South, North Korea websites hacked on war anniversary

SEOUL, South Korea (3rd UPDATE) – Official South and North Korean websites suffered what appeared to be coordinated attacks Tuesday, June 25, by unknown hackers on the anniversary of the outbreak of the Korean War, prompting Seoul to issue a general cyber alert.

The affected websites included those belonging to the South’s presidential Blue House and a number of the North’s state-run media groups.

South Korea raised its five-stage national cyber alert from level one to two in the morning, and then again to three after the scope of the attack became clear.

Park Jae-Moon, director of the Science Ministry’s IT Strategy Bureau, said 11 media outlets, four government agencies and a political party had been shut down.

“It’s like an endless fight between spears and shields,” Park told reporters, adding that it was too early to say who was responsible.

Some sites were operating normally again in a matter of hours, while some remained offline well into the evening.

The hacking coincided with the 63rd anniversary of the start of the Korean War on June 25, 1950.

Investigations into past large-scale cyber assaults on South Korean media groups and financial institutions have concluded that they originated in North Korea.

A number of posts left on the hacked South Korean sites claimed to be the work of the global “hacktivist” group Anonymous and included messages praising North Korean leader Kim Jong-Un.

Anonymous denied any involvement on its official Twitter account, but said it had succeeded in hacking a number of North Korean media websites on Tuesday, including the official Korean Central News Agency (KCNA) and the ruling party newspaper, Rodong Sinmun.

Both sites were briefly inaccessible on Tuesday morning but appeared to be running normally a few hours later.

There was no immediate statement from the North, either confirming or commenting on the attack.

South Korea has sought to beef up its cyber defenses since a March 20 attack completely shut down the networks of TV broadcasters KBS, MBC and YTN, and halted financial services and crippled operations at three banks.

An official investigation determined North Korea’s military intelligence agency was responsible, with a joint team of civilian and government experts tracing the origin to six personal computers used in North Korea.

In order to spread malware in target computers, the hackers went through 49 different places in 10 countries including South Korea, the investigation found. The North had used 22 of the places in past attacks.

About 48,700 machines including PCs, automatic teller machines and server computers were damaged in the attack, which coincided with heightened military tensions on the Korean peninsula, following Pyongyang’s nuclear test in February.

North Korea was also blamed for cyber attacks in 2009 and 2011 that targeted South Korean financial entities and government agencies.

In testimony last year to the US congressional Armed Services Committee, the commander of US forces in South Korea, General James Thurman, said North Korea was employing “sophisticated computer hackers” trained in cyber attacks.

“Such attacks are ideal for North Korea” because they can be done anonymously, and “have been increasingly employed against a variety of targets including military, governmental, educational and commercial institutions”, Thurman said.

The South Korean military set up a special cyber command in early 2010 and, in partnership with Korea University, established a cyber warfare school in 2012 that admits 30 students every year. – Rappler.com