Authorities have discovered 200 more so-called zombie computers that have been infected with viruses North Korean hackers planted in September last year. They came across them in the process of investigating the laptop computer of an IBM employee that was used to paralyze the computer network of agricultural cooperative lender Nonghyup.
Prosecutors said Monday that the National Intelligence Service identified 201 port numbers that have been infected with viruses so that they can serve as zombie computers, and the IBM employee's laptop is one of them. This means not only Nonghyup but any state agency could be the target of a North Korean cyber attack.
◆ Growing Sophistication
South Korean authorities and computer experts say the Nonghyup incident demonstrates the increasing sophistication of North Korea's cyber warfare capabilities. During a so-called distributed denial-of-service attack on July 7, 2009, North Korean hackers used 435 servers in 61 different countries to spread just one type of virus. During a DDoS attack in March this year, 746 servers in 70 countries were used to plant more than three different types of viruses. The cyber attack against Nonghyup involved a different virus which directly infiltrates the computer network of a bank and deletes not just data but its own tracks as well.
Authorities say finding the 200 zombie computers is as difficult as locating a mole planted by North Korean intelligence. As long as the zombie PCs remain dormant, it is impossible to trace them.
◆ What Next?
Experts say judging from the pattern of North Korea's cyber warfare tactics the Nonghyup attack may be just the beginning. North Korean hackers tested the level of defenses at South Korean government agencies through the DDoS attacks and then targeted the state-run lender, whose security system was weak compared to other banks, suggesting that more crippling attacks could take place. Nonghyup was also among the targets of the two previous DDoS attacks.
Intelligence officers say the North's next target could be the South's power grid, including nuclear power plants, as well as airports, maritime ports or subway systems. So far North Korea has used spies to gather information about them.
Nam Sung-wook of the Institute for National Security Strategy said, "Now that a financial institution has been attacked, the next will be a government institution." He forecast that the government's computerized network managing resident identification numbers or state medical insurance files could be the next target.
Baek Seung-joo, the director of the Center for Security and Strategy at the Korea Institute for Defense Analyses, said, "These cyber attacks differ from warfare in that they seek to foment social chaos by intensifying fear among the public."