South Korea Braces For Fresh DDoS Attacks

A photograph of South Korean troops

South Korean authorities have warned of the likelihood of North Korean cyber-attacks in the wake of Kim Jong-il’s death.

Hours after news broke about the death of North Korean leader Kim Jong-il, South Korea’s telecommunications regulator warned of potential cyber-attacks.

Korea Communications Commission raised the cyber-alert to the third highest level, Yonhap News Agency, South Korea’s largest news agency, reported on 19 December.

Monitoring

KCC is stepping up monitoring of websites belonging to major government agencies, media companies and web portals for any surges in web traffic to head off potential distributed denial-of-service attacks, the commission said in a statement.

The commission also warned about hacking incidents and “other assaults via the Internet”, such as emails sent by unidentified users about Kim’s death, Yonhap News Agency reported.

While the commission didn’t elaborate on the nature of the emails, cyber-attackers have in the past exploited news events by embedding malicious links or attaching malware to emails and promising additional information or exclusive content.

South Korea is considered one the world’s most technically aware societies and is often referred to as the world’s “most wired country” because more than 95 percent of South Korean households have permanent access to the Internet. The country has experienced several massive DDoS attacks and other Internet-based incidents against government websites and private companies this year.

The attack on the National Agricultural Cooperative Federation (Nonghyup)’s computer networks that left online financial transactions and credit card services crippled for more than a week in April was allegedly launched by North Korea, South Korean authorities claimed. North Korea denied the accusations.

North Korea may have been behind a series of attacks in March on South Korean government and US military websites, according to a McAfee report in July. While the tools used, distributed denial of service, malware that uses encryption and a multi-tier botnet infrastructure, were not unusual, the way they were used in these attacks make it seem like the perpetrators were testing cyber-weapons and observing South Korea’s ability to respond to attack, McAfee researchers said at the time.

The North Korean government denied being involved.

Crime

South Korean law enforcement also busted a crime ring in August that allegedly recruited graduates of elite North Korean universities to break into online gaming companies and steal user data, which was then sold on gaming black markets, Reuters reported at the time.

Not all attacks originated from North Korea, as security experts blamed other high-profile incidents on Chinese hackers. The July breach of South Korean social networking portals Nate and Cyworld that compromised information of about 35 million users was the work of Chinese hackers, according to the KCC. Names, email addresses, phone numbers and resident registration numbers were compromised in the breach.

Google also reported earlier in the year that government officials in South Korea had also been targeted in a phishing scam in which attackers attempted to dupe high-profile victims into providing their Gmail account passwords in order to read and intercept email messages.

The South Korean government was also among the list of victims of Operation Shady RAT, a widespread cyber-attack that may have compromised more than 72 organisations around the world, McAfee reported in August.