Sunday, May 8, 2011

North Korea Cyber Attacks Nonghyup Bank

A couple weeks ago my facebook news feed erupted with a lot of annoyed native English teachers complaining about their banking services provider, Nonghyup, being closed unexpectedly.  Nonghyup closed its doors and cut off ATM and check cards services for three days because of a security breach that crippled the bank.  I was not able to withdrawl or use any of my personal money for three days.  If you work for EPIK (like I do), then you have to bank with Nonghyup and many other government employees also have to bank with Nonghyup exclusively.  As it turns out, it looks like North Korea was responsible for the cyber attack.

Source:
Banking operations at Nonghyup, a South Korean farm co-operative, were halted by the cyber intrusion, leaving customers unable to access their money. 
The Seoul prosecutors' office called it "unprecedented cyber-terror deliberately planned" by North Korea. 
It said the software used matched that used in earlier attacks by Pyongyang. 
Prosecutors said that a laptop used by a subcontractor "became in September 2010 a zombie PC operated by the North, which... later remotely staged the attack through the laptop". 
One of the Internet Protocol (IP) addresses used to break into Nonghyup's system was the same as one used in March for a distributed denial-of-service (DDoS) attack that originated in North Korea, they added. 
The software used in the incident was also similar to that employed in July 2009, when a number of South Korean government websites were attacked, the prosecutors said. 
The latest attack caused a three-day service outage at the bank - also called the National Agricultural Co-operative Federation - and caused the records of some credit card customers to be deleted. 
South Korean media outlets have in the past accused North Korea of running an internet warfare unit aimed at hacking into US and South Korean government and financial networks. 
The two Koreas technically remain at war following the 1950-53 Korean War, and tensions have been high in recent months in the wake of two deadly incidents. 
South Korea blames North Korea for sinking its Cheonan warship in March 2010, with the loss of 46 lives, although North Korea denies any role in the incident. 
Four South Koreans were also killed when North Korean troops shelled a border island in November 2010.
South Korea has some of the most strict internet laws in the world, but that does not mean they are the best or the smartest.  South Korea passed a myriad of internet laws around 2006 and none of them have been updated by lawmakers since.  The internet evolves quickly and a lot of government agencies and businesses are being hampered by these laws to rely on outdated security software (like activeX plugin request) because that is what Korean law states they must use, even though it has become outdated and unsafe.

4 comments:

Prime said...

When I worked for EPIK last year, we didn't have to bank with Nonghyup exclusively. I switched to a KEB savings account and one of my other friends switched banks twice, finally settling on Gwangju Bank. All we had to do was notify our coordinator at the office of education of our new account and we had no problems getting our checks deposited there.

TWEffect said...

That is true. You are correct, but Nonghyup is the default that they set new teachers up with and easily over 90% of EPIK teachers bank with Nonghyup. That is what I meant.

Prime said...

Oh I understood what you meant. It does get to me that EPIK doesn't inform you of bank choices. Guess NH is the most convenient for them seeing as they're everywhere. Regardless, I am glad I had more than one account when the attack happened. I've heard Koreans have more than one bank account with different banks in case something like this happens, but I could be wrong. I think we should get the word out to everyone else about having backup accounts just in case. Korea has shown it isn't exactly up-to-date when it comes to online security.

busanchristian said...

In rural areas Nonghyup may be the only choice. In cities we have many choices, including banks that allow foreigners to get Credit Cards.

Related Posts Plugin for WordPress, Blogger...