Saturday, October 19, 2013

In cyberarms race, North Korea emerging as a power, not a pushover


With all the distraction and damage caused by Snowden and Greenwald regarding the NSA it would be a real crime (which of course they have already committed) if Cyber Command was so neutered that the Chinese and north Koreans developed superior cyber capabilities that could do signification damage to us.  And I think Sasha is right here:

"Over the past four years the North has seriously intensified its cyberwarfare development efforts at South Korea's expense," says Alexandre Mansourov, a visiting scholar at the US-Korea Institute at Johns Hopkins University in Baltimore. "The [Korean People's Army] is basically planning for a future cyberwar and has been hacking to collect intelligence and prepare to disrupt information and communications, surveillance, and reconnaissance systems of its enemies: South Korea, the US, and Japan.

Just as an aside, what if the north's nuclear program is just a distraction and the real threats they are pursuing are in cyber space?  I bet theoretically at least, a comprehensive cyber attack that shuts down the US infrastructure, both utilities and financial ,might have far more devastating effects, particularly over time,  than the detonation of a nuclear device.  And I am very sure that the north has read the 1999 Chinese book on Unrestricted Warfare.
V/R
Dave

In cyberarms race, North Korea emerging as a power, not a pushover


A 4-year cyberattack-and-espionage campaign targeting key South Korean institutions suggests North Korean cyberwarfare capabilities are far more potent than previously believed.
Temp Headline Image
A Digital Forensic Investigation team entered the Cyber Terror Response Center in Seoul, South Korea in March. The team was responding to a cyberattack linked to North Korea.
(Lee Jin-man/AP)

By , Staff writer / October 19, 2013 at 11:40 am EDT

Often dismissed as a laggard in the global cyberarms race, North Korea has long been seen as a chronic cyber-superpower wannabe. Its poverty, minimal Internet access, and paucity of malicious software to its credit together have indicated that the "hermit kingdom" has just not yet arrived.

But that equation is changing. While the North's nuclear ambitions and maltreatment of its citizens absorb diplomatic bandwidth, a four-year cyberattack-and-espionage campaign targeting South Korean banks, news media, telecoms, and military think tanks has revealed North Korean cyberwarfare capabilities to be far more potent than previously believed, US experts say and new analyses show.
What's more, say American cyberwarfare and North Korea experts, the North's advancing capabilities show a dangerous potential to slide into real-world conflict.

"Over the past four years the North has seriously intensified its cyberwarfare development efforts at South Korea's expense," says Alexandre Mansourov, a visiting scholar at the US-Korea Institute at Johns Hopkins University in Baltimore. "The [Korean People's Army] is basically planning for a future cyberwar and has been hacking to collect intelligence and prepare to disrupt information and communications, surveillance, and reconnaissance systems of its enemies: South Korea, the US, and Japan."

Analyses of these attacks, while falling short of "smoking gun" proof, leave little doubt North Korea is not only behind major attacks against the South – but that its capabilities are much broader than previously believed, Dr. Mansourov and others say. As a result, these experts are boosting their estimates of the sophistication and pace of the North's cybermilitary development – and of its threat to the United States.

Most revealing is the new linkage between the North and four years of increasingly threatening attacks on South Korea, analyzed by leading cybersecurity firms in the past five months. The attacks have cost the South more than $750 million, South Korean lawmakers said this month, citing Defense Ministry data.


The first major attack, on July 4, 2009, began with a modest distributed denial-of-service (DDoS) bombardment – with millions of requests per second (tiny compared with today's attacks) clogging Korean and US government and financial websites for days. The attacks appeared to emanate from 435 different servers in 61 countries around the world – including in South Korea itself.
But a second attack on March 4, 2011, went beyond basic DDoS by launching malicious software that wiped hard drives on systems at one of the South's biggest banks, leaving 30 million customers without ATM services for days.

The picture clears

Initial investigations suggested that the North was responsible, but were ultimately inconclusive.
Clarity began to emerge this past spring following the biggest attack. It began at 2 p.m. on March 20 with several South Korean banks and media outlets hammered by a massive malware attack erupting from inside their own networks. In minutes, a cyberweapon dubbed "DarkSeoul" infected and wiped clean the critical master boot records of 32,000 computers, wrecking them and crippling those organizations for days – one of the most costly and destructive cyberattacks the world has seen.
The digital trail initially led to a cybergang called the "WhoIs Team" – its skull calling card digitally tattooed on the computer hard drives of South Korean banks. Adding to the confusion, another group – the "New Romantic Cyber Army Team" – also claimed responsibility.

But US cybersecurity company McAfee saw something else. "Operation Troy," as McAfee dubbed the attack in a June report, was actually the culmination of a "secret, long-term," and "sophisticated" four-year campaign by just one cyberattacker – not the two cybergangs.

"Operation Troy had a focus from the beginning to gather intelligence on South Korean military targets," McAfee investigators reported. "We have also linked other high-profile public campaigns conducted over the years against South Korea to Operation Troy, suggesting that a single group is responsible."

Which group? South Korean fingers jabbed at North Korea. While McAfee never publicly named a culprit, its officials said privately that Pyongyang was behind the four years of increasingly sophisticated attacks.

The McAfee analysis was not the last to track the attacks back to North Korea's doorstep. The same month, cybersecurity giant Symantec issued its own report linking the four years of cyberattacks to a single actor amid not-so-veiled references – "regardless of whether the gang is working on behalf of North Korea or not."

In September, researchers at Kaspersky Lab announced discovery of an extensive cyberespionage campaign against six South Korean military think tanks. Far from being a primitive hack, the "Kimsuky" campaign, named after a snippet of malicious code, was "extraordinary in its execution and logistics," wrote Dmitry Tarakanov, a researcher at the Moscow-based firm, who said digital tracks led to the North.
(Continued at the link below)



No comments:

Post a Comment

Giving Tuesday Recommendations

  Dear Friends,  I do not normally do this (except I did this last year and for the last few years now, too) and I certainly do not mean to ...