[ISN] Military Admits N. Korean Hacker Attack

From: InfoSec News <alerts_at_private>
Date: Wed, 4 Nov 2009 00:12:00 -0600 (CST)
http://english.chosun.com/site/data/html_dir/2009/11/04/2009110400775.html

The Chosun Ilbo
Nov. 04, 2009 

The North Korean military hacked into the South Korean Army command in 
March and a password for the National Institute of Environmental 
Research (NIER) website leaked out, Lt. Gen. Kim Jong-tae, commander of 
the Defense Security Commend (DSC), admitted to a parliamentary audit on 
Tuesday. That confirms a report last month in the Monthly Chosun.

Lawmakers quoted Kim as saying the target of the hackers was the 
computer of the director of the chemicals division, and his ID and 
password were leaked through a hacking program when he logged on to the 
alumni website of the Korea Military Academy. Kim bluntly stated that 
the military security system "is not safe" from attacks by North Korean 
hackers at the moment, lawmakers said.

The Monthly Chosun reported that North Korean hackers stole confidential 
information from the Chemical Accident Response Information System 
(CARIS) set up by NIER using a password obtained from hacking South 
Korean Army command. Over 2,000 national secrets were stolen, including 
the names of around 700 companies or state-run entities that manufacture 
toxic chemicals.

The DSC explained that the hacked computer was connected to an external 
Internet network, which is strictly separated from the internal military 
network. This time, the DSC explained, the internal military network was 
not hacked, but it added, "As North Korea's hacking technology develops, 
the chances of the internal network being attacked is increasing and 
better security is needed."

There is also a risk that military information might leak through a 
hacking program on a flash disk used when logging onto the military 
network, but the current system is capable of detecting and preventing 
that, the DSC said.


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Nov 03 2009 - 22:12:00 PST

This archive was generated by hypermail 2.2.0 : Tue Nov 03 2009 - 22:29:38 PST