S. Korea Says Cyber Attack From North Wiped 48,700 Machines

wiredmikey writes "An official investigation into a major cyber attack on South Korean banks and broadcasters last month has determined that North Korea's military intelligence agency was responsible. An investigation into access records and the malware used in the attack pointed to the North's military Reconnaissance General Bureau as the source, the Korea Internet and Security Agency (KISA) said on Wednesday. To spread the malware, the attackers went through 49 different places in 10 countries including South Korea, the investigation found. The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."

Re:Civillian cyber-casualties

[Anon, Not Coward D]

But I'm sure most civilians prefer an empty computer rather than being dead...

Re:Civillian cyber-casualties

[carlhaagen]

"but without all the mess" - as long as you don't count the mess that come with society's backbone starting to wobble. Our infrastructure's and societal functions' dependency on the Internet is grossly underestimated. This is a fact.

Re:Civillian cyber-casualties

[camperdave]

Well, like the old saying goes: If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.

Re:victims deserved it

[ScentCone]

victims deserved it

Uh huh. And if NK decides to shell another island or sink another boat, it will be entirely SK's fault for not making a powerful magic force field that can deflect artillery shells and torpedoes. Victims are always to blame, because they definitely cause their attackers to attack them, because of their weakness, right?

What, is your junior high school out on lunch break right now? Go outside and get some exercise, and quit wasting time building up an interior justification for the future bad shit you're going to do to other people when you get your own computer and stuff.

Re:victims deserved it

[iggymanz]

logic fails you. these cyber attacks are preventable by proper security practices - the internet is a hostile place and there is no excuse for laziness in security by IT people. Do you keep your money stacked on the sidewalk in front of your house overnight, or do you make some effort to keep thieves from easily snatching it? your attitude is the problem we in IT face

Re:Civillian cyber-casualties

[Anonymous Coward]

If you're doing proper backups, your livelyhood shouldn't be threatened. But there ain't no restoring a dead person from backup.

Re:victims deserved it

[Anonymous Coward]

victims deserved it

Uh huh. And if NK decides to shell another island or sink another boat, it will be entirely SK's fault for not making a powerful magic force field that can deflect artillery shells and torpedoes. Victims are always to blame, because they definitely cause their attackers to attack them, because of their weakness, right?

And people who leave the logins set to the factory default account=Admin, password=1234, aren't to blame, either.

Nonetheless, they will provide examples that we may call "Natural Selection At Work".

Re:Civillian cyber-casualties

[RabidReindeer]

But I'm sure most civilians prefer an empty computer rather than being dead...

Civilian computers are not the primary target. A military cyber-attack would primarily be focussed on leaving the target area without electrical power, water, transportation (including traffic lights) or communications, with its banking and financial capabilities damaged. Consider, for example, how Iran was targeted. Their nuclear centrifuges were deliberately made to spin "off-key" with the intent that the results would be useless and the centrifuges would be physically ruined.

Obviously, if you can keep everyone busy trying to restore their personal computers and devices at the same time, it's a bonus. That way they're distracted from working on core infrastructure.

Re:Civillian cyber-casualties

[cayenne8]

How would your livelihood be threatened if your PC was wiped? I guess you don't keep regular backups, which is the most idiotic thing I have heard all week.

It isn't so much a person's personal PC that is the danger, but of having his bank disrupted, and he can't get money. If food distribution is messed up, if drugs can't be accessed...all this stuff is interconnected.

Let's see what happens when some extremely urban center gets hit, say like NYC...the power goes out, food can't get in/out, and see how long it takes for things to go bad really fast.

Hell, with so many out there living cashless....what are they going to use for payment for things, if that system is down for awhile? That alone would bring a lot of misery, even if you discount the more tragic events I put forth above.

Re:Civillian cyber-casualties

[tqk]

I'm still surprised they had the tech chops to pull that off ...

You can buy tech chops. Cf. Werner von Braun. There's always been plenty of people who're easily persuaded to supress any sense of morality or ethics that might get in the way of them getting the filthy lucre. Some (WvB again) aren't even after money.

Re:The Scoop

[chispito]

more accurately, it checks for parameters of any ssh connection *with root privileges*. everyone see the problem there? every owner of every machine that fell to the n. korean attack richly deserved what they got. piss poor security will bite one in the ass.

People with poor security do not *deserve* an attack.

Re:Civillian cyber-casualties

[hawkinspeter]

Unless you're a buddhist.

Re:Civillian cyber-casualties

[jabuzz]

I would add that even having cash is no good if the power is out. These days even the till won't open, the scales won't weigh anything and the pump's won't pump the fuel. Heck even the water in the taps will stop flowing rather quicker than you might imagine without power.

So while I do have emergency cash and both VISA and Mastercard credit cards I am realistic that in the event of a total failure it won't get me that far.

Re: Civillian cyber-casualties

[Anonymous Coward]

Speaking as someone who designs control systems like what you talk about for a living, the chances of that are slim. To penetrate the Iranian centrifuges someone had to first physically infect the computers in the facility(windows based pc's) and then a technician had to connect to a seperate network that contained the PLC's controlling centrifuges and put a new program on them(the malware then spliced itself into the program while it was downloading). This kind of attack tookany years to plan out and cooperation from the company that manurfactured the PLC's(Siemens), and it required the tech reprogramming them, which would only happen because the system was still in it's software infancy.

To apply this to something like a power station or a dam, someone would have to investigate the target and figure out exactly what control signals the PLc needed to output, then figure out how to infect it(highly unlikely because it depends on someone putting a new program on the PlC, in a proven system like a dam this is a rare occurance(less than once every 5 years probably)). And then the attack would only effect that one specific dam, no others. It would need to be redone for every attack.

Simply disabling the control systems wouldn't do any physical damage because of the fail safes designed into systems.

Compare that to simply bombing the dam and you'll find it'd not worth it in the least. The control malfunction is fixable, a bombed dam is not.