By Kim Young-jin
South Korea should bolster its cyber-security in all sectors as North Korea is more than likely to continue hacking at a wide range of institutions, a former North Korean computer professor said Wednesday.
“The North’s hackers have the specific goal to attack the South,” said Kim Heung-kwang, of the defectors’ group North Korea Intellectuals Solidarity, over the phone. “They’re likely to hack into any institution with a low-level of security, and that’s not limited to financial institutions.”
His remark came a day after prosecutors here pinpointed the North’s top intelligence body, the Reconnaissance General Bureau, as the culprit behind the April 12 attack that paralyzed Nonghyup Bank, leaving thousands of customers unable to access their accounts for over a week.
Before defecting to the South in 2003, Kim taught computer science at a university in the North to students that included, he said, members of the bureau’s cyber warfare unit. That group is said to comprise some 1,000 hackers.
“Though they only have basic hacking skills, they do have a lot of experience hacking into government sites. Their goal is to destroy South Korean systems,” he said.
Prosecutors said the North made long preparations for the attack. It launched the attack in June last year, when the laptop of an employee of IBM Korea, the network maintenance provider of Nonghyup, downloaded the North’s hacking programs disguised as update files.
The hackers made the laptop a “zombie computer,” managing it for 10 months obtaining inside information and encoding malicious codes.
Some techniques mimicked those used in previous attacks on the government and businesses that were blamed on the North including a distributed denial of service (DDoS) attack in March, it said.
Park Young-ho, a senior researcher at the Korea Institute for National Unification, said North Korean leader Kim Jong-il ordered the regime to beef up its IT capabilities as part of a broader offensive against the South.
“It is assumed that North Korea has geared up all its resources to infiltrate the South,” he said. “We need to be very cautious as the North seems to put a disproportionate proportion amount of resources into cyber terror.”
The reconnaissance bureau that operates the cyber-warfare unit is headed by Kim Yong-chol, who is suspected of involvement in Pyongyang’s two deadly attacks last year.
Some observers expressed concern that the North could wage simultaneous cyber attacks against power, traffic, communication, military and other infrastructure here.
But Song Chang-min, a representative for computer safety firm AhnLab said the South is well prepared to handle such threats, citing anti-cyber terrorism drills staged in cooperation with local security firms and various efforts to enhance security.
“The latest DDoS attack in March was a good example,” he said. “It targeted over 20 websites including government, portals and financial organization, but they simply didn’t (succeed) because the government security organization and private companies such as AhnLab worked closely on countermeasures.”
But he added: “There is no such a thing as ‘perfect security’, so we have to stay alert.”
Tensions remain high between the sides since last year when Pyongyang sank a South Korean warship and shelled Yeonpyeong Island in separate attacks that killed 50 people. The sides remain technically at war after their 1950-53 fratricidal conflict ended in an armistice.