South Korea under ‘cyber attack’?

12:08 20 March in attack, Cyber security, cyber warfare, hack

News of a cyber attack on South Korea has made the news this morning. Details remain sketchy but press reports include outages at three broadcasters and two banks. There is little technical detail, but there does appear to have been some disruption.

To quote from the Guardian:

The computer networks of three broadcasters РKBS, MBC and YTN Рand two banks, Shinhan and Nonghyup, froze at around 2pm local time. Shinhan said its ATMs, payment terminals and mobile banking in the South were affected.

Additionally the military has raised it’s cyber attack readiness level from three to four (on a five tier system). The attacks have been connected with North Korea, though there is no evidence of that right now.

So on the face of it something clearly bad has happened. Whats less clear is the degree of targeting, the actual impact, and the relative sophistication of the tools. It is worth remembering when stories like this emerge that getting malicious software onto someones computer is actually not that difficult. It happens all the time be it for criminal, espionage or other purposes. The technical press often reports on huge networks of compromised computers (botnets – generally used to send large volumes of spam, or sometimes for denial of service attacks).

The key difference between this kind of malicious software, and what appears to have happened in South Korea is that generally people don’t want to get caught, and hence go to great lengths to ensure their bad software interferes minimally with the user experience (the degree to which this is true varies depending on how much effort the bad guys put into writing their bad software).

The second thing to remember is that malicious software like this can be hugely successful in compromising computers without being targeted. Conficker is a good example of this, which caused huge problems for companies all over the world, but was not targeted at anyone in particular.

So at the moment it is not clear exactly what this event means. With cyber security having such a high profile at the moment, and phrases like cyberwarfare appearing regularly in press reporting it is easy to assume the worst. Even if the worst case assumption is accurate and the attack is linked to north Korea, it is still very likely that this was successful due to the target organisations having poor security practise.