April 25, 2024

You are here: Home / Archives for threat research

Possible Cyberattack in South Korea

March 21, 2013 by Leave a Comment

The attacks, which left many South Koreans unable to withdraw money from A.T.M.’s and news broadcasting crews staring at blank computer screens, came as the North’s official Korean Central News Agency quoted the country’s leader, Kim Jong-un, as threatening to destroy government installations in the South, along with American bases in the Pacific.

Though American officials dismissed those threats, they also noted that the broadcasters hit by the virus had been cited by the North before as potential targets.

The Korea Communications Commission said Thursday that the disruption originated at an Internet provider address in China but that it was still not known who was responsible.

Many analysts in Seoul suspect that North Korean hackers honed their skills in China and were operating there. At a hacking conference here last year, Michael Sutton, the head of threat research at Zscaler, a security company, said a handful of hackers from China “were clearly very skilled, knowledgeable and were in touch with their counterparts and familiar with the scene in North Korea.”

But there has never been any evidence to back up some analysts’ speculation that they were collaborating with their Chinese counterparts. “I’ve never seen any real evidence that points to any exchanges between China and North Korea, ” said Adam Segal, a senior fellow who specializes in China and cyberconflict at the Council on Foreign Relations,

Wednesday’s attacks, which occurred as American and South Korean military forces were conducting major exercises, were not as sophisticated as some from China that have struck United States computers, and certainly less sophisticated than the American and Israeli cyberattack on Iran’s nuclear facilities. But it was far more complex than a “denial of service” attack that simply overwhelms a computer system with a flood of data.

The malware is called “DarkSeoul” in the computer world and was first identified about a year ago. It is intended to evade some of South Korea’s most popular antivirus products and to render computers unusable. In Wednesday’s strikes, the attackers made no effort to disguise the malware, leading some to question whether it came from a state sponsor — which tend to be more stealthy — or whether officials or hackers in North Korea were sending a specific, clear message: that they can reach into Seoul’s economic heart without blowing up South Korean warships or shelling South Korean islands.

North Korea was accused of using both those techniques in attacks over the past three years.

The cyberattacks Wednesday come just days after North Korea blamed South Korea and the United States for attacks on some of its Web sites. The North’s official Korean Central News Agency said last week that North Korea “will never remain a passive onlooker to the enemies’ cyberattacks that have reached a very grave phase as part of their moves to stifle it.”

The South Korean government cautioned that it was still too early to point the finger for Wednesday’s problems at the North, which has been threatening “pre-emptive nuclear attacks” and other, unspecified actions against its southern neighbor for conducting the military exercises with the United States this month and for supporting new American-led United Nations sanctions against the North.

“We cannot rule out the possibility of North Korean involvement, but we don’t want to jump to a conclusion,” said Kim Min-seok, a spokesman for the Defense Ministry.

The military raised its alert against cyberattacks, he added, and the Korea Communications Commission asked government agencies and businesses to triple the number of monitors for possible hacking attacks. South Korea’s new president, Park Geun-hye, instructed a civilian-government task force to investigate the disruptions.

Nicole Perlroth contributed reporting from San Francisco, and David E. Sanger from Washington.

Article source: http://www.nytimes.com/2013/03/21/world/asia/south-korea-computer-network-crashes.html?partner=rss&emc=rss

Filed Under: Global Business Tagged With: , ,

Security Firm Says It Found Global Cyberspying

August 3, 2011 by Leave a Comment

The company, McAfee, said it had alerted the 72 targets it identified and also informed law enforcement agencies, which it said were investigating. The 14-page report calls the attacks highly sophisticated and says they appear to have been operated by a government body, which it declined to name.

“We’re not pointing fingers at anyone but we believe it was a nation-state,” Dmitri Alperovitch, McAfee’s vice president of threat research and the lead author of the report, said in a telephone interview on Wednesday. China has repeatedly been the focus of suspicion in such cases.

The report comes after high-profile cyberattacks aimed at the International Monetary Fund, Sony and the Lockheed Martin Corporation, America’s largest military contractor.

McAfee, which was recently acquired by Intel, said it released the report to coincide with the start of the annual Black Hat technical security conference in Las Vegas. Briefings at the conference are scheduled to be delivered Wednesday and Thursday. Details of the study were first published on the Web site of Vanity Fair.

Although in recent months there have been an alarming number of reports about computer spying, many offer few details, citing concern for the targets’ privacy. The 14-page McAfee report, for instance, offers little detail about the cases, what kinds of documents were stolen or what kind of evidence was found to determine the perpetrator was a government body.

Among the few targets the report mentions by name is the International Olympic Committee. However, Mark Adams, a spokesman for the committee, said early Wednesday: “We are unaware of the alleged attempt to compromise our information security claimed by McAfee. If true, such allegations would of course be disturbing.”

Spokesmen for the United Nations and another named target, the World Anti-Doping Agency, could not immediately be reached for comment. The report said that 49 targets were in the United States and that governments, companies, and organizations in Canada, Japan, South Korea, Taiwan, Switzerland and Britain were also targets multiple times.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” Mr. Alperovitch wrote.

McAfee said it learned of the hacking campaign last March, when it discovered logs of attacks while reviewing the contents of a server it had discovered in 2009 as part of an investigation into security breaches at defense companies.

It dubbed the attacks Operation Shady RAT — RAT stands for remote access tool, a type of software used to access computer networks.

The company dated the earliest breaches to mid-2006, though it said other intrusions might have gone undetected. The duration of the attacks ranged from a month to what McAfee said was a sustained 28-month attack against an Olympic committee of an unidentified Asian nation.

What was done with the data “is still largely an open question,” Mr. Alperovitch wrote in the report. “However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.”

Asked why McAfee decided not to identify most of the corporations that were targets in Operation Shady Rat, the company said on Wednesday that most corporations were worried about being identified and alarming shareholders or customers.

Cyber security is now a major international concern, with hackers gaining access sensitive corporate and military secrets, including intellectual property.

In some attacks, the culprits are believed to be professional hackers engaged in disrupting an organization’s operations for the sheer pleasure of it, or seeking revenge.

In mid-May, the Obama administration proposed creating international computer security standards with penalties for countries and organizations that fell short. The strategy calls for officials from the State Department, the Pentagon, the Justice Department, the Commerce Department and the Department of Homeland Security to work with their counterparts around the world to come up with standards aimed at preventing theft of private information and ensuring Internet freedom.

David Barboza reported from Shanghai, and Kevin Drew from Hong Kong.

Article source: http://feeds.nytimes.com/click.phdo?i=1f0c90cc1c09fbe3cdc35ae3f8803592

Filed Under: Business News Tagged With: , ,