South Korea Accuses North Korea of Cyberattacks on Newspaper, Transition Team
South Korean authorities are certain that Pyongyang is behind the attacks
South Korean officials are accusing North Korea of being behind the cyberattack against the website of the JoongAng Ilbo newspaper and the servers that handle the press rooms at the presidential transition team.Earlier this month, we learned that South Korea was busy training hackers to protect the country against cyberattacks. As it turns out, this is for a very good reason.
On Thursday, officials revealed that in case of the presidential transition team, only the press rooms were affected, but the extent of the damage caused by the attack was not determined, Yonhap News Agency reports.
On Wednesday, the National Police in Seoul stated that North Korea was behind the cyberattacks that targeted the JoongAng Ilbo newspaper in the summer of 2012. At the time, the newspaper’s site was defaced to display a picture of a cat and the message “Hacked by IsOne.”
Law enforcement representatives argued that the hacking methods and the IP addresses used in the attacks against the newspaper were “similar or identical” to the ones used by North Korea in previous attacks.
The Cyber Terror Response Center of the National Police Agency explained that their investigation was not easy because the newspaper’s entire system had been wiped out, the Korea JoongAng Daily informs.
However, after analyzing the firewall and the online security systems set in place at the newspaper, they’ve been able to identify the servers used by the attackers. Two of them have been found within the country, and 17 others have been found in 10 foreign countries.
“The crucial proof is that one of the servers was constantly connected to an IP address of the Joson Telecommunication Company, an affiliate of North Korea’s Posts and Telecommunications Ministry,” Jeong Seok-hwa, chief investigator of the Cyber Terror Response Center of the National Police Agency, explained.
Furthermore, Jeong stated that one of the servers they identified was also used in two other cases back in 2011: a 3-day distributed denial-of-service (DDOS) attack on 40 websites, and a cyberattack against the Nonghyup Bank.