North Korea was caught attempting a cyberattack on South Korea by using a virus disguised as a video game, authorities claimed this month.
A report on Korea JoongAng Daily said the Seoul Metropolitan Police Agency arrested a 39-year-old South Korean game distributor June 3 over the incident.
The report quoted the Seoul Metropolitan Police Agency as saying North Korea was attempting a cyberattack on Incheon International Airport.
Police said the cyberattack —a distributed denial-of-service (DDoS) attack— had targeted the Incheon International Airport two or three times in March 2011.
“When people played the games, the viruses used their computers as zombies, through which the cyberattack was launched,” it said. It said police, with the help of the National Intelligence Service, arrested and charged the distributor – identified only by his surname Jo – for violating the National Security Law.
Police were also investigating whether Jo provided to the North any personal information of South Korean users of the games he ran, which number over 100,000.
Meeting with North Korean agents
According to the police, Jo traveled to Shenyang in northeastern China starting September 2009 and met agents of an alleged North Korean trading company.
He allegedly asked them to develop game software to be used in the South. “The North Koreans were actually agents from the North’s Reconnaissance General Bureau, and Jo was aware of that, police said,” the Korea JoongAng Daily report said.
Investigators said Jo bought dozens of computer games for tens of millions of won, for a third the cost of the same kind of software in the South. An official at the police agency said Jo was aware the games were infected with viruses.
Jo then sold the games to South Korean operators of online games.
N.Korea blamed for September 2011 glitch
The report said South Korea’s police and intelligence authorities suspect the North’s Reconnaissance General Bureau is behind a technical glitch in the flight data processor that paralyzed air traffic control at Incheon International Airport for nearly an hour last Sept. 15.
But for now, it said it is not immediately clear if Jo’s viruses were linked to the September incident. It said the glitch had disrupted the departures of 18 airplanes from the airport. Initially, the Ministry of Land, Transport and Maritime Affairs said it was not linked to North Korea.
North Korean stuxnet?
South Korean police also said they are looking into the possibility that North Korea planted a computer virus as powerful as the Stuxnet virus into the air traffic control at Incheon International Airport.
The Stuxnet virus, allegedly developed by the U.S., is suspected of attacking computer systems at Iran’s nuclear facilities and destroying centrifuges. Around 7,300 computers in South Korea were infected with Stuxnet in January 2011, the report said.
It also quoted some computer experts in the South as saying North Korea could try to destroy infrastructure in the South connected with traffic, electricity, power plants and water supplies by hacking into computer systems in the South.
“The North’s Reconnaissance General Bureau has hired hackers with North Korean companies in China and mobilized them for earning foreign currency for the regime or cyber terrors against the South,” it quoted an intelligence official in the South as saying.
A thousand hackers?
The report said North Korea’s Reconnaissance General Bureau, created in February 2009 to lead sabotage campaigns against the South, is said to employ over 1,000 hackers.
It said South Korean and U.S. intelligence agencies also suspect it masterminded the sinking of the South Korean warship Cheonan in March 2010. The North had denied its role in the sinking, which killed 46 South Korean sailors.
Not the first time
A blog post by security vendor Sophos said this was not the first time North Korea has been implicated in cyberwarfare against South Korea.
It said there have long been claims that North Korea is operating a cyberwarfare unit, and allegedly launched a spyware attack targeting South Korea’s military command and control center in 2008.
In 2009, a massive DDoS attack crippled 26 South Korean and foreign governmental websites, including military sites. Earlier this year, between April 28 and May 13, North Korea’s Reconnaissance General Bureau also managed to devastate GPS signals throughout the Korean peninsula, Sophos said.