Recent massive cyber attacks that paralysed computer networks at several South Korean banks and broadcasters, strongly suspected to have been launched by North Korean hackers, have prompted Washington and Seoul to come up with tough new countermeasures to stop Pyongyang from waging information warfare in the future.
“The U.S. and South Korean militaries will cooperate to develop diverse deterrence scenarios against hacking attacks and increase anti-cyber warfare forces to over 1,000 to better deal with emerging threats from countries like North Korea,” said Kwon Kihyeon, a spokesman at South Korea’s Ministry of National Defence.
Details of this new counterstrategy cannot be revealed now for security reasons, Kwon said. But the plan is to finish drafting the tactics by July, and test and review them during the next joint U.S.-South Korea military drills, which begin in late August, before they’re implemented in October.
“The ministry will also set up a new department that acts as a control tower by integrating policies which defend military networks against hacking,” Kwon added. “Its Cyber Command, a special unit of about 400 personnel members, currently manages the policies with other defence and intelligence organisations, but there is no coordinating body.”
South Korea’s military uses two computer networks that are much harder to launch DDoS (distributed denial of service) or malware attacks on than local civil networks, according to Kwon. This is because they are both intranets that are not connected to the Internet.
“The intranet used for military manoeuvres can only be accessed by a small number of people,” Kwon said. “Thus, it is very secure and couldn’t fall victim to North Korean hacking. But more users can access the other intranet — namely, all members of South Korea’s military. So there’s a tiny chance it could be infiltrated. Therefore, the U.S. and South Korean militaries will be drafting measures to better protect it,” Kwon added.
North Korea runs a cyber warfare unit of at least 3,000 expert hackers with the aim of breaking into foreign computer networks to get information and spread computer viruses, according to Sung-Yoon Lee, a professor of Korean studies at the Fletcher School at Tufts University.
Last month’s hacking assault on South Korea – the largest in two years – using malware, coupled with the recent military threats from Pyongyang directed at Seoul, have raised unprecedented concern about potential cyber terrorism by the North against the South. It’s no wonder North Korea is widely suspected of carrying out the attack, Lee explained.
“In terms of the scale of the attack, I think it was probably North Korea. But the North was likely not going 100 percent full capacity. I would assume they can do more damage and go for more sensitive targets in South Korea, like jamming computer signals in airports, train stations and nuclear reactors,” according to Lee.
“I think they were trying to send a message, ‘This is what we can do to you; this is a small sample. So watch out, pay up and beware,” he concluded.
Broadcasters KBS, MBC and YTN and three banks — Shinhan, Nonghyup and Jeju — as well as two insurance firms reported to local police on March 20 that their computer networks were halted for unknown reasons, said a Science, ICT and Future Planning Ministry official who declined to be named.
An analysis by security firm Kaspersky indicated that the attackers used a “Wiper”-style malware program to wipe data on infected computers. In addition, firm Sophos said that malware dubbed Mal/EncPk-ACE, or simply “DarkSeoul,” was used in the attacks.
That official explained that his department had been newly created to take over the functions of the Korea Communications Commission as South Korea’s civilian anti-hacking watchdog.
“As of March 29, banks and broadcasters hit by the hacking attack had fully normalised their networks. But the investigation into the attack has not yet been closed and we still don’t know who masterminded it,” the official said. “We’re meeting related government agencies often to come up with stronger measures against cyber warfare.”
The defence ministry’s Kwon said that in the future, the post of cyber security secretary will be created at the presidential office of Cheong Wa Dae to try to rapidly and efficiently cope with cyber attacks on key national organisations.
“The new anti-hacking watchdog and cyber security secretary, as well as the South Korean spy agency and cyber police, will work closely together to draw up a crisis management plan to cope with possible cyber terrorism against civilian networks,” Kwon said. “The defence ministry, which is designing measures to protect its intranet against North Korean hacking, will help these agencies in their battle against cyber warfare.”