By Jun Ji-hye
The prosecution said Wednesday that it is investigating an information technology firm over allegations that it helped North Korean hackers attack South Korean computer networks.
According to the Seoul Supreme Prosecutors' Office, its officials and agents of the National Intelligence Service (NIS) Tuesday raided the firm's office as well as the house of its president, surnamed Kim.
50-year-old Kim is suspected to have violated the National Security Law by helping North Korean hackers residing in China spread a malicious code to the South. The law bans any activities that benefit or praise the communist North.
Two other firms that lent servers to Kim were included as subjects of the raids.
The prosecution said that Kim is under suspicion of helping the hackers set up "zombie PCs" called "Botnet" in the South.
Zombie PCs refer to computers infected with malicious software and programmed to conduct the attack so that it can be served as the main tool for the hackers. Those are usually used for large-scale cyber attack, including the distributed denial-of-service (DDoS) attack.
Kim is said to have hired servers from some domestic enterprises about two years ago and handed in IDs and passwords to hackers so that they can access these servers. Kim also allowed them to use Internet software of his company.
Thanks to this, hackers successfully penetrated computer networks in the South and circulated malicious code that created zombie PCs, the prosecution said.
The law enforcement agencies anticipated that the number of domestic computers that the hackers already infected with malicious programs through Kim's assistance would amount to about 110,000.
As soon as they complete analyzing seized articles, the NIS plans to summon and further investigate Kim.
Kim, who had lived in China until the end of the 1990s, took a lead to establish the joint IT venture between the South and North at the beginning of the 2000s. From then, he continued to conduct activities regarding inter-Korean economic cooperation in the IT sectors.
According to the prosecution, the likelihood is that Kim could have opportunities to contact North Korean spies during these endeavors.
Cyber attacks, suspected to be conducted by the communist regime, were hacking bank networks and television networks on March 20 and two DDoS attacks in 2009 and 2011.
Major government institutes including Cheong Wa Dae, the National Assembly, foreign ministry and defense ministry were hacked in 2009.
북한 해커의 국내 전산망 침입을 도와준 IT업체가 국가정보원의 수사를 받는 것으로 확인됐다.
31일 공안당국에 따르면 국정원은 30일 중국에 있는 북한 해커가 국내에 악성 바이러스를 유포하고 좀비PC 네트워크인 '봇넷(botnet)'을 구축하게 도와준 정황이 있는 모 IT업체 김모 대표의 자택과 사무실, 서버 제공업체 등을 압수수색했다.
국정원은 서울중앙지검 공안1부(최성남 부장검사)의 지휘를 받아 압수수색 영장을 집행했다.
김씨는 국내에서 서버를 빌려 접속 아이디와 비밀번호를 2년 전부터 북한 해커에게 넘겨준 혐의(국가보안법 위반)를 받는 것으로 알려졌다.
이 북한 해커는 김씨 회사의 인터넷 공유기 접속 권한까지 넘겨받아 국내 전산망에 침투, 좀비PC를 만들어내는 악성 바이러스를 유포한 것으로 전해졌다.
봇넷을 조종하면 디도스(DDoS)를 비롯한 대규모의 네트워크 공격을 할 수 있다. 김씨를 통해 북한 해커가 감염시킨 국내 PC는 최대 10만여대에 이르는 것으로 추산된다.
공안당국은 운동권 출신으로 알려진 김씨가 수년 전부터 중국에 있는 남북합작 IT 회사에서 근무하는 과정에서 북한 공작원들과 접촉했을 가능성이 있다고 보고 김씨를 곧 소환해 사실 관계를 확인할 방침이다.