- Global Voices - https://globalvoices.org -

Korea: Is North Korea Behind Every Unsolved Cyber Attack?

Categories: East Asia, North Korea, South Korea, Digital Activism, Media & Journalism, Politics, Protest, Technology, War & Conflict

A slew of reports on North Korea's cyber attack capability recently came out in South Korea, and even Fox News this week.

In the first week of May, one South Korean bank was shut down for several days due to a cyber assault and the South Korean government concluded that North Korea was behind the attack. But South Korean citizens, IT experts and even mainstream media outlets have doubted the government's version of the story and stressed that it lacks evidence.

Some net users went a little further, suggesting that the authorities’ real intention is to exaggerate North Korea's cyber warfare power. South Korean Tweeters have made sarcastic jokes about the government's poor analysis and its knee-jerk reaction of blaming North Korea for every unsolved case.

The cynical jokes trending widely in the South Korean Twittersphere comprise two parts: you list all the problems and then, no matter what the problem is, you blame North Korea. On South Korea's biggest public forum, Daum Agora‘s net user ID: KsG, mocking this situation, wrote [1] [ko] as if he had the North Korea paranoia:

[…]우리 아버지 어제 감기 걸리셨는데, 북한 놈들이 감기 바이러스 퍼트려서 걸리셨다. 우리 어머니 어제 오래 주무셨는데, 북한 놈들이 수돗물에 수면제를 탄 게 틀림없다. 어제 우리집 TV 잠깐 안 나왔는데 북한 놈들이 방해 전파 보낸게 틀림 없다. 다 진짜 모조리다 북한 탓이다.

[…] My dad caught cold yesterday – because North Korean thugs have spread a cold virus. My mom slept quite a long time yesterday – those North Korean thugs must have injected sleeping pills into our drinking water. My television went out for moments yesterday – North Korean thugs must have jammed the signal. Everything is the North Korean's fault.

Jo Hyo-jin (@JJOHYO [2]), a student who is studying another year to enter university, tweeted [3][ko]:

은행 마비도 북한 탓 ,단수도 북한 탓, 군사정변도 북한 탓, 내 배방귀도 북한 탓, 나 배고픈것도 북한 탓, 내가 재수하는 것도 북한탓…

The bank shutdown was North Korea's fault. The water shut-off was also the North's fault. The chaos caused during the military regime was also the North's fault. My gassy belly and its grumbling sound are also the North's fault. Me feeling hungry and me studying one more year for university are the North's fault.

Jung Hae-seung (@haesjung [4]), a office worker tweeted [5] [ko]:

와우~ 커피 금단증상이 좀 있네요. 이게 다 북한 탓…

Woo. Caffeine withdrawal has started kicking in. This is all North Korea's fault.

Another Twitter user, J. Kim (@jkim0124 [6]) tweeted [7] [ko]:

2월쯤부터 해서 한 10키로쯤 빼려고 했는데, 5주만에 5키로를 빼고, 그 후로 그냥 유지만 되고 있습니다. 이게 다 북한 탓입니다.

Starting this February, I planned to lose about 10 kilograms (22lbs). But I have only lost 5 kilograms in five weeks and have just been maintaining my weight ever since. This is all North Korea's fault.

To other's complaints about their relationships, Si-Gyeong (@Samituy [8]) tweeted [9] [ko]:

북한탓이야 이건 RT @caissis [10]: 이사실들은 외계인의음모일꺼야ㅠㅠ RT @choitopholic [11] 나는왜남친이안생길까ㅜRT”@caissis [10]: 저는왜여친이안생길까요ㅠㅠ

This is North Korea's fault. @caissis: Why am I not able to get a girl friend? @choitopholic [11] Why am I not able to get a boy friend? @caissis [10]: This is the alien's conspiracy.

A software developer, Kim Yoon-bong (@y8k [12]) tweeted [13] [ko]:

트윗 상태 안좋은 것도 북한 탓인가… 표식을 찾아봐야겠네

Twitter is not working fine now. It is North Korea's fault. I should start looking for a sign.

Game programmer Kim Hyung-gyu (@cloudree [14]) tweeted [15][ko]:

농협 해킹 북한 탓만 할뿐, 하도급 개선이나 IT 처우개선, 보안 강화 같은 정부 시책은 없다[…]

Rather than taking real measures such as improving the subcontracting system, providing better treatment for IT workers and strengthening security, the only action the government took is to blame North Korea for hacking the Nonghyup. […]

Fox News reported [16] on May 17 that the North Korean military has about 30,000 electronic warfare specialists with capabilities rivaling those of the United States Central Intelligence Agency, quoting defectors and exports.

The latest cyber attack on April 12 had hobbled the banking system of the Nonghyup [17] (its rarely-used full name is National Agricultural Cooperative Federation) for several weeks. This prompted a nationwide investigation. On May 2, the South Korea Prosecutor’s Office concluded that North Korea is to blame for the cyber attack. North Korea is strongly suspected of carrying out the 2009 and 2008 Denial-of-Service (DDoS) attacks [18].

Image of Nonghyup Bank. Image by Author. [19]

Image of Nonghyup Bank. Image by Author.

The Prosecutors’ Office reported in a press briefing on May 2 that hackers turned an IBM employee’s laptop into a “zombie PC” last September and have been controlling it since with full access to the Nonghyup Internet banking service. (Nonghyup outsourced Internet security to IBM).

To support their theory, they pointed out the similarities between this Nonghyup case with the previous attacks, which are believed to have been carried out by North Korea; how mal codes were distributed and the Internet Protocol (IP) of a server used to control the zombie PC were identical.

About a week later, on May 11, North Korea denounced the South Korean Prosecutor's Office's claim as a “fabrication like the Cheonan incident [20]“. Not because they agreed with North Korean's version of the story, but because of a series of inexplicable questions, South Koreans citizens have raised suspicions of the authorities’ explanation.

The programmers and web developers pointed out that the IP addresses could be manipulated easily and that the malicious software and code planted on this case's zombie PC are commonly used among hackers and not exclusively by North Korea. They also questioned the IBM security expert who went on using his infected laptop for several months without noticing the difference.

South Korea’s progressive news outlet, Presssian consolidated [21] [ko] several major media’s responses. According to the report, the DongA, one major conservative media organisation who usually sides with the government, pointed out the ineffectiveness of the IP address in identifying the hacker. It commented that since it is not yet 100 percent proven that the last DDos attack was carried out by North Korea, jumping to that conclusion would be making “an assumption based on an assumption”.

The Hankook wrote its subtitle as “what kind of hacker uses his own IP address?” and explained that the number of IP addresses is so limited in the North that they borrow internet networks from China. The ZD Net Korea, an online-based media outlet specializing in IT, argued that the attack patterns of the last DDoS attack are different from the one detected in the Nonghyup attack, which worked in a more interactive way.

The conservative side finds this trend of what they call ‘underestimating the national enemy’ very disturbing. South and North Korea remain technically at war and the high chances of military provocation such as last November's YeonPyeong attack cannot be ignored. There is even a possibility of war, though the odds of an all-out war are extremely low.

Conservative Agora net user ID:이순신장군의후예 (Descendant of General Lee Sun-shin) questioned [22] [ko] other net users about why it is so hard to believe that North Korea, our enemy, has done it:

현대 캐피탈과는 다른 금전적 협박이 없다.(일반 해킹의 경우 그 목적이 100% 금전적인 이유이다.)  일부 아고리언의 북한 사이버전 수행능력에 대한 폄하는 다르게 북한은 이미 오래전부터 수만명의 해커 등을 조직적으로 양성하여 현재 수천명 이상의 정예 사이버 병사들을 두고 있다는 점. […] 대한민국 국민이라면 누가봐도 혐의자 1순위인 북한을 두고 굳이 이를 부정하고자 하는 의도는 과연 무엇일까?

Unlike the cyber attack on Hyundai Capital, there was no financial blackmailing involved. (The motive of an ordinary hacking is 100 percent based on financial benefits). Some Agorians (referring to Agora net users) are underestimating North Korea's cyber warfare potential, but the North, from a long time ago, have systematically nurtured tens of thousands of hackers. Nowadays, their cyber soldiers number several thousand. […] Any (reasonable) South Koreans would not remove North Korea from the (cyber terror) suspect list since they are, after all, the most likley perpetrator of this attack. Why do some people try so hard to deny this aspect?

Other net users wrote [23] [ko] that they were offended by the North's response of comparing it with the Cheonan incident. Many net users warned that the government's rush to the conclusion that the North Korea is behind every unsolved case could backfire and undermine people's awareness.

A blogger whose first name is Wook compared [24] [ko] the government's quick reaction and cursory analysis with the Shepherd boy's lies in the Aesop's fable:

[…]요즘 정부와 한나라당은 무슨 양치기 소년도 아니고, 무슨 골치아픈 사건 터지면 죄다 “북한 소행”라고 하는 듯한 느낌입니다. 분명 천안함이나 연평도 포격 사건처럼 북한의 비열한 테러 행위에 대해서는 명백하게 규탄해야 합니다. 그런데 무슨 장난하는 것도 아니고 국민을 바보취급하는 것도 아니고 걸핏하면 이런 식으로 외치면 오히려 국민들에게 내성만 줄 뿐인 것을 정말 정부는 모르는 것인지 모르겠습니다.

The current administration and the ruling Grand National Party are acting like the shepherd boy (from the Shepherd boy and the wolf story) and blaming North Korea for every baffling cold case. It is absolutely true that we must protect our nation against the North's contemptible terror attacks such as the Cheonan and Yeongpyeong attacks. But if the government overuses this card in too many cases, as if they are messing with our heads or fooling its citizens, people will develop resistance to such warnings. Are they really aware of this consequence?

Beside these worries and cynicism, there is one humorous joke which compares marriage with the inter-Korean relations. During a talk show last week South Korean actor, Lee Sun-Gyun [25]pointed out [26] [ko] the three similarities between a married couple and the two Koreas.

First, they are a family. In bad times, even though they want to separate themselves from each other, they cannot. Second, they cannot communicate well with each other. In talk table, each speaks their own story without listening to others. Third, they share a De-Militarized Zone (DMZ) where military actions are forbidden. For a couple, the DMZ would be a kid.