Possible Cyber Attack Against South Korean Banks and TV Stations

B3ryllium writes "At least four broadcasters and two banks in South Korea are reporting massive computer accessibility issues, saying that their networks are 'paralyzed' by what looks like a cyber attack. Additional reports from Twitter suggest that hundreds of computers in the country powered off simultaneously at 2:20am, and reported "Boot device not found" errors. South Korea's military has upgraded its "Information Operation Condition (INFOCOM)" level from Level 4 to Level 3 in response to this situation."

INFOCOM LEVEL 3!

INFOCOM LEVEL 3!

When it gets to level 2 they get all the the cyber-bombers airborne (or cyber-bourne).
When it gets to level 1 they are allowed to launch the cyber-nukes. Oh noes, they may start a cyber-nuclear-apocalypse.

Re:INFOCOM LEVEL 3!

[emho24]

INFOCOM LEVEL 3

Boo, I thought this was a text adventure game that I somehow overlooked when I was younger.

Re:INFOCOM LEVEL 3!

[Hsien-Ko]

When it gets to level 0, they are more likely to have them eaten by a grue.

Re:INFOCOM LEVEL 3!

[ajlitt]

Level 1 is when they put on the Peril Sensitive Sunglasses.

Re:INFOCOM LEVEL 3!

Get me the President on the horn.

Re:INFOCOM LEVEL 3!

[Qzukk]

> get me the President on the horn.

I only understood you as far as wanting to get yourself.

Re:INFOCOM LEVEL 3!

[Looker_Device]

At level 0 Slim Pickens releases the great DDoS.

Re:INFOCOM LEVEL 3!

> > get me the President on the horn.

I only understood you as far as wanting to get yourself.

Your score is 2 out of a possible 5. (It should be 5 out of a possible 5.)

Re:INFOCOM LEVEL 3!

[WhatAreYouDoingHere]

from the summary: "Information Operation Condition (INFOCOM)"
Shouldn't that be INF O CON? There's no M in Condition.
Also, I thought INFOCOM was an old game company...

It's OK: battle.net is still up!

South Korea citizens breathed a collective sigh of relief upon learning that battle.net servers were unaffected by the outage.

Additional updates since the initial crash

[bugbeak]

According to additional reports throughout the day, malware was transmitted through patch management servers, affecting hundreds of PCs at the broadcasters and banks. The malware was designed to target the master boot records of the computers, taking them offline, and according to another article, local security experts say that this is an example of an advanced persistent threat.

Re:Additional updates since the initial crash

[c0lo]

security experts say that this is an example of an advanced persistent threat.

Are you sure is not a botched antivirus/windows update that "cures a MBR infection"?

(the advanced persistent threat may be quite a justified description if running Windows - especially if it's XP)

Re:Additional updates since the initial crash

[bugbeak]

Are you sure is not a botched antivirus/windows update that "cures a MBR infection"?

(the advanced persistent threat may be quite a justified description if running Windows - especially if it's XP)

Investigations are still ongoing, and I'm just quoting and translating local media reports as they come.

Re:Additional updates since the initial crash

[tokencode]

So let me understand, NK gains access to patch servers, can upload an infected update/patch to several hundred computers essentially letting them run arbitrary code and the best they could do was it make it so they did boot? It is either the most pathetic attempt at a government-sponsored cyber-attack to date (consistent with Fat Kim III regime's track-record) or it really was just some bad update....

Re:Additional updates since the initial crash

[Daetrin]

local security experts say that this is an example of an advanced persistent threat.

That sounds like an apt description of events.

Re:Additional updates since the initial crash

[bugbeak]

That sounds like an apt description of events.

I see what you did there... I have to admit, that took me a few seconds to process.

Re:Additional updates since the initial crash

[B3ryllium]

This is exactly why I described it as a "possible" cyber attack. Could just be a bad patch push. :)

Re:Additional updates since the initial crash

[Sloppy]

That sounds like an apt description of events.

Let's wait to see what yummy details emerge.

Re:Additional updates since the initial crash

Should we refrain from using apt-get?

Post informational era

[c0lo]

when computers and net are so ubiquitously integrated in society's life that can offer support for an attack. Too pity human nature didn't evolve past Neolithic: we continue to attack each other, even if examples show alternatives are possible

Re:Post informational era

[shentino]

Sometimes mere survival is not enough.

If you're a pig headed nation out for international supremacy, you must become better than your competition.

In the immortal words of Ray Kroc

"It is not enough that I succeed. Others must fail"

Re:Post informational era

[bill_mcgonigle]

we continue to attack each other

Most people are born into societies where violence is the controlling mechanism of regulation and such mechanisms are even venerated (loyalty pledges in schools, songs to its honor, mass media that glorifies the violence). It takes a certain level of intellectual rigor and honesty to understand this and move past it.

BTW, great link outlining the aspects of satyagraha that people need to accept to move past the old ways of primitive humans. I find that the lust for retribution is so strong in some people, even among members of religions that claim to extol forgiveness, that new mechanisms are probably required to manage a society before they will let go of it.

Backdoor or leap second

I wonder what they'll discover aboutthe cause. It could be just Zune-me-too, or a real life hardware backdoor - the thing the Americans are afraid of, and why they're bitchslapping Huawei and ZTE out of the country. It should be interesting.

"Boot device not found" sounds like the HDDs themselves have a Zune-me-too bug. My money is on Seagate Barracuda as I've had one sort of fail (it won't boot - the BIOS says it's not there, but the filesystem is fine and accessible once a LiveCD is booted instead) just the other day.

Re:Backdoor or leap second

[c0lo]

My money is on Seagate Barracuda as I've had one sort of fail (it won't boot - the BIOS says it's not there, but the filesystem is fine and accessible once a LiveCD is booted instead) just the other day.

What makes Seagate Barracuda-s spinning in SK more special than in other places in this world?

Re:Backdoor or leap second

[phil_aychio]

Coriolis effect

Welcome to World War 3

Also known as that start of generation omega.

This is a good thing.

[headhot]

Look at it this way, North Korea just blew its load and showed the world how it has compromised their networks. Now we can better defend our systems going forward, assuming businesses take away a lesson from this.

Re:This is a good thing.

[Xest]

I'm intrigued to know whether given the closed nature of North Korea and it's poor education systems whether it has the ability to perform this type of attack entirely indigenously or whether China has helped or given some kind of training on this.

I'm usually one to defend China as I think the threat of it is normally quite overblown, but I'm having a hard time believing North Korea has the talent to have done this entirely by itself.

Re:This is a good thing.

[codegen]

North Korea has detonated several Nuclear Devices recently. While in general the education system is poor, there is a privileged elite that does get good education. So while I have to wait and see, I'm not going to be terribly surprised if the trail leads to NK. But I won't be surprised if it leads to China either.

Re:This is a good thing.

How many people do you think it takes to pull something like this off? It's not like you need an army. I would think a small team of 4 could pull something like this off. I bet there's at least 4 smart guys in North Korea capable of this. They probably all went to Harvard/Standford/Berkeley and were roommates with the best and brightest this country has to offer.

Re:This is a good thing.

I'm having a hard time believing North Korea has the talent to have done this entirely by itself.

Christ you are arrogant. But keep on underestimating foreigners. . .we love it when we take your jobs.

Re:This is a good thing.

[turgid]

North Korea has detonated several Nuclear Devices recently.

North Korea has claimed to have detonated 3 nuclear devices. There is no evidence that any of the explosions were nuclear in nature. No fission products (i.e. "radiation") have been detected.

Re:This is a good thing.

North Korea has detonated several Nuclear Devices recently.

North Korea has claimed to have detonated 3 nuclear devices. There is no evidence that any of the explosions were nuclear in nature. No fission products (i.e. "radiation") have been detected.

On the contrary, fission products were detected for the first test. The low yield (under one kiloton) suggests it was a (partial) failure.

That no radionuclides have been detected for the two latter, much larger, tests may only mean that the North Koreans have learned how to properly seal their underground test sites.

Re:This is a good thing.

[bryan1945]

China has backed NK for a while now. I wouldn't be surprised if that included helping train computer specialists. They might not be backing NK now, but they could have the experience already.

Re:This is a good thing.

And I won't be surprised if it leads to U.S.A. (Another Stuxnet).

Re:This is a good thing.

[Dahamma]

Well, considering the same general thing has been accomplished by antisocial 16 year olds, it probably didn't require an army of formally trained computer scientists to pull this off...

Re:This is a good thing.

[thevikas2]

North Korea has actually built a fairly good IT skill set recently (with a help of close friend-you know who). http://investvine.com/laos-signs-software-deal-with-north-korea/ For example Korea Computer Center is getting orders from the west too besides some asian countries. Is it scary for us? or will it bring food for countrymen? or maybe both?

Re:This is a good thing.

[Xest]

I know where you're coming from, and whilst it's true that the privileged few in North Korea get sent to Western universities and so forth I have to ask if that's really enough?

Consider that most talented hackers in the world today whether from the West or from places like Russia are talented because they've grown up with the internet, they've been sat on it day in day out. That doesn't seem a realistic possibility in North Korea given that the pool of people with decent access is so utterly tiny it seems unlikely you'd also find a bunch of top-tier hackers within such a small pool of people.

So even if these guys get a few years outside the nationwide prison that is North Korea I'm not entirely convinced it's enough. This is a pretty wide scale effective hack and even many western kids and groups that have had a far better environment to learn about and practice this sort of thing couldn't do it. That's why I suspect it requires some kind of external training from a nation like China that does have the expertise and experience.

Re:This is a good thing.

[Xest]

Who are these foreigners? am I a foreigner? Which country are we making some arbitrary assumption about that I come from here? Who has taken my job? It's the first I've heard of it, certainly never heard about any North Koreans getting employment around here.

Personally I'm quite happy for "foreigners" to come and "take" jobs in my country, I've always felt if someone can come from another country, often with a poorer education system, and sometimes with less experience with the English language then beat a local candidate then they deserve the job because they've obviously got something to offer if they can beat those odds against them. I've never found it a threat personally though, because I've always kept my skills sharp.

Still, well done on jumping to conclusions, lucky you posted AC, else you'd have made yourself more publicly look like an idiot. But then, that's why you posted AC isn't it? to avoid that possibility.

Re:This is a good thing.

[Xest]

As I mentioned in my other thread though, the key difference is that those antisocial 16 year olds that normally pull this off are still quite uncommon relative to the general internet population their age, and for them to exist they have to be found from a wide pool of internet users who have had (near?) life long access to the internet. That sort of environment with a wide pool of people with widespread internet access to produce these sorts of folk naturally just doesn't exist in North Korea.

Not really

[slashmydots]

It was merely an attempt to contain Gangnam Style.

Re:Not really

[davidbrit2]

Don't worry, Harlem Shake (whatever that is) appears to have taken care of that problem.

Re:Not really

[bryan1945]

Oh no, you 2 just gave someone the idea for the Gangnam Shake: Harlem Style!

job done!

[auric_dude]

Send in Team America backed up by https://en.wikipedia.org/wiki/Cyberwarfare_in_the_United_States

Re:job done!

http://www.youtube.com/watch?v=IhnUgAaea4M

prelude to what the west can expect from china

[WindBourne]

Nk gets its help from its partner; China. I would not be surprised to find that the bios/eeprom was shipped with back doors.

Re:prelude to what the west can expect from china

[c0lo]

I wouldn't be surprised to hear about a really bad windows update for the Korean edition either (MS has more backdoors on computers running Windows than China would ever hope to have. But... yeah... being scared of China is more enticing, I reckon).

Re:prelude to what the west can expect from china

[History's+Coming+To]

If this was company X (Windows) and company Y (Linux) we'd be laughing at X and saying they should be following company Y's example.

Re:prelude to what the west can expect from china

[WindBourne]

Look, c0lo, I understand that you want peace. I saw ppl like you in the 60's. The problem is that the Chinese gov is purposely on a collision course with the west. It should be obvious to anybody that china promises a lot, but breaks there word constantly. Even when pressed about it, they continue it.

From where I am sitting, this is a redux of USSR/the west, only we are at 1947, with USSR making lots of promises while pushing massive spying operations on their friends.

Re:prelude to what the west can expect from china

[c0lo]

From where I am sitting, this is a redux of USSR/the west, only we are at 1947, with USSR making lots of promises while pushing massive spying operations on their friends.

And, indeed, heaps of good resulted from the clash during '60-ies (with the NK being a very result of it).

Well, at least the music is still nice and somehow relevant ("Watch out where those huskies go" springs into mind), even if a pity I can't see a revival of the flower-power movement with the nowadays generation (e.g. I guess "Hair" lyrics would cause too much of outrage today, even be borderline to crime)

Re:prelude to what the west can expect from china

[WindBourne]

Well, First off, NK happened in 1945, in which the 38th parallel was used to split the country in 2 while things were sorted out. The northern half was under Soviet control and the southern half was under US control. Both nations promised to allow them free elections and when it came time, the Soviets renegged on that treaty and installed their own person. So, no, NK was NOT a cold war product, though NK's invasion of SK WAS a product of that. It was encouraged by USSR and Communist China (even though we had saved them from Japan as well).

But, I certainly understand why you would want South Korea to have been turned over to NK. I mean SK treats their citizens HORRIBLE. After all they are spending all of their money on building nukes and allowing their citizens to starve to death. Yes, SK is just plain evil and should be turned over to being under NK control.
After all, that is the way that you see things. Right? That it is better for us to force SK citizens to live under NK rules, then to allow them to decide how they want to live. Right? That would be peaceful from your POV.

BTW, as I said earlier, this is a prelude to what we can expect from China. The reason is that like the USSR in the late 40's, China constantly breaks their treaties and lies about it.

Re:prelude to what the west can expect from china

[c0lo]

I showed possible and (in my opinion) probable explanations on why the SK computers may have stopped working (and I even admit I might be wrong). From my perspective, would be enough to at least cast a doubt on the assumption it was an act of "aggression".

I'm seeing you in sticking to your position of attempting to infer an intentional attack and decline any possibility it may have just an act of incompetence.

The malware, detected proactively by Sophos products as Mal/EncPk-ACE, has been dubbed "DarkSeoul" by experts analysing its code at SophosLabs.

What's curious is that the malware is not particularly sophisticated. Sophos products have been able to detect the malware for nearly a year, and the various commands embedded in the malicious code have not been obfuscated.

For this reason, it's hard to jump to the immediate conclusion that this was necessarily evidence of a "cyberwarfare" attack coming from North Korea.

Backing up the evidence that the attack was targeted against South Korean computers, Sophos experts have determined that "DarkSeoul" attempts to disable two popular anti-virus products developed in the country: AhnLab and Hauri AV.

I'm also seeing you in putting words into my mouth and constructing a straw man for you to have something to demolish
But... all the above makes me curious: did you acquire a taste for yellow snow or do they feed you well to make the snow yellow?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Oh Apple

[TheSkepticalOptimist]

Leave Samsung alone.

Re:Oh Apple

[LeadSongDog]

If Google had kept Android under the GPL, Apple wouldn't need to crack in to Samsung just to get the source...

Dependent on Old IE

South Korea is one of the last strongholds of IE6. Why? They standardized (and legally mandated) support for an encryption protocol only supported within an ActiveX control. They made it impossible for banks and other large institutions to ever upgrade.

First think of all the security holes available for IE6. Then think of all the security holes available for ActiveX. Now stand in awe that this hasn't happened sooner.

But it was a "Zony Baio" semi-brand name...

[kimgkimg]

That's why you don't buy the computers wrapped in saran wrap at the Yongsan electronics mall...

Re:But it was a "Zony Baio" semi-brand name...

No fair, that's how everyone in Korea says "Sony Vaio"!

Re:But it was a "Zony Baio" semi-brand name...

Where does "Zony" come from?? They do not pronounce as "Zony Baio" but "Sony Baio".
"Zony" would be pronounced as "" but They pronounce Sony as "" (while it is usually written as "" in Korean) which is no different from English speakers pronounce. And "B" and "V" are linguistically same anyway. In Korean there is no pronunciation like "TH", "V" or "F" which like linguistically identical to "T", "B", and "P" respectively.

Re:But it was a "Zony Baio" semi-brand name...

Darn! Slashdot filtered out Korean alphabets in my last comment! :(

Re:But it was a "Zony Baio" semi-brand name...

[kimgkimg]

No, has nothing to do with pronunciation. You'd actually see knockoff computers with these types of labels on their products and on the boxes. Always made me laugh to see what creative ways they'd come up with to alter the original brands. Zony, Tony, Panasoanic, etc.

update ?

[Spaham]

So, they updated to windows 8 finally ?

Whodunnit?

[jadv]

The North Korean government, of course! Remember, the late "beloved leader" was an Internet expert!

South Korea Announced

[nauseous]

I bet the machines that were hacked were windoz$ machines. There is no doubt in my mind.

Outage

Fortunately Blizzard's battle.net was unaffected, so citizens did not resort to mass panic.

Quick!

Widespread network problems in S. Korea? Now is our chance to run home and improve our Starcraft ladder rankings!

Mister, you're grounded!

[kheldan]

Time to take away Kim Jong Un's Xbox (or does he have a PS3?) until he learns to play nice with the neighbor kids?

BBC News Article with followup

[billstewart]

BBC article says it's malware, not DDOS as originally speculated.

Even so, there was chaos, anarchy, dogs and cats living together, people having to pay cash at Starbucks...

All politics is local

[billstewart]

Some nations are out for international supremacy. But some just have crazy people in charge who need to keep the level of crazy pumped up as a way of keeping their subjects in line. Fortunately, it's only exceptionally crazy countries like Best Korea that have that problem, and it would never happen here in the US.

Re:It's OK: battle.net is still up!

[DigiShaman]

It's ok though. The South Korean's are prepared for a Zerg rush from North Korea.

Re:Source traced

[DigiShaman]

Hey now! Now need to be casting Stones.

Re:You shall not censor me!

I got to "you" and then u went off using strange mincraft jargon all over the place. resend plx

It is pitch black.

[DarthVain]

You are likely to be eaten by a grue.

I read the article: And call manipulating bullshit

1st up, They Suspect - But have absolutly no proof this was an "Attack". Infact they have clues it was not an attack.

ie. LG Uplus Corp., which provides network services for the companies that suffered outages, saw no signs of a cyberattack on its networks, company spokesman Lee Jung-hwan said. ...
The South Korean military raised its cyberattack readiness level but saw no signs of cyberattacks on its networks, the Defense Ministry said.

THEN the article CONTINUES to discuss North Korean reasons FOR the attack.
With U.S officials feeding them bullshit to make them think NK (And possibly by extension China) are the boogey men in this case.

I call BULLSHIT

This is just more propeganda FROM U.S.A.
(The county that LIVES off the missery of WAR).

Re:It's OK: battle.net is still up!

[Dahamma]

Kim Jong Un probably plays Starcraft, too.

Varanoid has a preliminary analysis of the virus

[Diamonddavej]

Varanoid.com has just posted an initial analysis of the malware, how it wipes the MBR, forces two popular South Korean anti-virus software programs to shut down and and scans the network for vulnerable systems. It also attempts to wipe the MBR on the Unix systems Linux, HP-UX, and SunOS. It overwrites the MBR with one of these three strings...

        PRINCPES
        PR!NCPES
        HASTATI.

From wiki: "Hastati (singular: Hastatus) were a class of infantry in the armies of the early Roman Republic who originally fought as spearmen, and later as swordsmen."

Varanoid preliminary analysis

Re:Varanoid has a preliminary analysis of the viru

[mellyra]

From wiki: "Hastati (singular: Hastatus) were a class of infantry in the armies of the early Roman Republic who originally fought as spearmen, and later as swordsmen."

PRINCPES seems to be a misspelling of principes which were the early republic's heavy infantry.