ALL >> Technology,-Gadget-and-Science >> View Article
North Korean Hackers Crippled Bank In South Korea

Investigators in South Korea have blamed North Korea for the recent cyber-attack on National Agricultural Cooperative Federation (Nonghyup) and called it "unprecedented cyber-terror deliberately planned" by North Korea. The Yonhap news agency quoted the officials describing the attack as a new kind of terrorism aimed at destroying the financial foundation of South Korea’s capitalist society.
The cyber-attack led to the disruption of the computer network of the financial institution last month. The cyber-attack paralyzed the Automated Teller Machine (ATM) services and online banking services, which reportedly affected around 20 million customers of Nonghyup. The system crash started April 12 and left customers of Nonghyup -- the National Agricultural Cooperative Federation -- unable to withdraw or transfer funds, use credit cards or take out loans. Also, customer data was lost and passwords were exposed. It was three days before services were partially restored.
Prosecutors blamed North Korea's General Bureau of Reconnaissance, saying they reached their conclusion after analyzing 81 malignant codes. The information ...
... was found in the laptop of an IBM worker who was at Nonghyup's Information Technology center under an outsourcing contract.
The North brought down the computer system of the National Agricultural Cooperative Federation, or Nonghyup, by hacking into an official’s laptop and operating it remotely as a “zombie computer”, the prosecutors’ office said.
The command files attacked 273 servers out of 587, including those that control ATM transactions, Internet banking and credit card usage, and 1,073 A4 pages worth of information were taken during the past seven months. Prosecutors said that the North Korean cyber criminals watched the entire process through the laptop and when they thought the attack was successful they deleted all data related to the attack.
“The pattern used to spread malicious codes and the IP address of an overseas server used for the attack was identical to those deployed in previous cyber-attacks by the North,” the prosecutors’ office said.
The malware that infected the laptop was similar to the ones used in the distributed denial-of-service, or DDoS, attacks in July 2009 and in March of this year, while one of the Internet Protocol addresses was found to be identical to the one used in March. The March attack affected 30 government institutions and organizations, but didn't damage or disrupt many computers.
Government ministries -- including defense and unification -- the National Assembly, a military headquarters, sites for U.S. armed forces in South Korea and major banks were among those hit in March. Distributed denial-of-service attacks overload sites with data causing them to break down or stop functioning. The attackers reportedly injected malware into two peer-to-peer file-sharing Web sites, the National Police Agency said at that time.
In the security attack on Nonghyup, the prosecutor's office also noted poor attention to security management processes. "We investigated the IT center entry records and surveillance camera recordings to see whether Nonghyup insiders conspired with the hackers but didn't find any noticeable evidence," senior prosecutor Kim Yeong-Dae said.
"Workers were supposed to receive approval when taking computers in and out of the IT center and when taking one out, the computer should have been reformatted. But those in charge didn't. They also hadn't changed system passwords since last July, while they were supposed to do so every month," Kim said.
Nonghyup is under fire from regulatory authorities for their weak IT infrastructure. The bank, with around 5,000 branches, is struggling with more than 30,000 customer complaints and 1,000 compensation claims. After the attack, the company plans to invest 510 billion Won to improve IT security by 2015.
It is evident that organizations need to take proper measures to safeguard their network security to halt cyber intrusions and prevent cybercriminals from stealing sensitive business and customers’ information. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the information security workforce. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT).
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).
Add Comment
Technology, Gadget and Science Articles
1. Syneron Laser Repair Services: Restore Performance, Protect Your InvestmentAuthor: Ryan
2. Sitecore Vs Optimizely: A Guide To Selecting The Right Dxp
Author: Addact Technologies
3. Hourly Price Insights: Amazon, Myntra, Meesho & Flipkart – 2025
Author: Den Rediant
4. Erp For Small Business: Fuel Growth With Smarter Systems
Author: Alex Forsyth
5. How To Implement Secure Authentication In Mern Stack Projects?
Author: Mukesh Ram
6. Uber Eats Menu Price Tracking For Ecosystem Analysis
Author: Retail Scrape
7. Ai Tracks Noon Vs Amazon.ae Price Gaps In Uae Retail Market
Author: Actowiz Solutions
8. Reimagine Brand Management With Wave: The Future-ready Platform
Author: 5Flow
9. Hire Virtual Receptionists And Let Them Do The Work For You
Author: Eliza Garran
10. Understanding Why A Virtual Answering Service Is Needful
Author: Eliza Garran
11. What Makes Helical Insight Unique Among Open-source Business Analytics Tools?
Author: Vhelical
12. The Event Management Website That India’s Top Event Companies Rely On
Author: Enseur Tech
13. Top 5 Reasons To Partner With App Developers Near Me
Author: brainbell10
14. How A Custom Mobile App Solves Real Business Problems?
Author: brainbell10
15. How App Developers Near Me Stands Out From The Competition?
Author: brainbell10