Analysis: Cyber warfare on the Korean PeninsulaBy David Slatter Mar 20, 2013 6:50PM UTC
Was today’s massive network failure in South Korea a tit-for-tat cyberattack by Pyongyang, or are there other forces at work?
South Korea was hit this afternoon by an apparent wide-ranging cyberattack. Banks, broadcasters and private companies were all “partially or entirely crippled” said the Korean Internet Security Agency.
At least three broadcasters — KBS, MBC and YTN – and two banks – Shinhan Bank and Nonghyup – reported to the National Police Agency (NPA) that their computer networks were entirely halted around 2pm for unknown reasons, police said.
KBS worker Luke Cleary spread some light on the state of affairs at the media giants by sharing the ‘BootDevice Not Found’ screen from his computer, and staff from all broadcasters were rumoured sent out to work from PC Bangs (internet cafes) while systems were impaired.
(READ MORE: Major computer crash in SKorea; hackers suspected)
The Korean authorities are taking the incident seriously; the military has upgraded its INFOCON status to level 3 (up from level 4 on a five-tier system.) The Korea Communications Commission (KCC) has done the same, although both groups stressed that no military or state networks have been affected.
The South Korean government has taken care not to point fingers and a Defence Ministry spokesman said, “we do not rule out the possibility of North Korea being involved, but it’s premature to say so.” The authorities may not be willing to yet accuse North Korea but most people are thinking it, and indeed last week the ROK communications watchdog said that they were expecting and (rather embarrassingly) were ready for increased cyberattacks from the DPRK.
However, Reuters has raised another possibility. A hacker group dubbing themselves ‘Whois’ were responsible it seems for at least one attack;
The network provided by LG UPlus Corp showed a page that said it had been hacked by a group calling itself the “Whois Team”, an unknown group. It featured three skulls and a warning that this was the beginning of “Our Movement”.
All this comes after North Korea saw a similar systems failure. North Korean state media sites such as the KCNA went offline for several hours a week ago today. The cause of this is still unclear and both sides have traded accusations. With today’s event the theories of North Korea’s own tech problems now seem very pertinent. So what did happen last week? Here are some theories:
1 – North Korean mind games?
When the North Korean sites first went down it was at a time of extreme tension. The inter-Korean hotline had been ‘cut’ and North Korea had increased its fighter jet activity after the Key Resolve exercises. This led some to believe the move was a deliberate act by Pyongyang to elevate fears. Cutting itself off outside engagement and interaction was easily viewable as the first step towards some form of military action, especially with tensions as they were at the time. However, no military action came and the suspicions began to seem more like paranoia, but then again North Korea is not adverse, and some would say thrives on, such mind-games. If this was one, it was a deft one.
2 – US/South Korean Hacking?
North Korea claimed last week’s system failures were a result of enemy action:
It is ridiculous, indeed, for the hostile forces to mount such virus attacks on the DPRK’s internet servers, much upset by the all-out action of its army and people to defend the sovereignty of the country and the nation.
‘Blame America and their puppets’ is of course the North’s default response to most problems, and as it had a certain air of ‘boy who cried wolf’ about it most media outlets did not look too much into to claim. Perhaps they should have. The South were, and are, eager to respond much more forcefully to the North’s latest round of sabre-rattling, but are obviously still eager avoid active hostilities. A cyberattack would fit the bill.
3 – Accident?
North Korea Tech later reported:
Last week’s Internet outage that pushed North Korean websites offline for almost two days was probably caused by a problem inside the country, not on an external connection, an Internet researcher said Monday.
NKTech’s source goes on to say, “Was it the result of a cyber attack? Maybe. It could also have been a power failure, equipment failure or a misconfiguration by a network admin.” Despite copious data supporting the researcher’s assertions, the likelihood of an internal error seems unlikely.
South Koreans are often sceptical when tech failures are attributed to North Korean hacking. When NH bank suffered a system failure in 2010 it tried to sell the idea that it was the result of a DPRK hack. A lot of South Koreans weren’t buying it. But with today’s attack being so wide-ranging and coming so soon after the North’s own tech problems many feel, and fear, that the North is upping their game in the peninsula’s cyber war.