Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security IT

Possible Cyber Attack Against South Korean Banks and TV Stations 80

Posted by Unknown Lamer
from the acne-ridden-child-soldiers dept.
B3ryllium writes "At least four broadcasters and two banks in South Korea are reporting massive computer accessibility issues, saying that their networks are 'paralyzed' by what looks like a cyber attack. Additional reports from Twitter suggest that hundreds of computers in the country powered off simultaneously at 2:20am, and reported "Boot device not found" errors. South Korea's military has upgraded its "Information Operation Condition (INFOCOM)" level from Level 4 to Level 3 in response to this situation."
This discussion has been archived. No new comments can be posted.

Possible Cyber Attack Against South Korean Banks and TV Stations

Comments Filter:
  • by Anonymous Coward on Wednesday March 20, 2013 @09:01AM (#43223297)

    South Korea citizens breathed a collective sigh of relief upon learning that battle.net servers were unaffected by the outage.

  • by bugbeak (711163) on Wednesday March 20, 2013 @09:04AM (#43223335)
    According to additional reports throughout the day, malware was transmitted through patch management servers, affecting hundreds of PCs at the broadcasters and banks. The malware was designed to target the master boot records of the computers, taking them offline, and according to another article, local security experts say that this is an example of an advanced persistent threat.
    • by c0lo (1497653)

      security experts say that this is an example of an advanced persistent threat.

      Are you sure is not a botched antivirus/windows update that "cures a MBR infection"?

      (the advanced persistent threat may be quite a justified description if running Windows - especially if it's XP)

      • by bugbeak (711163)

        Are you sure is not a botched antivirus/windows update that "cures a MBR infection"?

        (the advanced persistent threat may be quite a justified description if running Windows - especially if it's XP)

        Investigations are still ongoing, and I'm just quoting and translating local media reports as they come.

      • by B3ryllium (571199)

        This is exactly why I described it as a "possible" cyber attack. Could just be a bad patch push. :)

    • So let me understand, NK gains access to patch servers, can upload an infected update/patch to several hundred computers essentially letting them run arbitrary code and the best they could do was it make it so they did boot? It is either the most pathetic attempt at a government-sponsored cyber-attack to date (consistent with Fat Kim III regime's track-record) or it really was just some bad update....
    • by Daetrin (576516) on Wednesday March 20, 2013 @09:57AM (#43223955)

      local security experts say that this is an example of an advanced persistent threat.

      That sounds like an apt description of events.

    • BBC article [bbc.co.uk] says it's malware, not DDOS as originally speculated.

      Even so, there was chaos, anarchy, dogs and cats living together, people having to pay cash at Starbucks...

  • when computers and net are so ubiquitously integrated in society's life that can offer support for an attack. Too pity human nature didn't evolve past Neolithic: we continue to attack each other, even if examples show alternatives are possible [wikipedia.org]
    • by shentino (1139071)

      Sometimes mere survival is not enough.

      If you're a pig headed nation out for international supremacy, you must become better than your competition.

      In the immortal words of Ray Kroc

      "It is not enough that I succeed. Others must fail"

      • Some nations are out for international supremacy. But some just have crazy people in charge who need to keep the level of crazy pumped up as a way of keeping their subjects in line. Fortunately, it's only exceptionally crazy countries like Best Korea that have that problem, and it would never happen here in the US.

    • we continue to attack each other

      Most people are born into societies where violence is the controlling mechanism of regulation and such mechanisms are even venerated (loyalty pledges in schools, songs to its honor, mass media that glorifies the violence). It takes a certain level of intellectual rigor and honesty to understand this and move past it.

      BTW, great link outlining the aspects of satyagraha that people need to accept to move past the old ways of primitive humans. I find that the lust for retributi

  • Look at it this way, North Korea just blew its load and showed the world how it has compromised their networks. Now we can better defend our systems going forward, assuming businesses take away a lesson from this.

    • by Xest (935314) on Wednesday March 20, 2013 @10:53AM (#43224483)

      I'm intrigued to know whether given the closed nature of North Korea and it's poor education systems whether it has the ability to perform this type of attack entirely indigenously or whether China has helped or given some kind of training on this.

      I'm usually one to defend China as I think the threat of it is normally quite overblown, but I'm having a hard time believing North Korea has the talent to have done this entirely by itself.

      • by codegen (103601)
        North Korea has detonated several Nuclear Devices recently. While in general the education system is poor, there is a privileged elite that does get good education. So while I have to wait and see, I'm not going to be terribly surprised if the trail leads to NK. But I won't be surprised if it leads to China either.
        • by turgid (580780)

          North Korea has detonated several Nuclear Devices recently.

          North Korea has claimed to have detonated 3 nuclear devices. There is no evidence that any of the explosions were nuclear in nature. No fission products (i.e. "radiation") have been detected.

        • by Xest (935314)

          I know where you're coming from, and whilst it's true that the privileged few in North Korea get sent to Western universities and so forth I have to ask if that's really enough?

          Consider that most talented hackers in the world today whether from the West or from places like Russia are talented because they've grown up with the internet, they've been sat on it day in day out. That doesn't seem a realistic possibility in North Korea given that the pool of people with decent access is so utterly tiny it seems u

      • by bryan1945 (301828)

        China has backed NK for a while now. I wouldn't be surprised if that included helping train computer specialists. They might not be backing NK now, but they could have the experience already.

      • by Dahamma (304068)

        Well, considering the same general thing has been accomplished by antisocial 16 year olds, it probably didn't require an army of formally trained computer scientists to pull this off...

        • by Xest (935314)

          As I mentioned in my other thread though, the key difference is that those antisocial 16 year olds that normally pull this off are still quite uncommon relative to the general internet population their age, and for them to exist they have to be found from a wide pool of internet users who have had (near?) life long access to the internet. That sort of environment with a wide pool of people with widespread internet access to produce these sorts of folk naturally just doesn't exist in North Korea.

      • by thevikas2 (976355)
        North Korea has actually built a fairly good IT skill set recently (with a help of close friend-you know who). http://investvine.com/laos-signs-software-deal-with-north-korea/ [investvine.com] For example Korea Computer Center is getting orders from the west too besides some asian countries. Is it scary for us? or will it bring food for countrymen? or maybe both?
  • Not really (Score:4, Funny)

    by slashmydots (2189826) on Wednesday March 20, 2013 @09:25AM (#43223561)
    It was merely an attempt to contain Gangnam Style.
  • Send in Team America backed up by https://en.wikipedia.org/wiki/Cyberwarfare_in_the_United_States [wikipedia.org]
  • by WindBourne (631190) on Wednesday March 20, 2013 @09:36AM (#43223679) Journal
    Nk gets its help from its partner; China. I would not be surprised to find that the bios/eeprom was shipped with back doors.
    • by c0lo (1497653)
      I wouldn't be surprised to hear about a really bad windows update for the Korean edition either (MS has more backdoors on computers running Windows than China would ever hope to have. But... yeah... being scared of China is more enticing, I reckon).
      • Look, c0lo, I understand that you want peace. I saw ppl like you in the 60's. The problem is that the Chinese gov is purposely on a collision course with the west. It should be obvious to anybody that china promises a lot, but breaks there word constantly. Even when pressed about it, they continue it.

        From where I am sitting, this is a redux of USSR/the west, only we are at 1947, with USSR making lots of promises while pushing massive spying operations on their friends.
        • by c0lo (1497653)

          From where I am sitting, this is a redux of USSR/the west, only we are at 1947, with USSR making lots of promises while pushing massive spying operations on their friends.

          And, indeed, heaps of good resulted from the clash during '60-ies (with the NK being a very result of it).

          Well, at least the music is still nice and somehow relevant ("Watch out where those huskies go" springs into mind), even if a pity I can't see a revival of the flower-power movement with the nowadays generation (e.g. I guess "Hair" lyrics would cause too much of outrage today, even be borderline to crime [allmusicals.com])

          • Well, First off, NK happened in 1945, in which the 38th parallel was used to split the country in 2 while things were sorted out. The northern half was under Soviet control and the southern half was under US control. Both nations promised to allow them free elections and when it came time, the Soviets renegged on that treaty and installed their own person. So, no, NK was NOT a cold war product, though NK's invasion of SK WAS a product of that. It was encouraged by USSR and Communist China (even though we ha
            • by c0lo (1497653)

              I showed possible and (in my opinion) probable explanations on why the SK computers may have stopped working (and I even admit I might be wrong). From my perspective, would be enough to at least cast a doubt on the assumption it was an act of "aggression".

              I'm seeing you in sticking to your position of attempting to infer an intentional attack and decline any possibility it may have just an act of incompetence [sophos.com].

              The malware, detected proactively by Sophos products as Mal/EncPk-ACE, has been dubbed "DarkSeoul" by experts analysing its code at SophosLabs.

              What's curious is that the malware is not particularly sophisticated. Sophos products have been able to detect the malware for nearly a year, and the various commands embedded in the malicious code have not been obfuscated.

              For this reason, it's hard to jump to the immediate conclusion that this was necessarily evidence of a "cyberwarfare" attack coming from North Korea.

              Backing up the evidence that the attack was targeted against South Korean computers, Sophos experts have determined that "DarkSeoul" attempts to disable two popular anti-virus products developed in the country: AhnLab and Hauri AV.

              I'm also seeing you in putting words into my mouth and constructing a straw man for you to have so

    • If this was company X (Windows) and company Y (Linux) we'd be laughing at X and saying they should be following company Y's example.
  • by asifyoucare (302582) on Wednesday March 20, 2013 @09:41AM (#43223761)
    The attacks were traced to two acoustic couplers in Pyongyang. Televideo 925s were confiscated.
  • Leave Samsung alone.

    • If Google had kept Android under the GPL, Apple wouldn't need to crack in to Samsung just to get the source...
  • by Anonymous Coward

    South Korea is one of the last strongholds of IE6. Why? They standardized (and legally mandated) support for an encryption protocol only supported within an ActiveX control. They made it impossible for banks and other large institutions to ever upgrade.

    First think of all the security holes available for IE6. Then think of all the security holes available for ActiveX. Now stand in awe that this hasn't happened sooner.

  • That's why you don't buy the computers wrapped in saran wrap at the Yongsan electronics mall...
  • So, they updated to windows 8 finally ?

  • Time to take away Kim Jong Un's Xbox (or does he have a PS3?) until he learns to play nice with the neighbor kids?
  • Varanoid.com has just posted an initial analysis of the malware, how it wipes the MBR, forces two popular South Korean anti-virus software programs to shut down and and scans the network for vulnerable systems. It also attempts to wipe the MBR on the Unix systems Linux, HP-UX, and SunOS. It overwrites the MBR with one of these three strings...

    PRINCPES
    PR!NCPES
    HASTATI.

    From wiki: "Hastati (singular: Hastatus) were a class of

    • by mellyra (2676159)

      From wiki: "Hastati (singular: Hastatus) were a class of infantry in the armies of the early Roman Republic who originally fought as spearmen, and later as swordsmen."

      PRINCPES seems to be a misspelling of principes [wikipedia.org] which were the early republic's heavy infantry.

I've never been canoeing before, but I imagine there must be just a few simple heuristics you have to remember... Yes, don't fall out, and don't hit rocks.

Working...