Prosecutors say North’s intelligence body involved in system breakdown


North Korea masterminded the April 12 cyber attack that paralyzed the banking system of the National Agricultural Cooperative Federation, or Nonghyup, for several weeks, prosecutors said Tuesday.

The nation’s worst-ever banking network crash prompted calls for stronger measures to safeguard key financial institutions in the South from the new kind of cyber attack.

Investigators at the Seoul Central District Prosecutors’ Office said the Reconnaissance General Bureau, the North’s premier intelligence body, orchestrated the “unprecedented cyber terror.”

They said that the methods used in the cyber attack last month were similar to those used in the two cyber attacks on a number of major South Korean government and business websites that took place in July 2009 and March 2010.

The methods to create, disseminate and use malicious codes were similar to those used in past attacks, officials said. One of the Internet Protocol addresses used in the attack last month was also identical to that used in last year’s attack, they added.

Prosecutors said that a laptop computer owned by an employee of IBM Korea, the cooperative’s computer network maintenance subcontractor, turned into a zombie computer after downloading North Korean malware from a file storage site in September 2010.

Prosecutors said that North Korean hackers had managed the zombie computer for seven months, stealing key data from it and mounting the cyber attack. Hackers use programs loaded onto a zombie computer to manipulate it from remote places.

Investigators analyzed 81 malicious codes found in the laptop and found that the malicious codes were encoded to avoid being located, they said. The encoding method was very similar to those used in the previous “distributed denial-of-service” cyber attacks by Pyongyang.

North Korean hackers installed a “backdoor” hacking and tapping program along with malicious codes on the laptop and launched the unprecedented attack on Nonghyup’s computer system on April 12. The attack carried out in three steps crashed 273 of the total 587 computer servers at the cooperative.

Prosecutors said that given the large scale of the attack, North Korea appears to have mobilized a “considerable” number of hackers and materials for the attacks.

Investigators could not find any decisive evidence that indicates North Korean hackers colluded with an insider at the cooperative, officials said.

The prosecution called the incident a new type of cyber terrorism that targets a private firm to shake the financial foundations of South Korea’s capitalist society.

Despite the prosecutors’ announcement, some critics said that the investigative authorities have yet to identify the hackers involved in all three cyber attacks and that the “weak claims” are mostly based on “circumstantial assumptions.”

North Korea has long focused on cyber warfare. It is known to have established many college-level institutions to produce hackers and stationed cyber warfare personnel in China. The North has used cyber attacks to spy on South Korean government bodies or glean crucial intelligence.

Meanwhile, Nonghyup announced that it would spend 510 billion won ($476.8 million) building a the top-of-the-line computer security system by 2015.

Of the amount, 400 billion won will be used for an IT center equipped with a robust security and firewall, 93 billion won for data backup and restoration, and 17 billion won for other security facilities.

By Song Sang-ho (sshluck@heraldcorp.com)