. Why? They standardized (and legally mandated) support for an encryption protocol only supported within an ActiveX control. They made it impossible for banks and other large institutions to ever upgrade.

First think of all the security holes available for IE6. Then think of all the security holes available for ActiveX. Now stand in awe that this hasn't happened sooner.

But it was a "Zony Baio" semi-brand name...

[kimgkimg]

That's why you don't buy the computers wrapped in saran wrap at the Yongsan electronics mall...

Re:

[kimgkimg]

No, has nothing to do with pronunciation. You'd actually see knockoff computers with these types of labels on their products and on the boxes. Always made me laugh to see what creative ways they'd come up with to alter the original brands. Zony, Tony, Panasoanic, etc.

update ?

[Spaham]

So, they updated to windows 8 finally ?

Mister, you're grounded!

[kheldan]

Time to take away Kim Jong Un's Xbox (or does he have a PS3?) until he learns to play nice with the neighbor kids?

Varanoid has a preliminary analysis of the virus

[Diamonddavej]

Varanoid.com has just posted an initial analysis of the malware, how it wipes the MBR, forces two popular South Korean anti-virus software programs to shut down and and scans the network for vulnerable systems. It also attempts to wipe the MBR on the Unix systems Linux, HP-UX, and SunOS. It overwrites the MBR with one of these three strings...

PRINCPES
PR!NCPES
HASTATI.

From wiki: "Hastati (singular: Hastatus) were a class of

Re:

[mellyra]

From wiki: "Hastati (singular: Hastatus) were a class of infantry in the armies of the early Roman Republic who originally fought as spearmen, and later as swordsmen."

PRINCPES seems to be a misspelling of principes [wikipedia.org] which were the early republic's heavy infantry.