advertisement
advertisement
advertisement

South Korea’s Power Structure Hacked, Digital Trail Leads to China

South Korean intelligence claims China-based hackers stole confidential material from the country’s diplomatic and security services throughout 2010. If a new report is correct, hackers inside the People’s Republic of China gained access to personal computers and PDAs belonging to much of South Korea’s power structure.

advertisement
advertisement

South Korea’s primary intelligence
agency is claiming that China-based hackers stole confidential
material from the country’s diplomatic and security services
throughout the past year. If the new report by the National
Intelligence Service
is correct, hackers inside
the People’s Republic of China gained access–via malware–to
personal computers and PDAs belonging to much of South Korea’s power
structure.

The booty? Sweet, sweet defense
documents.

It also appears South Korea was
well-aware that bureaucrats and government officials were falling for
Chinese malware. According to Kang
Min-Seok and Lee Ka-Young of the the right-wing
JoongAng
Ilbo
newspaper –who publish an
English edition in conjunction with the
International
Herald Tribune
numerous
government memos

were sent out in 2010 urging caution against potential malware
hackers.

Emails
were sent from legitimate-looking addresses at two popular
South Korean portals,
Naver
and
Daum.
The accounts feigned legitimacy by
using the names of actual mid-level and high-level Korean bureaucrats
at both the Ministry of Foreign Affairs and Trade and the
Korean
Blue House
.

Whoever
the hackers were, they seemed to have been targeting bureaucrats
involved in South Korea’s relations with the North. The three subject
headings used for the malware emails were “2010 Korean Peninsula
affairs outlook,” “Itinerary of Kim Jong-Il’s trip to China”
and “Briefing on Pritchard’s North Korea visit.” “Pritchard”
appears to be
Charles
“Jack” Pritchard
,
former director of Asian affairs for the Clinton administration and
the Bush administration’s
North
Korean envoy
.
Pritchard’s last publicly announced visit to North Korea
was
in November 2009
.

Once users opened
the emails, they found legitimate-appearing document attachments that
were actualy executable files. Upon being opened, they installed
malware that copied documents from the user’s computer or PDA to an
undisclosed address. According to one of the National Intelligence
Service warnings, “when the attached documents are opened, hacking
programs will infect the computer and all the stored data will be
stolen.”

advertisement

As in so many
cases, a cleverly-hidden executable file turned out to be hacker
gold.

South Korean
investigators obtained the IP addresses used to access the Naver and
Daum email addresses used in the scam. The IP addresses in question
all originated in the People’s Republic of China.

Although
the exact scale of the Chinese hacker attack is unknown, it appears
that they did lift some interesting documents from their Korean
targets. Song Young-Sun, a parliamentarian belonging to the minority
Future Hope Alliance, claims that Defense Ministry reports indicate
“1763 confidential pieces of information” were “stolen by
hackers.” Another parliamentarian, Lee Jung-Hyun, claims that the
Chinese hackers included an analysis of a
Samsung
SDS

report on computer work for the Korean government and, strangely
enough, “a Defense Ministry study of the Chinese hackers and their
malware virus.”

In an
interview with
JoongAng Ilbo,
Lee claims that he personally obtained the two reports mentioned
above from the Chinese hackers. Lee refused to disclose what he meant
by that. But he was happy to disclose his talking points: “I am
dumbfounded that these reports were leaked to China, floated around
on the Internet and maybe went to North Korea,” Lee said […] It
shows how vulnerable the government’s security systems were.”

South
Korea has had troubled relations with Chinese and North Korean
hackers of both the unofficial and government-sanctioned varieties. A
massive
cyberattack

on South Korean and American government domains in July 2009 stole
reams of data and paralyzed high-level government websites. The South
Korean government alleges that a
secret
North Korean military “hacker corps”

called Unit 110 was behind that attack. Following the July 2009
incident, the South Korean government instituted a
strict
anti-hacking protocol
.
Chinese hackers
are
suspected of launching cyberattacks

on South Korea in the past, including
attacks
on the Korean diplomatic apparatus
.

The take-home
lesson from all of this? Government agencies around the world:
Please, for the love of God, make sure your employees know the
difference between a Word document and an executable file. It’ll save
you a lot of trouble.

advertisement

 

advertisement
advertisement