Slashdot Mirror

← Back to Stories (view on slashdot.org)

Possible Cyber Attack Against South Korean Banks and TV Stations

Posted by Unknown on from the acne-ridden-child-soldiers dept.

B3ryllium writes "At least four broadcasters and two banks in South Korea are reporting massive computer accessibility issues, saying that their networks are 'paralyzed' by what looks like a cyber attack. Additional reports from Twitter suggest that hundreds of computers in the country powered off simultaneously at 2:20am, and reported "Boot device not found" errors. South Korea's military has upgraded its "Information Operation Condition (INFOCOM)" level from Level 4 to Level 3 in response to this situation."

56 of 80 comments (clear)

  1. It's OK: battle.net is still up! by Anonymous Coward · · Score: 4, Funny

    South Korea citizens breathed a collective sigh of relief upon learning that battle.net servers were unaffected by the outage.

  2. Additional updates since the initial crash by bugbeak · · Score: 5, Informative

    According to additional reports throughout the day, malware was transmitted through patch management servers, affecting hundreds of PCs at the broadcasters and banks. The malware was designed to target the master boot records of the computers, taking them offline, and according to another article, local security experts say that this is an example of an advanced persistent threat.

    1. Re:Additional updates since the initial crash by c0lo · · Score: 1

      security experts say that this is an example of an advanced persistent threat.

      Are you sure is not a botched antivirus/windows update that "cures a MBR infection"?

      (the advanced persistent threat may be quite a justified description if running Windows - especially if it's XP)

      --
      Questions raise, answers kill. Raise questions to stay alive.
    2. Re:Additional updates since the initial crash by bugbeak · · Score: 1

      Are you sure is not a botched antivirus/windows update that "cures a MBR infection"?

      (the advanced persistent threat may be quite a justified description if running Windows - especially if it's XP)

      Investigations are still ongoing, and I'm just quoting and translating local media reports as they come.

    3. Re:Additional updates since the initial crash by tokencode · · Score: 2

      So let me understand, NK gains access to patch servers, can upload an infected update/patch to several hundred computers essentially letting them run arbitrary code and the best they could do was it make it so they did boot? It is either the most pathetic attempt at a government-sponsored cyber-attack to date (consistent with Fat Kim III regime's track-record) or it really was just some bad update....

    4. Re:Additional updates since the initial crash by Daetrin · · Score: 4, Funny

      local security experts say that this is an example of an advanced persistent threat.

      That sounds like an apt description of events.

      --
      This Space Intentionally Left Blank
    5. Re:Additional updates since the initial crash by bugbeak · · Score: 1

      That sounds like an apt description of events.

      I see what you did there... I have to admit, that took me a few seconds to process.

    6. Re:Additional updates since the initial crash by B3ryllium · · Score: 1

      This is exactly why I described it as a "possible" cyber attack. Could just be a bad patch push. :)

    7. Re:Additional updates since the initial crash by Sloppy · · Score: 2

      That sounds like an apt description of events.

      Let's wait to see what yummy details emerge.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  3. Post informational era by c0lo · · Score: 1

    when computers and net are so ubiquitously integrated in society's life that can offer support for an attack. Too pity human nature didn't evolve past Neolithic: we continue to attack each other, even if examples show alternatives are possible

    --
    Questions raise, answers kill. Raise questions to stay alive.
    1. Re:Post informational era by shentino · · Score: 1

      Sometimes mere survival is not enough.

      If you're a pig headed nation out for international supremacy, you must become better than your competition.

      In the immortal words of Ray Kroc

      "It is not enough that I succeed. Others must fail"

    2. Re:Post informational era by bill_mcgonigle · · Score: 1

      we continue to attack each other

      Most people are born into societies where violence is the controlling mechanism of regulation and such mechanisms are even venerated (loyalty pledges in schools, songs to its honor, mass media that glorifies the violence). It takes a certain level of intellectual rigor and honesty to understand this and move past it.

      BTW, great link outlining the aspects of satyagraha that people need to accept to move past the old ways of primitive humans. I find that the lust for retribution is so strong in some people, even among members of religions that claim to extol forgiveness, that new mechanisms are probably required to manage a society before they will let go of it.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  4. Re:INFOCOM LEVEL 3! by emho24 · · Score: 2

    INFOCOM LEVEL 3

    Boo, I thought this was a text adventure game that I somehow overlooked when I was younger.

    --
    You must gather your party before venturing forth.
  5. Re:INFOCOM LEVEL 3! by Hsien-Ko · · Score: 1

    When it gets to level 0, they are more likely to have them eaten by a grue.

  6. Re:INFOCOM LEVEL 3! by ajlitt · · Score: 1

    Level 1 is when they put on the Peril Sensitive Sunglasses.

  7. This is a good thing. by headhot · · Score: 1

    Look at it this way, North Korea just blew its load and showed the world how it has compromised their networks. Now we can better defend our systems going forward, assuming businesses take away a lesson from this.

    1. Re:This is a good thing. by Xest · · Score: 3, Interesting

      I'm intrigued to know whether given the closed nature of North Korea and it's poor education systems whether it has the ability to perform this type of attack entirely indigenously or whether China has helped or given some kind of training on this.

      I'm usually one to defend China as I think the threat of it is normally quite overblown, but I'm having a hard time believing North Korea has the talent to have done this entirely by itself.

    2. Re:This is a good thing. by codegen · · Score: 2

      North Korea has detonated several Nuclear Devices recently. While in general the education system is poor, there is a privileged elite that does get good education. So while I have to wait and see, I'm not going to be terribly surprised if the trail leads to NK. But I won't be surprised if it leads to China either.

      --
      Atlas stands on the earth and carries the celestial sphere on his shoulders.
    3. Re:This is a good thing. by turgid · · Score: 1

      North Korea has detonated several Nuclear Devices recently.

      North Korea has claimed to have detonated 3 nuclear devices. There is no evidence that any of the explosions were nuclear in nature. No fission products (i.e. "radiation") have been detected.

      --
      Stick Men
    4. Re:This is a good thing. by bryan1945 · · Score: 1

      China has backed NK for a while now. I wouldn't be surprised if that included helping train computer specialists. They might not be backing NK now, but they could have the experience already.

      --
      Vote monkeys into Congress. They are cheaper and more trustworthy.
    5. Re:This is a good thing. by Dahamma · · Score: 1

      Well, considering the same general thing has been accomplished by antisocial 16 year olds, it probably didn't require an army of formally trained computer scientists to pull this off...

    6. Re:This is a good thing. by thevikas2 · · Score: 1

      North Korea has actually built a fairly good IT skill set recently (with a help of close friend-you know who). http://investvine.com/laos-signs-software-deal-with-north-korea/ For example Korea Computer Center is getting orders from the west too besides some asian countries. Is it scary for us? or will it bring food for countrymen? or maybe both?

    7. Re:This is a good thing. by Xest · · Score: 1

      I know where you're coming from, and whilst it's true that the privileged few in North Korea get sent to Western universities and so forth I have to ask if that's really enough?

      Consider that most talented hackers in the world today whether from the West or from places like Russia are talented because they've grown up with the internet, they've been sat on it day in day out. That doesn't seem a realistic possibility in North Korea given that the pool of people with decent access is so utterly tiny it seems unlikely you'd also find a bunch of top-tier hackers within such a small pool of people.

      So even if these guys get a few years outside the nationwide prison that is North Korea I'm not entirely convinced it's enough. This is a pretty wide scale effective hack and even many western kids and groups that have had a far better environment to learn about and practice this sort of thing couldn't do it. That's why I suspect it requires some kind of external training from a nation like China that does have the expertise and experience.

    8. Re:This is a good thing. by Xest · · Score: 1

      Who are these foreigners? am I a foreigner? Which country are we making some arbitrary assumption about that I come from here? Who has taken my job? It's the first I've heard of it, certainly never heard about any North Koreans getting employment around here.

      Personally I'm quite happy for "foreigners" to come and "take" jobs in my country, I've always felt if someone can come from another country, often with a poorer education system, and sometimes with less experience with the English language then beat a local candidate then they deserve the job because they've obviously got something to offer if they can beat those odds against them. I've never found it a threat personally though, because I've always kept my skills sharp.

      Still, well done on jumping to conclusions, lucky you posted AC, else you'd have made yourself more publicly look like an idiot. But then, that's why you posted AC isn't it? to avoid that possibility.

    9. Re:This is a good thing. by Xest · · Score: 1

      As I mentioned in my other thread though, the key difference is that those antisocial 16 year olds that normally pull this off are still quite uncommon relative to the general internet population their age, and for them to exist they have to be found from a wide pool of internet users who have had (near?) life long access to the internet. That sort of environment with a wide pool of people with widespread internet access to produce these sorts of folk naturally just doesn't exist in North Korea.

  8. Not really by slashmydots · · Score: 3, Funny

    It was merely an attempt to contain Gangnam Style.

    1. Re:Not really by davidbrit2 · · Score: 2

      Don't worry, Harlem Shake (whatever that is) appears to have taken care of that problem.

    2. Re:Not really by bryan1945 · · Score: 1

      Oh no, you 2 just gave someone the idea for the Gangnam Shake: Harlem Style!

      --
      Vote monkeys into Congress. They are cheaper and more trustworthy.
  9. job done! by auric_dude · · Score: 1

    Send in Team America backed up by https://en.wikipedia.org/wiki/Cyberwarfare_in_the_United_States

  10. prelude to what the west can expect from china by WindBourne · · Score: 3, Insightful

    Nk gets its help from its partner; China. I would not be surprised to find that the bios/eeprom was shipped with back doors.

    --
    I prefer the "u" in honour as it seems to be missing these days.
    1. Re:prelude to what the west can expect from china by c0lo · · Score: 1

      I wouldn't be surprised to hear about a really bad windows update for the Korean edition either (MS has more backdoors on computers running Windows than China would ever hope to have. But... yeah... being scared of China is more enticing, I reckon).

      --
      Questions raise, answers kill. Raise questions to stay alive.
    2. Re:prelude to what the west can expect from china by History's+Coming+To · · Score: 1

      If this was company X (Windows) and company Y (Linux) we'd be laughing at X and saying they should be following company Y's example.

      --
      Please consider this account deleted, I just can't be bothered with the spam anymore.
    3. Re:prelude to what the west can expect from china by WindBourne · · Score: 1

      Look, c0lo, I understand that you want peace. I saw ppl like you in the 60's. The problem is that the Chinese gov is purposely on a collision course with the west. It should be obvious to anybody that china promises a lot, but breaks there word constantly. Even when pressed about it, they continue it.

      From where I am sitting, this is a redux of USSR/the west, only we are at 1947, with USSR making lots of promises while pushing massive spying operations on their friends.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    4. Re:prelude to what the west can expect from china by c0lo · · Score: 1

      From where I am sitting, this is a redux of USSR/the west, only we are at 1947, with USSR making lots of promises while pushing massive spying operations on their friends.

      And, indeed, heaps of good resulted from the clash during '60-ies (with the NK being a very result of it).

      Well, at least the music is still nice and somehow relevant ("Watch out where those huskies go" springs into mind), even if a pity I can't see a revival of the flower-power movement with the nowadays generation (e.g. I guess "Hair" lyrics would cause too much of outrage today, even be borderline to crime)

      --
      Questions raise, answers kill. Raise questions to stay alive.
    5. Re:prelude to what the west can expect from china by WindBourne · · Score: 1

      Well, First off, NK happened in 1945, in which the 38th parallel was used to split the country in 2 while things were sorted out. The northern half was under Soviet control and the southern half was under US control. Both nations promised to allow them free elections and when it came time, the Soviets renegged on that treaty and installed their own person. So, no, NK was NOT a cold war product, though NK's invasion of SK WAS a product of that. It was encouraged by USSR and Communist China (even though we had saved them from Japan as well).

      But, I certainly understand why you would want South Korea to have been turned over to NK. I mean SK treats their citizens HORRIBLE. After all they are spending all of their money on building nukes and allowing their citizens to starve to death. Yes, SK is just plain evil and should be turned over to being under NK control.
      After all, that is the way that you see things. Right? That it is better for us to force SK citizens to live under NK rules, then to allow them to decide how they want to live. Right? That would be peaceful from your POV.

      BTW, as I said earlier, this is a prelude to what we can expect from China. The reason is that like the USSR in the late 40's, China constantly breaks their treaties and lies about it.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    6. Re:prelude to what the west can expect from china by c0lo · · Score: 1

      I showed possible and (in my opinion) probable explanations on why the SK computers may have stopped working (and I even admit I might be wrong). From my perspective, would be enough to at least cast a doubt on the assumption it was an act of "aggression".

      I'm seeing you in sticking to your position of attempting to infer an intentional attack and decline any possibility it may have just an act of incompetence.

      The malware, detected proactively by Sophos products as Mal/EncPk-ACE, has been dubbed "DarkSeoul" by experts analysing its code at SophosLabs.

      What's curious is that the malware is not particularly sophisticated. Sophos products have been able to detect the malware for nearly a year, and the various commands embedded in the malicious code have not been obfuscated.

      For this reason, it's hard to jump to the immediate conclusion that this was necessarily evidence of a "cyberwarfare" attack coming from North Korea.

      Backing up the evidence that the attack was targeted against South Korean computers, Sophos experts have determined that "DarkSeoul" attempts to disable two popular anti-virus products developed in the country: AhnLab and Hauri AV.

      I'm also seeing you in putting words into my mouth and constructing a straw man for you to have something to demolish
      But... all the above makes me curious: did you acquire a taste for yellow snow or do they feed you well to make the snow yellow?

      --
      Questions raise, answers kill. Raise questions to stay alive.
  11. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  12. Re:Backdoor or leap second by c0lo · · Score: 1

    My money is on Seagate Barracuda as I've had one sort of fail (it won't boot - the BIOS says it's not there, but the filesystem is fine and accessible once a LiveCD is booted instead) just the other day.

    What makes Seagate Barracuda-s spinning in SK more special than in other places in this world?

    --
    Questions raise, answers kill. Raise questions to stay alive.
  13. Oh Apple by TheSkepticalOptimist · · Score: 1

    Leave Samsung alone.

    --
    I haven't thought of anything clever to put here, but then again most of you haven't either.
    1. Re:Oh Apple by LeadSongDog · · Score: 1

      If Google had kept Android under the GPL, Apple wouldn't need to crack in to Samsung just to get the source...

      --
      Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
  14. Re:INFOCOM LEVEL 3! by Qzukk · · Score: 1

    > get me the President on the horn.

    I only understood you as far as wanting to get yourself.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  15. Re:INFOCOM LEVEL 3! by Looker_Device · · Score: 2

    At level 0 Slim Pickens releases the great DDoS.

    --
    Your political party doesn't care about your rights and only represents corporate interests.
  16. Dependent on Old IE by Anonymous Coward · · Score: 1

    South Korea is one of the last strongholds of IE6. Why? They standardized (and legally mandated) support for an encryption protocol only supported within an ActiveX control. They made it impossible for banks and other large institutions to ever upgrade.

    First think of all the security holes available for IE6. Then think of all the security holes available for ActiveX. Now stand in awe that this hasn't happened sooner.

  17. But it was a "Zony Baio" semi-brand name... by kimgkimg · · Score: 1

    That's why you don't buy the computers wrapped in saran wrap at the Yongsan electronics mall...

    1. Re:But it was a "Zony Baio" semi-brand name... by kimgkimg · · Score: 1

      No, has nothing to do with pronunciation. You'd actually see knockoff computers with these types of labels on their products and on the boxes. Always made me laugh to see what creative ways they'd come up with to alter the original brands. Zony, Tony, Panasoanic, etc.

  18. update ? by Spaham · · Score: 2

    So, they updated to windows 8 finally ?

  19. Mister, you're grounded! by kheldan · · Score: 1

    Time to take away Kim Jong Un's Xbox (or does he have a PS3?) until he learns to play nice with the neighbor kids?

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  20. Re:INFOCOM LEVEL 3! by WhatAreYouDoingHere · · Score: 1

    from the summary: "Information Operation Condition (INFOCOM)"
    Shouldn't that be INF O CON? There's no M in Condition.
    Also, I thought INFOCOM was an old game company...

    --
    "What are you doing here, Elijah?"
  21. BBC News Article with followup by billstewart · · Score: 1

    BBC article says it's malware, not DDOS as originally speculated.

    Even so, there was chaos, anarchy, dogs and cats living together, people having to pay cash at Starbucks...

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  22. All politics is local by billstewart · · Score: 1

    Some nations are out for international supremacy. But some just have crazy people in charge who need to keep the level of crazy pumped up as a way of keeping their subjects in line. Fortunately, it's only exceptionally crazy countries like Best Korea that have that problem, and it would never happen here in the US.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  23. Re:It's OK: battle.net is still up! by DigiShaman · · Score: 1

    It's ok though. The South Korean's are prepared for a Zerg rush from North Korea.

    --
    Life is not for the lazy.
  24. Re:Source traced by DigiShaman · · Score: 1

    Hey now! Now need to be casting Stones.

    --
    Life is not for the lazy.
  25. It is pitch black. by DarthVain · · Score: 1

    You are likely to be eaten by a grue.

  26. Re:It's OK: battle.net is still up! by Dahamma · · Score: 1

    Kim Jong Un probably plays Starcraft, too.

  27. Varanoid has a preliminary analysis of the virus by Diamonddavej · · Score: 1

    Varanoid.com has just posted an initial analysis of the malware, how it wipes the MBR, forces two popular South Korean anti-virus software programs to shut down and and scans the network for vulnerable systems. It also attempts to wipe the MBR on the Unix systems Linux, HP-UX, and SunOS. It overwrites the MBR with one of these three strings...

            PRINCPES
            PR!NCPES
            HASTATI.

    From wiki: "Hastati (singular: Hastatus) were a class of infantry in the armies of the early Roman Republic who originally fought as spearmen, and later as swordsmen."

    Varanoid preliminary analysis

  28. Re:Varanoid has a preliminary analysis of the viru by mellyra · · Score: 1

    From wiki: "Hastati (singular: Hastatus) were a class of infantry in the armies of the early Roman Republic who originally fought as spearmen, and later as swordsmen."

    PRINCPES seems to be a misspelling of principes which were the early republic's heavy infantry.