North Korean Hackers Infiltrate South Korean Websites Using Leaked Data From WikiLeaks
D-Bo , July 22, 2015, 10:01 a.m.
Suspected North Korean hackers launched a cyber attack against five websites in South Korea using leaked data of a top Italian hacking software company. Hacking Team, a Milan-based company, had its data breached by an unknown individual, resulting in leaking alleged internal emails, invoices and source code.
The hackers infiltrated the websites related to North Korean matters including one run by North Korean defectors. They planted viruses in the personal computers of users who accessed the homepages, which then enabled them to gain access to all of the information in the computers.
A local cyber security company was able to identify the virus and the websites have been shut down, but it is unclear how many computers were hacked.
Cyber security experts say the latest attack was far more sophisticated than previous ones by North Korean hackers. The virus used this time was the same one used in previous attacks, but the hackers used a "zero-day vulnerability" from the leaked data of the Italian company.
The zero-day vulnerability is an undisclosed and uncorrected computer application vulnerability that could be exploited to adversely affect the computer programs, data, additional computers or a network. That way hackers can plant viruses that can infect the computers of users simply by accessing websites even if they do not open any suspicious messages. Cyber security experts say North Korean hackers will be able to launch more sophisticated cyber attacks now that they have gotten their hands on the leak.
The North may also have obtained source code for developing hacking programs, which is acknowledged as top-notch technology. Kim Seung-joo at Korea University said, "Hackers around the world have obtained 400 gigabytes of hacking data for free from the leak, and North Korea is among them." One staffer at Immunity, a U.S. hacking software company that does business with intelligence agencies around the world, said that now that North Korean hackers have the "magic key," it would be very difficult to stop them for the next two to three years.
They will also be tough to identify. The National Intelligence Service here was able to identify suspected North Korean cyber attacks because they used the same source code repeatedly for more than a decade.
But now a staffer at one cyber security company says North Korean hackers have gotten their hands on a top-notch piece of information, so they will naturally study it and put it to use. "North Korea may use its own source code for cyber attacks it wants revealed and use other source codes for clandestine attacks," he added.
A staffer at vaccine developer ESTsoft said, "We're trying to develop a vaccine that can deal with the latest information contained in the leaked data." But the government is not paying attention. The Korea Internet and Security Agency, whose job is to defend cyberspace against hacking attacks, seems to believe it is not its area of interest to identify kinds of viruses that are floating around.
Lim Jae-myoung, who is in charge of cyber attacks at the agency said, "Our duty is to fix and remove viruses during cyber attacks against domestic websites. We can't monitor millions of viruses that exist on the Internet."