[ISN] Korea Becomes Haven for Hackers

From: InfoSec News (alerts@private)
Date: Mon Feb 19 2007 - 23:16:22 PST


By Kim Tae-gyu
Staff Reporter

The dominance of the Windows operating system coupled with a lack of 
interest in cyber security and state-of-the-art Internet infrastructure 
has made Korea a haven for hackers.

Earlier this month hackers launched a powerful offensive on crucial 
Internet servers, which help manage global computer traffic.

On Feb. 6, hackers flooded at least three of the 13 root domain name 
system (DNS) servers, which connect domain names with Internet protocol 
addresses to enable people to reach certain Web sites.

The attacks, dubbed distributed denial of service (DOS), caused a heavy 
inflow of Internet traffic directed at root servers.

DOS attackers seemed to have tried to bring the Internet pipeline to its 
knees by flooding it with useless traffic, shutting down all the 

They failed to disrupt the resilient Internet, which is safeguarded 
unless all 13 root servers and many more back-up servers are overwhelmed 
for about a week at the same time.

However, the accident spurred concerns about the security of cyber space 
across the world since it marked one of the most concerted attacks 
against the Internet's core facilities since a similar assault in 2002.

In particular, the attack seems to have involved South Korea as overseas 
media reported a majority of the rogue data originated from computers in 
the country.

Citing data from the North American Network Operators' Group, the Korean 
government confirmed 61 percent of the problematic data was traced to 
South Korea.

Hackers and Zombie Computers

Yet, the Ministry of Information and Communication flatly rebuffs the 
suspicion that Korea was the main culprit behind the cyber attacks.

``We learned a host server in Coburg, Germany ordered a flurry of Korean 
computers to stage DOS assaults on the root servers,'' said Lee Doo-won, 
a director at the ministry.

``In other words, Korean computers affected by viruses made raids into 
the root servers as instructed by the German host server. Many of our 
computers acted like zombies,'' Lee said.

A zombie computer refers to a computer infected with malicious code, 
which allows a host computer to access to its system and manipulate its 

As soon as an e-mail recipient opens a virus-embedded mail and executes 
it, the computer becomes a zombie. Hackers sometimes capitalize on the 
weakness of unpatched operating systems to create an army of zombie 

Most owners of zombie computers are unaware that their system is being 
used in this way.

Korea has long been touted as a hotbed for hacking activity because the 
country has a wide-ranging interconnected network, a necessity for 
creating zombie computers.

Roughly 14 million out of the nation's 15.5 million households are 
hooked up to the always-on high-speed Internet to mark the world?s 
highest broadband penetration rate.

``The envied broadband infrastructure was abused by hackers so the 
United States regarded Korea as the major source of the DOS attacks,'' 
Lee said.

``Things have become aggravated because many Korean computer users did 
not patch up their security holes, making them vulnerable to the secret 
raids of zombie specialists,'' he said.

Indeed, the download rates for Windows operating system patches are much 
lower in Korea than elsewhere in the world, according to Microsoft, the 
maker of the Windows software.

Worst-Case Scenario

Experts warn that the nation's ambitious scheme of upgrading its 
infrastructure to a broadband convergence network (BcN), may end up 
giving ammunition to hackers.

The government plans to increase the speed of the Internet to 100 
megabits per second (Mbps) by 2010, about 50 times faster than the 
current 2Mbps.

The increase in speed means BcN subscribers can download a two-hour 
high-definition movie file in one minute, compared to the one hour 
needed today.

To help encourage a smooth transition to BcN, the government looks to 
spend 1.2 trillion won through 2010 and draw 800 billion won in 
investment from the private sector.

The number of BcN subscribers, which topped the 5 million mark late last 
year, is expected to surpass 8 million later this year, more than half 
of the total Internet user base.

``The fast BcN network is a two-edged sword. It can be employed either 
to make our daily life more convenient or to attack the root servers,'' 
an official at the state-backed Korea Information Security Agency said.

``We are concerned that the BcN network may give a machine gun to zombie 
computer controllers instead of the traditional handguns,'' the official 

He articulated that the best way to prevent the abuse of the ultra-fast 
Internet network is to keep people alert on cyber security issues 
through periodic patch upgrades.

Some observers point their fingers to the dominance of Microsoft Windows 
operating system as part of the reason behind Korea's recent DOS 

``In the distributed DOS attacks on root servers, all of the zombie 
computers were based on a Windows operating system,'' a Seoul analyst 

``Our over-reliance on Windows can attract hackers. We have to make 
things tough for the unscrupulous troublemakers by reducing dependence 
on the operating system,'' he said.

Almost 99 percent of domestic personal computers run a version of the 
Windows operating system.

Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Mon Feb 19 2007 - 23:36:46 PST