Level Nine Sports, where families ski and ride...
The Kernel

 advertise with indeep media

UPDATE! Chinese Military Hack Attacks Might Originate in NORTH KOREAN

Posted: March 21st, 2013 | Author: | Filed under: Hack!, UPDATED! | Tags: , , , , , , , , , | Comments Off on UPDATE! Chinese Military Hack Attacks Might Originate in NORTH KOREAN

CHINA HACKSLast month we reported that security experts from Mandiant believed a Chinese military unit was responsible for multiple hack attacks on US companies. Mandiant released a report that identified ‘Unit 61398’ as the most likely source of attacks on at least US 141 organisations, “across a diverse set of industries beginning as early as 2006”.

“The nature of ‘Unit 61398’s’ work is considered by China to be a state secret; however, we believe it engages in harmful ‘Computer Network Operations’,” Mandiant said in the report. “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively.”

The Mandiant report said that Unit 61398 is located in Shanghai’s Pudong district, China’s financial and banking hub, and staffed by perhaps thousands of people proficient in English as well as computer programming and network operations.

There are now suspicions that the facility might be shared with North Korean backed hackers? An unnamed source from South Korea’s presidential office was quoted by the Yonhap news agency as saying the discovery of the IP address indicated Pyongyang was responsible for the attack on Wednesday. A previous attack on a South Korean newspaper that the government in Seoul traced back to North Korea also used a Chinese IP address ::::

North and South Korean Hack Attacks

“We’ve identified that a Chinese IP is connected to the organisations affected,” a spokesman for South Korea’s Communications Commission told a press conference.

The attack brought down the network servers of television broadcasters YTN, MBC and KBS as well as two major commercial banks, Shinhan Bank and NongHyup Bank. South Korea raised its alert levels in response.

Investigations of past hacking incidents on South Korean organisations have been traced to Pyongyang’s large army of computer engineers trained to infiltrate the South’s computer networks.

“There can be many inferences based on the fact that the IP address is based in China,” Korean Communications Commission’s – KCC -head of network policy, Park Jae-moon said. “We’ve left open all possibilities and are trying to identify the hackers.”

It took the banks hours to restore operations. Damage to the servers of the TV networks was believed to be more severe, although broadcasts were not affected. About 32,000 computers at the six organisations were affected, according to the South’s state-run Korea Internet Security Agency, adding it would take up to five days to fully restore their functions.

North Korea has in the past targeted South Korea’s conservative newspapers, banks and government institutions. The biggest hacking effort attributed to Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel Corp, dubbed Ten Days of Rain.

It said that attack was a bid to probe the South’s computer defences in the event of a real conflict. North Korea last week said it had been a victim of cyber attacks, blaming the United States, and threatened retaliation.

UPDATE! According to the Korea Internet Security Agency, television stations KBS, MBC, YTN and two large banks have been “partially or entirely crippled” by the attacks. There is still speculation the hacking has come from across the border in North Korea, however officials in Seoul have not blamed Pyongyang directly.

This latest attack comes just days after North Korea accused SouthKorea and the United States of a hack attack that took some of its sites offline for 48 hours.

The network provided by LG UPlus Corp showed a page that said it had been hacked by a group calling itself the Whois Team. It featured three skulls and a warning that this was the beginning of “our movement”.

“We sent down teams to all affected sites. We are now assessing the situation,” a police official said. “This incident is pretty massive and will take a few days to collect evidence.”

South Korea’s military said it was not affected but raised its state of readiness in response. None of South Korea’s oil refineries, power stations, ports or airports were affected.

North Korea has in the past staged hack attacks on the world’s most plugged in nation, targeting conservative newspapers, banks and government institutions. The largest attack by Pyongyang was a 10-day denial of service attack in 2011 that antivirus guru’s McAfee dubbed 10 Days of Rain and which it said was a bid to probe the South’s computer defences in the event of a real conflict.

SOUTH KOREA NOT HACKEDUPDATE! Initially KCC suspected a hack-attack. However,  experts have concluded it was not a denial-of-service attack, the official said it was believed a “malicious” code was to blame for the system failure. He said investigators were trying to identify and analyse the virus.

Staff at the three affected broadcasters said their computers crashed and could not be restarted, with screens simply displaying an error message, although they have continued to make television broadcasts, our correspondent said.

There were also reports of skulls popping up on some computer screens, which could indicate that hackers had installed malicious code in the networks, the Korean Internet Security Agency said.

Some services at Shinhan bank, including internet banking and ATM machines, were also affected, although operations now appear to have been restored.

An official from the presidential office told Yonhap news agency it was not yet known whether North Korea was involved.

“We do not rule out the possibility of North Korea being involved, but it’s premature to say so,” Defence Ministry spokesman Kim Min-seok said.

Hackers can cover their tracks by launching their attacks indirectly, by hijacking other people’s computer systems, says the BBC’s technology correspondent Mark Gregory. Tracing an attack to its original source can be complex in the extreme, he added.

UPDATE! 23 March 2013: South Korean officials have don a complete turnaround,  saying they incorrectly linked a Chinese IP address to a cyber-attack earlier this week.

Earlier, the Korean Communications Commission – KCC – stated it had traced the hack-attack to an IP address in China, although the identity of those behind the attack could not be confirmed.

However the KCC said after further investigation they believe the malware came from a local computer in one of the affected banks, though they still believe the attack was orchestrated from beyond it’s northern border.

Hackers can route their attacks through addresses in other countries to obscure their identities, and intelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks.

North Korea has been blamed for previous cyber-attacks on the South in 2009 and 2011. South Korean officials initially linked the cyber-attack to an IP address in China, but on Friday said they had made a mistake.

Further investigation showed the IP address was in the internal server of Nonghyup bank, one of the victims of Wednesday’s attack. Its IP address “coincidentally matched” a Chinese IP address, the KCC said. “Malicious code seemed to be spread from the server [of Nonghyup Bank] and there were records of [it] being approached by someone at that time,” Lee Jae-il, vice-president of Korea’s Internet Security Agency (Kisa), told reporters. “We’re still tracking some dubious IP addresses which are suspected of being based abroad,” he said, adding that they were “keeping all kinds of possibilities open”.

North Korea Claims US/South Korean Hack AtttackRELATED! North Korea Claims US and South Hack-attack: North Korea has accused the US and its allies of attacks on its internet servers, amid tension on the peninsula. KCNA news agency said the “intensive and persistent” attacks coincided with US-South Korea military drills. Official sites such as KCNA, Air Koryo and Rodong Sinmun, the party newspaper, are reported to have been inaccessible on some occasions in recent days.

Tension has escalated in the wake of North Korea’s third nuclear test last month. The test led to fresh UN sanctions being imposed on Pyongyang, which has responded with strong rhetoric – both to the UN move and the annual joint drills, which it bitterly opposes.

It says it has scrapped the Korean War armistice and ended non-aggression pacts with Seoul. It has also cut off a hotline that connects the two countries.

The two Koreas remain technically at war because the 1950-53 conflict ended in an armistice, not a treaty. South Korea says North Korea cannot unilaterally dissolve the armistice and has called on Pyongyang to tone down its language. North Korea called the cyber attack a “cowardly and despicable act” :: Read the Full BBC article »»»»

source: reuters

source: bbc

image source:  virtualthreat

Comments are closed.