NongHyup troubles

[johntbacon]

Gr - oan.... for such a "connected" nation, Korea seems stuck in the Grandma-using-a-computer stage of technological awareness.

Authorities have discovered 200 more so-called zombie computers that have been infected with viruses North Korean hackers planted in September last year. They came across them in the process of investigating the laptop computer of an IBM employee that was used to paralyze the computer network of agricultural cooperative lender Nonghyup.

I can only assume that they mean they looked at connection logs on the PC and discovered these additional zombie-PCs. In any case, it isn't clear what or how exactly they arrived at finding 200 additional machines. (Incidentally, 200 machines connected to one computer inside does not a DDoS make).

Prosecutors said Monday that the National Intelligence Service identified 201 port numbers that have been infected with viruses so that they can serve as zombie computers ...

Ports?  Really? You're going to go after all traffic on a specific port? There are 65536 ports available, of which less than a thousand are registered to a protocol, 48,000 are assigned to specific applications (but this is not enforceable) and the remainder is unassigned and temporary. Identifying ports is a very small step in tracking down a bot net- legitimate traffic can be on a port you ID as "evil" ... and let's not get into the small details where you can't infect a "port" with a virus. Gragh, assign someone who has used a computer for more than YouTube to cover your tech-related stories.

This means not only Nonghyup but any state agency could be the target of a North Korean cyber attack.

No, it means you should have a firewall in place that is already filtering unused and unknown ports. This is so basic and rudimentary it's frightening that they think it's something threatening.

During a DDoS attack in March this year, 746 servers in 70 countries were used to plant more than three different types of viruses.

DDoS attacks, by definition, do not plant viruses.  A DDoS is the big brother of a DoS attack. DoS stands for "Denial of Service". That means someone tries to flood a server with information and deny legitimate users of that server access. A 'DDoS' attack means you have many computers working to overwhelm the system and deny legitimate users access.

DDoS attacks only aim to degrade the performance of their target, or to shut it down. This attack may serve as a distraction while other exploits and attacks are used, but a DDoS does nothing in the way of 'planting viruses'. (I'm going to gloss over the hideously vague scare-term of "virus" in this article, but know it's far too vague and wishy-washy-scary to mean anything).

North Korean hackers tested the level of defenses at South Korean government agencies through the DDoS attacks and then targeted the state-run lender, whose security system was weak compared to other banks

If you don't have a simple firewall excluding all but necessary ports, then you don't have any defenses. This is so simple it's absurd.

Intelligence officers say the North's next target could be the South's power grid, including nuclear power plants, as well as airports, maritime ports or subway systems. So far North Korea has used spies to gather information about them.

If your infrastructure mission-critical hardware is actually connected to the public internet in any way, you need to fire whomever thought that was a good idea. In addition, it is impressive they have such close tabs on what NK spies have been gathering information for. One would think they might have known about the looming "NK DDoS attacks" and, you know, prevented it.

"These cyber attacks differ from warfare in that they seek to foment social chaos by intensifying fear among the public."

*SNORT* HAHAHA ... and running around telling everyone to be very afraid of the DDoS and scary-wary-viruses while you continue to support a national continued use of a decade old operating system and a browser to match isn't fear-mongering at all. Windows 7, IE9 and Microsoft Security Essentials 2 rolled out around the country would probably do more to solve problems than feeding the media bunk stories about DDoS-planted "viruses" and "infected port numbers".

I'll repeat what I said above: this is FUD (Fear Uncertainty and Doubt) of the first degree, magnified to grotesque proportions by the farcical "news media" here.

TL;DR - This is bunk reporting on bunk press statements about technology relating to the recent NH outage.

[dhufton]

Its interesting that Nth Korea sought to paralyse Korean society through a cyber attack on a provincial bank

[firebreaker]

My theory is it's just a blame game thing. The truth is that some IT moron at NH did something simple and stupid like installing new servers and configuring them as a workstations, or not even connecting the things to the network in the first place. The IT person didn't want to take the blame, so he/she tells the boss that it's not his/her fault. It MUST have been an elaborate attack by NK.

[rainesbaines]

I had no idea about this and came here to find out what to do, having lost my ATM card...haha.  This is amazing, though, and makes me want to switch banks ASAP.  As for placing blame for the system failures on NK, not surprised.