After a couple of weeks of confusion, South Korean authorities finally pinpointed the March 20 attack to North Korea. We can conclude three important facts from this attack dubbed Dark Seoul,:
- this attack was not very sophisticated
- this attack wiped the harddisks of computers AFTER they had been infected for more than 8 months
- North Korea was blamed for much more damaging and sophisticated attacks in 2011
In their white paper, McAffee described the sophistication of the 2011 DDoS attack “analogous to bringing a Lamborghini to a go-cart race“. This time they actually did bring a “go-cart” and still managed to win with overkill to spare. But if they did have a super weapon in their armory, why did they point and shoot a pop gun? It’s especially baffling when you consider that they could probably get away with even a large scale cyber attack with minimal consequences.
Perhaps you’re starting to wonder whether the North Korean’s 5000 strong cyber warfare division is preparing for a major cyber attack? I know I am.
Having said that, it’s time to ask a few difficult questions
Is North Korea more cyber-warfare capable than we give it credit for?
Even if they aren’t then South Korea is still screwed because they were knocked out by a pop gun and called it cyber terrorism.
But if they are, then South Korea is screwed 10 times over.
Based on how the security industry classified their previous attacks, North Korea’s cyber-warfare team can be called an Advanced Persistent Threat (See: “Responding to the ‘Dark Seoul Cyber Attack‘” for more information). According to some analysts, apparently they got much more up their sleeves than “just” a few nukes. Plus they can fire off these digital warheads whenever they please without fear of major U.S. retaliation, worldwide condemnation, or UN sanctions (assuming the sanctions would even cause them to flinch). Maybe the North is more tech savvy than we’d care to admit.
The average조재현 (read: Joe) would then ask: So what? This leads us nicely to our next question:
How badly can you be affected by a cyber attack?
I’ll let the economists and political analysts explain the national security issues. Let’s just focus on a few practical scenarios in your daily life. So how does an internet based threat personally affect you? Well that depends on:
How much cash do you usually carry on you?
Is it enough to keep you going for a few days? A week? How long could you survive without a credit card? Without your bank being able to issue hard currency? We have to realize that when the banks go down, they’ll go down for an indefinite period of time. During that time you might have to pay bills, buy grocery, or fill up your gas tank, with the limited cash you have on hand.
Estonia suffered a massive DDoS attack in 2007. With more than 90% of banking transactions done online, the most wired country in Europe was isolated from the rest of the world for three weeks.
Starting to get worried? Maybe the old sock under the mattress isn’t such a bad idea after all.
Do you mind if someone stole your personal information (e.g. ID number, address, phone number, medical records)?
We tend to forget that almost every detail of our lives are stored on some computer and it’s likely that it’s accessible online. This makes it easier for healthcare providers to smoothly transfer you to another hospital or doctor, but it also makes it vulnerable to cyber theft. Well this might be old news if you were one of the 35 million users of social network CyWorld in 2011.
How long can you live without electricity?
Most utilities are managed by SCADA systems hooked up to the internet so management can monitor and control things like power generation output in real time from the comfort of their offices. The fact is most of these systems are left open, vulnerable, and unsecured. Iran’s secret nuclear enrichment program, supposedly running on networks completely isolated from the internet, is proof of how nothing is fool proof. Note that Korea Hyrdo & Nuclear Power just isolated their nuclear power plant computer networks from the internet and from any external connections. A wise albeit late measure. If an APT wanted to attack the power plant, they would have infected the target machines long before D-Day and have the malware execute itself on a timer.
I like telling people that Die Hard 4 isn’t just a movie. It’s a documentary of what could happen today.
What must be done to protect ourselves? Digital Self-Defense
Understand that cyber attacks are real and can affect you
About the only thing worse than having a gun pointed at your head is not knowing it’s even there. The security guys, government, and media have the job of informing you if there’s a threat. Your job is to be made aware and act on the information.
Know how you can protect yourself
Be careful of what websites you visit and the emails you open. It’s probably better to avoid opening any dodgy emails at all. Keep your computer updated with the latest software updates. Make sure your computer’s security features are on. This latest attack could have been easily prevented if everyone was using an updated antivirus and had windows protection turned on.
Know who’s responsible for your safety (or lack thereof) and hold them accountable.
The banks that lost your personal information betrayed you when they refused their security team’s request for necessary security infrastructure. Don’t let them get away with shirking off their responsibilities. Your government failed you when it refused to deal with old threats and prepare to face new ones. Your taxes should be used to ensure your safety. Your neighbor put you at risk when he forgot to update his antivirus software. Make him aware of those risks.
Remember that in cyber space a country’s security level is only as high as its weakest link. Everyone’s participation counts.
Jonathan A.P. Marpaung is a computer security researcher at Dongseo University, Busan and Spentera Security, Jakarta.
Michelle Kang is a columnist studying at Kyungsung University, Busan.