Support the IEET




The IEET is a 501(c)3 non-profit, tax-exempt organization registered in the State of Connecticut in the United States. Please give as you are able, and help support our work for a brighter future.



Search the IEET
Subscribe and Contribute to:


Technoprogressive? BioConservative? Huh?
Quick overview of biopolitical points of view




whats new at ieet

Siegel @ Science and Non-Duality

12 Technologies We Need To Stop Stalling On And Develop Now

iSchools: Contemporary Information Technology Theory Studies

SETI Institute: Risky tales: Talking with Seth Shostak at Big Picture Science

Review The Future: What is the Future of Education?

Neuroscience Symposium: Genetics in psychiatry


ieet books

Virtually Human: The Promise—-and the Peril—-of Digital Immortality
Author
Martine Rothblatt


comments

rms on 'Smut in Jesusland: Why Bible Belt States are the Biggest Consumers of Online Porn' (Oct 21, 2014)

instamatic on 'Smut in Jesusland: Why Bible Belt States are the Biggest Consumers of Online Porn' (Oct 21, 2014)

rms on 'Science Fiction and our Dreams of the Future' (Oct 20, 2014)

rms on 'Sousveillance and Surveillance: What kind of future do we want?' (Oct 20, 2014)

dobermanmac on 'Transhumanism and the Will to Power' (Oct 20, 2014)

instamatic on 'Why Is There Something Rather Than Nothing?' (Oct 18, 2014)

CygnusX1 on 'Why Is There Something Rather Than Nothing?' (Oct 18, 2014)







Subscribe to IEET News Lists

Daily News Feed

Longevity Dividend List

Catastrophic Risks List

Biopolitics of Popular Culture List

Technoprogressive List

Trans-Spirit List



JET

Enframing the Flesh: Heidegger, Transhumanism, and the Body as “Standing Reserve”

Moral Enhancement and Political Realism

Intelligent Technologies and Lost Life

Hottest Articles of the Last Month


Google’s Cold Betrayal of the Internet
Oct 10, 2014
(7446) Hits
(2) Comments

Dawkins and the “We are going to die” -Argument
Sep 25, 2014
(5600) Hits
(21) Comments

Should we abolish work?
Oct 3, 2014
(5096) Hits
(1) Comments

Will we uplift other species to sapience?
Sep 25, 2014
(4551) Hits
(0) Comments



IEET > Security > Cyber > Contributors > Steve Burgess

Print Email permalink (0) Comments (5454) Hits •  subscribe Share on facebook Stumble This submit to reddit submit to digg


Regional Cyberwar: North Korea vs South Korea


Steve Burgess
By Steve Burgess
CyberWar Blog

Posted: Jan 26, 2012

To many modern readers, the issue between the Koreas is distant and a bit unreal. We see the now-deceased comical madman leader and his hapless current heir. This author’s father, on the other hand, lost a favorite younger brother to a Korean landmine in the 1950’s, making the ongoing conflict tangible. While conventional weapons are in use between these two halves of a nation, still technically at war with itself, the cyber background is still full of landmines as is the very real DMZ on the 38th parallel.

North Korea is thought to have targeted cyberattacks against the United States and South Korea since at least 2009, including successful attacks against Korean sites and the public websites of the Federal Trade Commission, Department of the Treasury and (somewhat ineffectively) against the White House.

While the US military has created a beefy military cyberforce in United States Cyber Command (USCYBERCOM), to answer such aggression, South Korea appears to be starting its cyberdefense less assertively. Korea University has teamed up with the South Korean military to create a cyber-defense course of study in its Center for Information Security Technologies (CIST) intending to graduate 30 students per year after a 4-year curriculum. Seems like a timid response to threats from the North. While it’s anyone’s guess what changes North Korea’s new leader, Kim Jong Un, will make in the makeup of military efforts for that country, conventional wisdom suggests that the military will stay largely in control of its own moves. Kim Il Political University, formerly Mirim College, is purported to graduate some 100 trained hackers per year and has hacking units in its Reconnaisance Bureau containing 1,000-3,000 cybertroops ready to be led by the new grads.

The massive DDoS (distributed denial of service) attacks against South Korea in July 2011 were some of North Korea’s opening salvos - crude, but effective in shutting down some 40 websites in the South. 30 million customers of Nonghyup Agricultural Bank lost access to their accounts and much data was purported to have been lost permanently. The attack was considered to be the first attack on a financial institution by a state actor.

But was it crude, really? DDoS tends to be more sledgehammer than surgical incision. Preparation for the attack included establishing a broad-based botnet of compromised computers, through the distribution of Trojan horses or other malware to prepare an army of slaved computers listening for orders. Typically then, these millions of slaved computers receive an order to communicate with the victim server. The millions of requests overwhelm the target server or its incoming bandwidth and it is unable to respond to normal, legitimate requests, and may shut down.

The Korean DDoS attacks may have been crude in nature but McAfee Labs researchers say that there were sophisticated attributes in the operation. The malware infecting the botnetted computers was designed to operate for ten days, and then to crash the infected computer such that a full rebuild was likely to be necessary. Such a rebuild would overwrite the operating system, applications and user data making forensic backtracking difficult. Most modern malware preserves the host for future use in the botnet. The Korean attack’s malware used a variety of differing and difficult encryptions, further foiling analysis. The attack also used a multitier architecture to make the network more resilient to takedown. These characteristics point to the project being a more sophisticated learning exercise than the fact of the attacks being basic DDoS would suggest. There may have be ulterior motives hidden behind the apparent primitive facade - probing the defense, seeing what barriers pop up in response.

Kim Jong Il died December 17, 2011 - about a month before the writing of this article. Cyber attacks attributed to North Korea had been increasingly reported from 2009 until mid-2011. But, now what? A review of news on the subject for the past six months typically shows articles referencing only the mid-2011 attacks and earlier. Why the hiatus?

Perhaps there has been disruption in the program due to the changing of the “Dear Leader” guard. Perhaps projects have been put on hold until the new tyrant settles in. Kim Jong Un has had educational opportunities in the West and therefore much easier access to computers and the Internet than his fellow countrymen. Some believe he would be more likley to use cyberwarfare rather than, or in addition to, conventional saber-rattling and warfare. Or perhaps the new leader is not in charge and policy direction needs to settle out. Perhaps analysis of results from the July attacks is still being carried out in North Korea, with preparation for a new set.

South Korea has one of the world’s most integrated and developed telecommunications networks and as a result may be particularly susceptible to cyberattack. It is no doubt also quite susceptible to EMP. The North’s national communications infrastructure is purportedly not very advanced or high-tech. The Internet is inaccessible to the masses, as are cell phones. North Korea is therefore relatively impervious to the kinds of attacks - such as an “accidental” EMP during a weapons “test” - that could cripple more advanced countries, especially ones as close as the South.

Our spy networks do not operate very well with respect to North Korea, “a virtual black hole for most intelligence agencies.”  The country has a very high level of secrecy and official paranoia. Not much leaks out. Therefore the question arises: is a massive, crippling cyberattack against South Korea’s tech infrastructure imminent. Or is this just buying to the paranoia endemic to the North? It’s anybody’s guess.


Steve Burgess is principal of Burgess Consulting & Forensics, a computer forensics and expert witness firm, and is host of the radio program, "Speaking of Technology: Conversations with Tech Experts and Innovators."
Print Email permalink (0) Comments (5455) Hits •  subscribe Share on facebook Stumble This submit to reddit submit to digg


COMMENTS


YOUR COMMENT (IEET's comment policy)

Login or Register to post a comment.

Next entry: The Growing Evidence for Octopus Intelligence

Previous entry: Demonstration for Radical Life Extension in Tel Aviv

HOME | ABOUT | FELLOWS | STAFF | EVENTS | SUPPORT  | CONTACT US
SECURING THE FUTURE | LONGER HEALTHIER LIFE | RIGHTS OF THE PERSON | ENVISIONING THE FUTURE
CYBORG BUDDHA PROJECT | AFRICAN FUTURES PROJECT | JOURNAL OF EVOLUTION AND TECHNOLOGY

RSSIEET Blog | email list | newsletter |
The IEET is a 501(c)3 non-profit, tax-exempt organization registered in the State of Connecticut in the United States.

Contact: Executive Director, Dr. James J. Hughes,
56 Daleville School Rd., Willington CT 06279 USA 
Email: director @ ieet.org     phone: 860-297-2376