Wednesday, December 15, 2010

Wikileaks is not alone...

Julian Assange is only the tip of the hacker iceberg, as this story, compliments of FBI Newark's National Security Threat Awareness October Bulletin illustrates:

(U) Report: Hackers Steal South Korean Defense Documents
(U) South Korean officials say hackers from China stole classified defense documents. The suspected hacking occurred when South Korean officials handling foreign and security affairs opened e-mails disguised as having been sent by government officials, but which contained hacking programs that can be
activated when the e-mails are opened. Hackers believed to be from China stole secret South Koreandocuments on defense and foreign affairs by using e-mails pretending to be from Seoul officials,according to an October news report.
(U) The suspected hacking occurred when South Korean officials handling foreign and security affairsopened attachment files that contained titles referring to items such as the schedule of North Koreanleader Kim Jong Il's trip to China, the JoongAng Ilbo newspaper said, citing a ruling party lawmaker.
Kim visited China twice this year. The e-mails, made to appear as if from a South Korean presidential official and a South Korean diplomat, contained hacking programs that can be activated when the e-mails are opened, the newspaper said. The lawmaker, Lee Jung-hyun of the Grand National Party, obtained two
allegedly hacked South Korean defense reports from Chinese hackers, according to the report. Lee provided no other details, it said. Lee could not be reached for comment. Repeated calls to an aide seeking confirmation also went unanswered. The report did not say when the alleged hacking occurred.
(U) Earlier this year, South Korea's top spy agency warned the government about e-mails disguised as having been sent by government officials, said the newspaper. The National Intelligence Service confirmed it issued the warning in a report sent to the government, but declined to give further details.
The e-mails had addresses using South Korea's two main portal sites, Naver and Daum, though a Defense Ministry investigation into their IP address, the Web equivalent of a street address or phone number,traced them to China, said the newspaper. The Defense Ministry said it could not immediately comment
on the report.
(U) The JoongAng Ilbo report came months after a government-run Web site in South Korea was hit by a massive number of access attempts traced to China. In June, access to one of the sites run by the Ministry of Public Administration and Security slowed for several hours because about 120 sites based in China
tried to connect to it simultaneously to overwhelm its server, according to the ministry.
(U) Last year, government Web sites in South Korea and the United States were paralyzed due to a similar type of cyberattack that South Korean officials believed was conducted by North Korea. But US officials have largely ruled out North Korea as the origin, according to cybersecurity experts. Experts say
there is no conclusive evidence that North Korea, or any other nation, orchestrated it. South Korean media have reported that North Korea runs an Internet warfare unit aimed at hacking into United States and South Korean military networks to gather information and disrupt service. The two Koreas are still technically at war because their conflict that started in 1950 ended in 1953 with an armistice, not a peace
treaty.
(U) Analyst Comment: IT network administrators and security officers should continue to highlight to network users the “phishing” threat. This incident in South Korea illustrates that a successful phishing
attempt against an uniformed person could even compromise classified data.










No comments:

Post a Comment