TㅆThe Internet plays a very important role in our daily life. Have you ever imagined your future without a computer? On March 20, the network systems of major press offices and banks were destroyed. The damage was much bigger than that in the past because the victims of such 3/20 cyberattack were major domestic press offices and financial institutions. Hacking &DDoS (distributed denial of service) attacks have threatened South Korea several times, but the analyses of the causes of these problems were not sufficient to satisfy the South Koreans. Thus, the same types of cyberattacks keep occurring every year. ST analyzes various incidents related to network security, including the 3/20 cyberterror.
At the time of the 3/20 hacking incident, if you were connected to the LG Uplus computer network system, you could see this screen on the left. The enterprises including KBS, MBC, YTN, Shinhan Bank, and Nonghyup use the networks provided by LG Uplus. Furthermore, such a kind of terror can be wielded by “Whois,” a secret hacker group. The government officially concluded that the cyberattack was a hacking job from North Korea.
Results
The press, including KBS, MBC, and YTN, was unable to broadcast live programs. Also, all financial systems, such as the ATMs the counters, and the smart banking of Shinhan Bank and Nonghyup, experienced errors.
Route
The exact first penetration route into the organizations is not yet known. The six firms, however, might have been infected by the “Drive-by Download” malicious code or the “Trojan Horse” virus through the Web or e-mail. The vaccine update and PMS (program central distribution server) of Ahnlab and Hauri were abused by malicious code diffusion inside the six firms.
What is the Drive-by Download malicious code? It uses a Web browser’s software bug in a bad way, so this system code executes what an attacker wants to do while running malicious codes, causing conflicts between browsers, or reading the data from a system.
What is the Trojan Horse virus? It is an executable file that does not replicate itself. Just like the Trojan Horse, if executed, it can cause many problems, such as stealing the user’s information.
North Korea’s “Uriminjokggiri” and “Uriminjokgangdang,” propaganda sites aimed at the South were hacked by the international hacker group “Anonymous” on April 4. The homepages were paralyzed, and the inner account information was stolen. Moreover,Anonymous posted a picture on the main screens, describing Kim Jong-un as a pig. The main hacking agent has not yet been identified.
Domestic major computer network systems paralysis
The following are examples of the incidents of paralysis of major domestic and foreign computer network systems:
July 7, 2009
Cheongwadae, the National Assembly, Naver, the U.S. Treasury, and the Department of U.S. Homeland Security were attacked by DDoS.
March 4, 2011
The Websites of major institutions, including Cheongwadae, National Intelligence Service, Kookmin Bank, and Naver, were paralyzed by DDoS.
April 12, 2011
The notebook of a member of the staff of the Nonghyup network administration was infected by malicious codes. Via remote control, the attack command program was executed, causing difficulties in connecting to the Nonghyup computer network as well as Internet banking service interruption.
October 26, 2011
The National Election Commission Website was paralyzed for about two hours by a DDoS attack. The homepage of Park Won-soon, a candidate for Seoul City mayor at that time, was attacked and paralyzed two times.
June 9, 2012
The attacker, nicknamed IsOne, invaded the network system of JoongAng Ilbo. The homepage was transformed, and some of the data in the newspaper making system was deleted.
March 20, 2013
The computer network systems to which major media organizations such as KBS, MBC, and YTN and major financial institutions such as Shinhan Bank and Nonghyup are connected were simultaneously destroyed by a hacker group that brought malicious codes through the Trojan Horse virus.
Computer network system paralysis has become a major issue as the world has entered into the information age. The network paralysis incidents in South Korea also reflect the urgent need to strengthen South Korea’s vulnerable cybersecurity. The March 20 cyberterror is a direct attack against the public safety and happiness that the new government suggested. A cyberterror incident can cause as much damage as a war can because most of the information in our world is processed by computers. Cyberterror incidents may occur in the near future; thus, cybersecurity specialists need to react promptly and to restore the attacked systems to their initial state, identify the cause of such systems’ errors, and tighten the defense systems for computer networks. Furthermore, we all should develop a security-conscious mind.
