
S. Korean Banks Fall Victim to Biggest Cyber Attack in Two Years - anigbrowl
http://www.businessweek.com/news/2013-03-20/s-dot-korea-hit-by-cyber-attack-roiling-banks-to-broadcasters
======
kijin
Expect more of the same from South Korea in the weeks, months, and
(unfortunately) years to come. These massive attacks have been happening for
many years now, and nobody seems to have learned a thing.

The latest news here in Korea says that bank employees' PCs were infected
through a compromised third-party package management system. Only two years
ago, 35 million accounts at one of South Korea's most popular social
networking services was compromised through a similar route: the attackers
broke into the update servers of a popular antivirus software, which was used
on employees' PCs. Same story, only with different companies.

And of course, by "PC", I mean machines running Windows XP with the user
always logged in as administrator and IE's security setting somewhere between
Medium-Low and Low, because how else are you going to browse the ActiveX web?
The companies that provide package management systems and antivirus software
probably also use similar PCs, which is likely to be one of the reasons why
they got compromised in the first place.

Macs are getting popular nowadays among chic teenagers and college kids, but
on the other hand, a long-time member of an IT forum that I frequent recently
asked whether he should upgrade from IE6 to IE8 on his primary computer. We
might make the best Android phones in the world, but the rest of South Korea's
IT infrastructure is nothing but a series of facepalms.

And the first thing the leaders do is blame North Korea. Which they have been
doing every time something similar happened in the last 4-5 years. I don't
know whether it's actually NK or not, but as for improving the system, nope,
my brother's university still asks him to disable several of IE9's security
measures every time he logs in.

~~~
chao-
A year ago we looked into how feasible it would be to expand operations of our
company beyond the US. Because we have a Korean-born Korean as a core team
member, it was placed very high on the list of countries to explore. That spot
lasted about fifteen minutes. By law in South Korea, you have to use an
ActiveX plugin (and therefore IE) to process eCommerce transactions [1].

Looking it up just now to see what has changed in six months, I see that it's
not strictly true anymore. The official policy allows for other browsers, but
none of the steps necessary to allow those browsers have occurred.

[1] [http://gadgets.ndtv.com/internet/news/how-south-korea-
became...](http://gadgets.ndtv.com/internet/news/how-south-korea-became-slave-
to-microsoft-internet-explorer-223429)

~~~
kijin
Yep, the official policy now allows for other browsers, and even encourages
banks to implement web standards. But nobody is willing to implement the
software that is necessary to port the current public key infrastructure to
non-Windows, non-IE platforms, simply because there is not much money to be
made. Some of the large banks have come up with half-baked cross-platform
services to appeal to rich kids with Macs, but payment gateways have not
changed at all.

Only geeks use Chrome here, and I'm probably the only person in my town who
uses Firefox. Mobile, of course, is a very large market, but banks just write
their own Android & iOS apps and call it a day.

~~~
waps
Oh well, another country where it is a matter of (little) time until
visa/mastercard/16 digit number cards breaks through.

I don't understand these people's reasoning. Relentless innovation is how you
become and stay the best. Kicking down the competition, secure in your market
position is how you die. It may take a bitcoin, but sooner or later these
companies are doomed.

------
bobsy
Bit confused..

"A possible cyber attack temporarily shut down computer networks" ...
"Operations at the two banks were back to normal later in the afternoon and it
was still unclear what caused the disruptions"

So it might have been a cyber attack. It might not.

"President Park Geun Hye’s administration created a cyber crisis headquarters
to investigate whether North Korea is behind the outages"

I would have thought it would have been created to see if it actually was a
cyber attack before assigning blame.

In the UK banking systems have failed repeatedly in recent months. The first
thought isn't a cyber attack. The first thought is banks messed up.

I don't get why tensions would rise if currently they cannot even determine if
it is a cyber attack or not.

~~~
readme
Because this is exactly the scenario that plays out every time North Korea
"attacks" South Korea. No one ever owns it, just like with the submarine
<http://www.bbc.co.uk/news/10129703>. It's an "accident" or it's inconclusive.

Also, neither side wants to conclusively blame the other, because hey, they're
still at odds. Stepping a single foot into the DMZ without permission can get
you shot at.

SK is probably trying to give them the benefit of the doubt but is relatively
sure it was them.

~~~
roc
I would think it has little to do with the benefit of the doubt and everything
to do with retaliation and escalation.

If the South found that the North definitely sunk a South submarine, the
people would (more loudly) call for retaliation. And while everyone is certain
what that would lead to, no-one's quite sure where it would end and no-one
doubts that the losses for all involved will massively dwarf the loss of a
single ship.

And there's always the possibility that the South really was in the wrong.
That their ship had violated an agreement by doing something they'd rather not
publicize.

(Not unlike the subdued US reaction to the EP3/Mig-21 collision in 2001. Were
the US 'innocent' the rhetoric would have sounded much different than it did.
But even then, the risks of escalation far outweigh the losses at hand.)

------
frewsxcv
Honest, slightly unrelevant question: does North Korea have access to the
world wide web? And if so, who do they connect through?

~~~
alexey_a
Yeah, but I think it's limited to a select few, as you might expect. They also
have their own DNS system IIRC.

~~~
pyre
It seems unlikely that with such restricted access to technology they would be
able to cultivate top-calibre talent for cyber attacks.

~~~
potatolicious
I agree, though if the top post in this thread is correct, it doesn't look
like they really need _top_ talent.

------
jaequery
FWIW, i believe this was a hack involving their use of package management IPM
(Isis Packagement Management): <http://help.unc.edu/help/isis-package-manager-
ipm/>.

this is similar to ruby's package management hack earlier, but this time at a
software level with ability to infect PC's/servers/etc...

------
belorn
Do North Korea have the expertise to do such attack? It sounds to me more
likely that supporters of North Korea did it (say groups inside China).

~~~
kkshin
From the Korea Herald:

"According to South Korean experts, Pyongyang’s electronic warfare
capabilities are second only to Russia and the United States."

Not sure how accurate THAT statement is, but North Korea has waged electronic
warfare multiple times in the past including jamming SK's GPS systems at one
point. They probably have a fully capable electronics warfare unit.

Its also quite possible that China supplies the technology/know how to conduct
such attacks and uses NK as a proxy to test systems as SK military procedures
are somewhat related to the United States.

Also, South Korea has REALLY bad security. For example, if you want to use
some form of online banking you must use an ActiveX control with IE.

~~~
panacea
"Also, South Korea has REALLY bad security. For example, if you want to use
some form of online banking you must use an ActiveX control with IE."

I've heard about that, and that it's a major impediment to the adoption of new
browsers, but I'm wondering how that gels with the (uncomfortable/awkward?)
zeitgeist of Samsung.

I was under the impression that Japan went 'mobile first' years ago and their
phones have been their touchpoint (no pun intended) to the internet from
before the iPhone launched and that desktop PCs weren't a big thing.

Are SK residents using their Life Companions* tethered to a PC to do their
day-to-day banking on a PC? Akin to iTunes?

*<http://www.samsung.com/global/microsite/galaxys4/>

~~~
yeonhoyoon
We need to use IE for most banking/online shopping sites. So the market share
of Windows/IE in Korea is higher than other parts of the world.

Most people have Windows/IE installed together with their preferred
OS/browser, myself included.

For mobile banking the situation's a little bit better but it is cumbersome
nonetheless.

I think the payment system in S. Korea has a lot of potential for disruption,
but the current regulatory laws force the businesses to use ActiveX.

~~~
jessaustin
_...the current regulatory laws force the businesses to use ActiveX._

Wow. Here I was thinking CFAA was a bad law.

------
axusgrad
A great example of how fixing security weaknesses is more important than
trying to outlaw their exploitation.

------
uribs
"Cyberattack" is also known as "you left the door open and someone walked in".

------
fakeer
Sometime ago there was news "North Korea under cyber attach" or sth like that.
Now this.

So, this is an "attack" or "counter-attack"? Anyway, am I the only who who is
smelling that that sense of retaliation was routed from some other country as
one can actually doubt North Korea's cyber prowess.

South Korean Internet is micro-monitored like many tyrannies(though not on the
same scale" so I guess the attack was sophisticated and of some calibre.

