North Korean Hackers Crippled Bank In South Korea

By Author: Apple Tan
Total Articles: 68
Comment this article

Investigators in South Korea have blamed North Korea for the recent cyber-attack on National Agricultural Cooperative Federation (Nonghyup) and called it "unprecedented cyber-terror deliberately planned" by North Korea. The Yonhap news agency quoted the officials describing the attack as a new kind of terrorism aimed at destroying the financial foundation of South Korea’s capitalist society.
The cyber-attack led to the disruption of the computer network of the financial institution last month. The cyber-attack paralyzed the Automated Teller Machine (ATM) services and online banking services, which reportedly affected around 20 million customers of Nonghyup. The system crash started April 12 and left customers of Nonghyup -- the National Agricultural Cooperative Federation -- unable to withdraw or transfer funds, use credit cards or take out loans. Also, customer data was lost and passwords were exposed. It was three days before services were partially restored.
Prosecutors blamed North Korea's General Bureau of Reconnaissance, saying they reached their conclusion after analyzing 81 malignant codes. The information ...
... was found in the laptop of an IBM worker who was at Nonghyup's Information Technology center under an outsourcing contract.
The North brought down the computer system of the National Agricultural Cooperative Federation, or Nonghyup, by hacking into an official’s laptop and operating it remotely as a “zombie computer”, the prosecutors’ office said.
The command files attacked 273 servers out of 587, including those that control ATM transactions, Internet banking and credit card usage, and 1,073 A4 pages worth of information were taken during the past seven months. Prosecutors said that the North Korean cyber criminals watched the entire process through the laptop and when they thought the attack was successful they deleted all data related to the attack.
“The pattern used to spread malicious codes and the IP address of an overseas server used for the attack was identical to those deployed in previous cyber-attacks by the North,” the prosecutors’ office said.
The malware that infected the laptop was similar to the ones used in the distributed denial-of-service, or DDoS, attacks in July 2009 and in March of this year, while one of the Internet Protocol addresses was found to be identical to the one used in March. The March attack affected 30 government institutions and organizations, but didn't damage or disrupt many computers.
Government ministries -- including defense and unification -- the National Assembly, a military headquarters, sites for U.S. armed forces in South Korea and major banks were among those hit in March. Distributed denial-of-service attacks overload sites with data causing them to break down or stop functioning. The attackers reportedly injected malware into two peer-to-peer file-sharing Web sites, the National Police Agency said at that time.
In the security attack on Nonghyup, the prosecutor's office also noted poor attention to security management processes. "We investigated the IT center entry records and surveillance camera recordings to see whether Nonghyup insiders conspired with the hackers but didn't find any noticeable evidence," senior prosecutor Kim Yeong-Dae said.
"Workers were supposed to receive approval when taking computers in and out of the IT center and when taking one out, the computer should have been reformatted. But those in charge didn't. They also hadn't changed system passwords since last July, while they were supposed to do so every month," Kim said.
Nonghyup is under fire from regulatory authorities for their weak IT infrastructure. The bank, with around 5,000 branches, is struggling with more than 30,000 customer complaints and 1,000 compensation claims. After the attack, the company plans to invest 510 billion Won to improve IT security by 2015.
It is evident that organizations need to take proper measures to safeguard their network security to halt cyber intrusions and prevent cybercriminals from stealing sensitive business and customers’ information. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the information security workforce. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT).
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).