Smuggler arrested for helping N. Korea launch cyber attack

By Yi Whan-woo

Police have arrested a smuggler for allegedly helping North Korean intelligence attempt cyber terrorism on government computer networks through online game software.

The Seoul Metropolitan Police Agency said Sunday that the 39-year-old man, surnamed Cho, is under investigation for purchasing 10 versions of gambling software with malicious code from North Korean agents in China and distributing them.

Cho is sympathetic with the communist regime, and purchased the programs in September 2009 with malicious intentions, according to police.

“The suspect knew from the beginning that the sellers were North Korean agents,” an investigator said. “When Kim Jong-il died last year, he even sent emails twice to those agents to express his condolences for Kim’s death.”

Police added that Cho was also aware of the fact that the software had malicious code programmed for cyber attacks on government websites, but went ahead and brought them into the country.

Cho sold the software to a number of illegal online gambling website operators, while running some of the websites himself.

Police said that the North Korean hackers at a Sunyang-based trading company tried to break into the cyber network of Incheon International Airport in 2009 using those websites. The scheme failed as the national Cyber Security Center detected the attempt in advance and took appropriate measures.

Investigators found that Cho also obtains private information on the users of the gambling websites at local portals.

“We believe that North Korean hackers have possibly made successful attacks on some local portal sites in the country, and we’ll look into that,” an officer said.

The malicious code in the software could be used for distributed denial of service (DDoS) attacks. A possible attack can be set up when users of computers or Internet servers download a program with such malware.

The code spreads when the infected systems are connected to the Internet. Hackers then can strike at targeted cyber networks through a flood of traffic that overwhelms the bandwidth or resources a network can manage. More than 80,000 computers here suffered DDoS attacks in July 2009, and the government suspects North Korea was behind them.