Authorities track code similar to those used by N. Korea in cyber attacks
Authorities are investigating a possible North Korea-organized attempt to hack into e-mail accounts of students and alumni of Korea University’s Graduate School of Information Security.
According to the graduate school, e-mails carrying malware designed to enable the sender to access e-mail accounts were sent to about 50 current students and graduates of the school.
Following the incident, of which the school became aware of a week ago, the National Intelligence Service was alerted. The NIS and police agency’s cyber terrorism unit are currently tracking the source of the e-mails.
According to professor Kim Seung-joo of the university, the attacker appears to have found out the e-mail addresses of current students and graduates from a handbook distributed to students.
“Our own investigations found that the code itself was flawed and did not function, and therefore the incident has not had caused any direct damage,” Kim said. He added that the school was informed by government officials that the code had similarities with those used in the past by North Korea.
“If that is true the attempt was systematic and so it may not end with simply distributing malware. As such, we are drawing up preventative measures, and plan to strengthen our security measures beyond those normally employed by academic institutions.”
Kim added that while there is some doubt as to whether North Korean agents would make faulty malware, the school has not ruled out the possibility as some cyber attacks are aimed at gauging the target’s ability to respond to such threats.
Although North Korea’s involvement in the Korea University incident has yet to be confirmed, the North has been behind a number of cyber attacks on the South in recent years.
In July 2009, North Korean agents launched a widespread “distributed denial of service,” or DDoS attack, on 26 local and foreign organizations’ web sites, including the presidential office of Cheong Wa Dae, the National Assembly, the Ministry of Defense, Shinhan Bank and Korea Exchange Bank. The attacks also affected the email service of portal Naver.
Although the North has denied involvement, it is thought to have been behind the attack on the National Agricultural Cooperative Federation, or Nonghyup, in April.
In addition, North Korea is considered to have attempted to hack into servers of organizations under the control of the Ministry of Knowledge Economy 40 times since 2010.
According to data revealed during the parliamentary audit in September, 40 hacking attempts were made against 10 organizations under the ministry’s control.
The data also showed that similar incidents concerning state-run companies associated with the ministry that occurred between August 2008 and the same month this year came to more than 10,000.
By Choi He-suk (firstname.lastname@example.org