North Korea Cyber Warfare: Hacking ‘Warriors’ Being Trained In Teams, Experts Say

North Korea Cyber Warfare: Hacking ‘Warriors’ Being Trained In Teams, Experts Say

Huffington Post
by Youkyung Lee
March 24, 2013

In this photo released by Korean Broadcasting System, KBS employees try to recover a computer server a day after a cyberattack caused computer networks at the company to crash, in Seoul, South Korea, Thursday, March 21, 2013. (AP Photo/KBS)
In this photo released by Korean Broadcasting System, KBS employees try to recover a computer server a day after a cyberattack caused computer networks at the company to crash, in Seoul, South Korea, Thursday, March 21, 2013. (AP Photo/KBS)


SEOUL, South Korea —

Investigators have yet to pinpoint the culprit behind a synchronized cyberattack in South Korea last week. But in Seoul, the focus is fixed on North Korea, which South Korean security experts say has been training a team of computer-savvy “cyber warriors” as cyberspace becomes a fertile battleground in the nations’ rivalry.

Malware shut down 32,000 computers and servers at three major South Korean TV networks and three banks last Wednesday, disrupting communications and banking businesses. The investigation into who planted the malware could take weeks or even months.

South Korean investigators have produced no proof yet that North Korea was behind the cyberattack. Some of the malware was traced to a Seoul computer. Without elaborating, police said Monday that some of the malicious code also came from the United States and three European countries, South Korea’s Yonhap news agency reported. But South Korea has pointed the finger at Pyongyang in six cyberattacks since 2009, even creating a cybersecurity command center in Seoul to protect the Internet-dependent country from hackers from the North.

It may seem unlikely that impoverished North Korea, with one of the most restrictive Internet policies in the world, would have the ability to threaten affluent South Korea, a country considered a global leader in telecommunications. The average yearly income in North Korea was just $1,190 per person in 2011 – just a fraction of the average yearly income of $22,200 for South Koreans that same year, according to the Bank of Korea in Seoul.

But for several years, North Korea has poured money into science and technology. In December, scientists succeeded in launching a satellite into space aboard a long-range rocket from its own soil. And in February, North Korea conducted its third nuclear test.

“IT” has become a buzzword in North Korea, which has developed its own operating system called Red Star. The regime also encouraged a passion for gadgets among its elite, introducing a Chinese-made tablet computer for the North Korean market. Teams of developers came up with software for everything from composing music to learning how to cook.

But South Korea and the U.S. believe North Korea also has thousands of hackers trained by the state to carry its warfare into cyberspace, and that their cyber offensive skills are as good as or better than their counterparts in China and South Korea.

“The newest addition to the North Korean asymmetric arsenal is a growing cyber warfare capability,” James Thurman, commander of the U.S. forces in South Korea, told U.S. legislators in March 2012. “North Korea employs sophisticated computer hackers trained to launch cyber-infiltration and cyber-attacks” against South Korea and the U.S.

In 2010, Won Sei-hoon, then chief of South Korea’s National Intelligence Service, put the number of professional hackers in North Korea’s cyber warfare unit at 1,000.

North Korean students are recruited to the nation’s top science schools to become “cyber warriors,” said Kim Heung-kwang, who said he trained future hackers at a university in the industrial North Korean city of Hamhung for two decades before defecting in 2003. He said future hackers also are sent to study abroad in China and Russia.

In 2009, then-leader Kim Jong Il ordered Pyongyang’s “cyber command” expanded to 3,000 hackers, he said, citing a North Korean government document that he said he obtained that year. The veracity of the document could not be independently confirmed.

Kim Heung-kwang, who has lived in Seoul since 2004, speculated that more have been recruited since then, and said some are based in China to infiltrate networks abroad.

What is clear is that “North Korea has a capacity to send malware to personal computers, servers or networks and to launch DDOS-type attacks,” he said. “Their targets are the United States and South Korea.”

Expanding its warfare into cyberspace by developing malicious computer codes is cheaper and faster for North Korea than building nuclear devices or other weapons of mass destructions. The online world allows for anonymity because it is easy to fabricate IP addresses and destroy the evidence leading back to the hackers, according to C. Matthew Curtin, founder of Interhack Corp.

Thurman said cyberattacks are “ideal” for North Korea because they can take place relatively anonymously. He said cyberattacks have been waged against military, governmental, educational and commercial institutions.

North Korean officials have not acknowledged allegations that computer experts are trained as hackers and have denied many of the cyberattack accusations. Pyongyang has not commented on the most recent widespread attack in South Korea.

In June 2012, a seven-month investigation into a hacking incident that disabled news production system at the South Korean newspaper JoongAng Ilbo led to North Korea’s government telecommunications center, South Korean officials said.

In South Korea, the economy, commerce and every aspect of daily life is deeply dependent on the Internet, making it ripe grounds for a disruptive cyberattack.

North Korea, in contrast, is just now getting online. Businesses are starting to use online banking services, and debit cards have grown in popularity. But only a sliver of the population has access to the global Internet, meaning an Internet outage two weeks ago – which Pyongyang blamed on hackers from Seoul and Washington – had little bearing on most North Koreans.

“North Korea has nothing to lose in a cyber battle,” said Kim Seeongjoo, a professor at Seoul-based Korea University’s Department of Cyber Defense. “Even if North Korea turns out to be the attacker behind the broadcasters’ hacking, there is no target for South Korean retaliation.”
Associated Press writer Jean H. Lee contributed to this story with reporting from Pyongyang, North Korea; Hyung-jin Kim in Seoul also contributed to this report.
Direct Link:

Draft bill would make CFAA even worse

Draft bill would make CFAA even worse

The dangerously broad cybercrimes legislation needs changing, but in the opposite direction to new House proposals

by Natasha Lennard
March 25, 2013


Aaron Swartz (Credit: Wikipedia)
Aaron Swartz (Credit: Wikipedia)


In recent months, especially in light of Aaron Swartz’s suicide and Andrew ‘Weev’ Aurnheimer’s prison sentencing, calls for reform to or disposal of the Computer Fraud and Abuses Act (CFAA) have amplified to a fever pitch. If a draft cybersecurity bill from the House Judiciary Committee is anything to go by, however, these cries for change have fallen on deaf ears.

As noted here, following Swartz’s death, Rep. Zoe Lofgren proposed legislation, “Aaron’s law,” which aims to stop the government bringing disproportionate charges in cases like Swartz’s. The draft cybersecurity bill circulating on Capitol Hill since last weekend, unlike Lofgren’s, appears to expand the CFAA, not limit it. TechDirt called the proposed bill “so bad that it almost feels like the Judiciary Committee is doing it on purpose as a dig at online activists who have fought back against things like SOPA, CISPA and the CFAA.”

TechDirt highlights one of the most perturbing suggested amendments includes changing the law such that “conspiring” to commit what might be crimes under the CFAA would amount to actually committing the actual acts:

Section 103 of the proposed bill makes a bunch of “changes” to the CFAA, almost all of which expand the CFAA, rather than limit it. For example, they make a small change to subsection (b) in 18 USC 1030(the CFAA) such that it will now read:

Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section.

All they did was add the “for the completed offense,” to that sentence. That may seem like a minor change at first, but it would now mean that they can claim that anyone who talked about doing something (“conspires to commit”) that violates the CFAA shall now be punished the same as if they had “completed” the offense. And, considering just how broad the CFAA is, think about how ridiculous that might become.

TechDirt also notes that the proposed bill ratchets up the penalties one can receive for CFAA infractions and makes it easier for the government to seize goods.

The amended legislation would, however, adjust what it means to break the law by “exceeding authorized access” to a computer — this is a small step in the right direction. Via TechDirt:

Under the old CFAA, “accessing a computer without authorization” and “exceeding authorized access” were lumped together as a a form of breaking the law. The new bill keeps the basic terms of accessing a computer without authorization the same and just ever so slightly trims back the “crime” of exceeding authorized access… While it’s good to see them ever so slightly roll back the issue of “exceeding authorized access,” it still seems broad enough that all sorts of activities that shouldn’t be seen as criminal would easily get lumped in here by aggressive prosecutors.

Demand Progress, an advocacy group founded by Aaron Swartz, was swift to condemn the content of the draft bill. “This proposal is a giant leap in the wrong direction and demonstrates a disturbing lack of understanding about computers, the internet and the modern economy.  Already the outdated Consumer Fraud and Abuse Act is used by overzealous lawyers to prosecute routine computer activity. If enacted this proposal could end computer security research in the United States and drive innovation and creativity overseas,” said executive director David Segal.

Direct Link:

MI5 and industry join forces to fight cybercrime

MI5 and industry join forces to fight cybercrime

Fusion cell to be set up at secret location in London to analyse online threats to the UK

The Guardian / UK
March 27, 2013


Intelligence agencies will work alongside the private sector to combat cybercrime. Photograph: Martin Rogers / Workbook Stock
Intelligence agencies will work alongside the private sector to combat cybercrime. Photograph: Martin Rogers / Workbook Stock

Cyber-security experts from industry are to operate alongside the intelligence agencies for the first time in an attempt to combat the growing online threat to British firms.

The government is creating a so-called fusion cell where analysts from MI5 and GCHQ, the domestic eavesdropping agency, will work with private sector counterparts.

The cell is part of the Cyber Security Information Sharing Partnership (Cisp), launched on Wednesday, to provide industry with a forum to share details of techniques used by hackers as well as methods of countering them.

At any one time there will be about 12 to 15 analysts working at the cell, based at an undisclosed location in London.

“What the fusion cell will be doing is pulling together a single, richer intelligence picture of what is going on in cyberspace and the threats attacking the UK,” a senior official said.

“What we are trying to do is get that better intelligence picture and push it out to industry in a way that they can take action on, so it is very action-orientated.”

Although the industry representatives will not have direct access to classified intelligence material, they will face security vetting.

The Cisp initiative grew out of talks in 2011 between industry and David Cameron. It led to a pilot project last year involving 80 leading companies, codenamed Programme Auburn. It will be expanded to cover 160 firms from the finance, defence, energy, telecoms and pharmaceutical sectors.

With companies reluctant to discuss cyber-attacks or breaches of security in public, officials acknowledge that confidentiality is crucial, so companies involved will not be named.

“Everything about information-sharing has to be based on trust,” another official said. “Most companies still remain cautious about talking about the cyber threats they face in public.”

The firms will have access to a secure web portal, described as a “Facebook for cyber-security threats”, run on social network lines, where they can choose who they share information with.

It is expected that other firms will be invited to join as the scheme develops, although officials stressed that future expansion would be at a pace consistent with maintaining trust and confidentiality.

Launching the scheme, the Cabinet Office minister, Francis Maude, said the government was determined to make Britain one of the safest places to do business in cyberspace.

“We know that cyber-attacks are happening on an industrial scale and businesses are by far the biggest victims of cybercrime in terms of industrial espionage and intellectual property theft, with losses to the UK economy running into billions of pounds annually,” he said.

“This innovative partnership is breaking new ground through a truly collaborative partnership for sharing information on threats and to protect UK interests in cyberspace.”

Direct Link:


Anti-cyber threat centre launched

Anti-cyber threat centre launched

BBC News / UK

By Gordon Corera
Security correspondent, BBC News
March 26, 2013

Cyber attack can cost companies profits and value
Cyber attack can cost companies profits and value

A new initiative to share information on cyber threats between businesses and government is to be launched.

It will include experts from government communications body GCHQ, MI5, police and business and aims to better co-ordinate responses to the threats.

There will be a secure web-portal to allow access to shared information in real time, like a “secure Facebook”.

UK networks are attacked by other states, criminals and companies seeking secrets, costing billions of pounds.

In 2012, the head of MI5 Jonathan Evans said the scale of attacks was “astonishing”.

One major London listed company had incurred revenue losses of £800m as a result of cyber attack from a hostile state because of commercial disadvantage in contractual negotiations.

One government official told the BBC: “No one has full visibility on cyberspace threats. We see volumes of attack increase and we expect it to continue to rise.”

The plan – the Cyber Security Information Sharing Partnership (CISP) – has emerged out of a 2012 pilot scheme known as Project Auburn.

Eighty companies from five sectors of the economy – finance, defence, energy, telecommunications and pharmaceuticals – were encouraged to share information.

The pilot was expanded to 160 firms. A more permanent structure is being announced on Wednesday.

The kind of information shared includes technical details of an attack, methods used in planning it and how to mitigate and deal with one.

At a new London base, large screens will monitor attacks and provide details in real-time of who is being targeted.

A group of 12-15 analysts with security clearance will work mainly during office hours.

Companies previously have been nervous of revealing publicly when they have been attacked because of the potential impact on reputation and share price if they are seen as having lost valuable intellectual property or other information.

It is hoped further firms will join the initial 160.

Cabinet Office minister Francis Maude said: “We know cyber attacks are happening on an industrial scale and businesses are by far the biggest victims in terms of industrial espionage and intellectual property theft, with losses to the UK economy running into the billions of pounds annually.

“This innovative partnership is breaking new ground through a truly collaborative partnership for sharing information on threats and to protect UK interests in cyberspace.”

Government officials say they continue to be uncomfortable with an EU draft directive which would force companies to disclose when they have been attacked.

They hope a voluntary partnership will provide a more workable solution.
Direct Link:

Anybody Remember Sexting & Jessica Logan Suicide?

Anybody Remember the Jessica Logan Suicide?

Jessica Logan Suicide: Parents Of Dead Teen Sue School, Friends Over Sexting Harassment

Huffington Post
March 18, 2010

Jessica Logan Committed Suicide after Ex-Boyfriend posted her nude pics.
Jessica Logan Committed Suicide after Ex-Boyfriend posted her nude pics.


The parents of Jessica Logan, a teen who committed suicide a month after graduating from high-school, are suing their daughter’s ex-boyfriend, who circulated among his friends a nude photo of Jessica that she had “sexted” (sent via text message) to him while they were dating.

Jessica’s parents are also suing the school she attended, Sycamore High, for negligence, as well as several of the teens to whom Jessica’s boyfriend showed the picture, for “severe” emotional harassment.


The suit was filed in Ohio by Cynthia and Albert Logan who say that the students’ “degrading sexual insults” caused their 18-year-old daughter Jessica, their only child, severe emotional distress, which led her to kill herself in July 2008, a month after graduating from high school.

The complaint filed by the teen’s parents names the city, school district, ex-boyfriend, and the friends to whom he purportedly sent the picture. The couple are seeking punitive damages for discrimination, civil rights violations, the invasion of privacy, and emotional distress, reports the Courthouse News Service.

The Courthouse News Service explains,

According to the federal complaint, the late Jessica Logan sent a nude picture of herself, from her neck down, to her boyfriend, defendant Ryan Salyers. After they broke up, he “proceeded to disseminate the photo of Jessica to a large number of other students at Sycamore High School and Loveland High School,” according to the complaint.

Jessica Logan’s parents and friends, interviewed here about the girl’s sexting-related suicide here, report that the troubled teen suffered harassment both in school and out after her “sexted” photo was distributed among her peers.

Logan tried to get help from guidance counselors at her high school, Sycamore High, as well as local police, but was unable to stop the name calling, teasing, and harassment.


Jessica Logan’s mother, Cynthia, told WLWT news about her daughter’s plight:

She was called filthy names, things thrown at her […] Every single place she went they knew about that picture, they saw the picture. They knew about the picture! It’s abuse. She was abused.

Jessica’s friends and mother report that she would skip school or hide in the bathroom at school in an attempt to avoid the her peers, who reportedly called her a “slut,” “whore” and “skank.”

After attending the funeral for a friend who had committed suicide in July 2008, Jessica Logan came home and killed herself by hanging herself in her room.

Her mother told WLWT in an interview that when she found her daughter’s body, “her cell phone was in the middle of the floor.”

A recently released study found that over one quarter of teens had engaged in “sexting” (“sharing sexually explicit photos, videos and chat by cell phone or online”), and that a third of young adults had engaged in the practice.

It doesn’t stop there — The AP notes, “Seventeen percent of people who received naked pictures said they passed them along to someone else, often to more than just one person.”

Watch MSNBC’s coverage of the Jessica Logan story, which includes clips of an interview Jessica did two months before committing suicide, in the video below.

A full copy of the Logan’s federal complain is available from Courthouse News Service here.

Visit for breaking news, world news, and news about the economy


Direct Link: