DPRK protests results of hacking probe

The DPRK is loudly protesting the preliminary results of a South Korean investigation that found it was behind widespread computer disruption that hit several TV stations and banks on March 20. [Updated, see below.]

The computer attacks wiped clean the hard disk drives of around 48,000 personal computers and servers inside broadcasters KBS, MBC and YTN, and the Shinhan, Nonghyup and Jeju Banks.

In an almost 2,000 word response carried on the state-run KCNA newswire, the main results of the investigation were picked through and discounted. The article, which came a day after Seoul disclosed its findings, was attributed to a spokesman for the General Staff of the Korean People’s Army.

The South Korean investigation concluded Pyongyang’s involvement based on some key points:

The first was the disclosure, apparently in error, of an Internet address being used by a hacker in the weeks before the attacks. The address fell within a batch used exclusively by North Korea and was only visible for a few minutes before being hidden, the report said.

On this — as in much of the reply — the KPA spokesman demonstrates a working knowledge of how computer hackers operate.

“It is a common method used by hackers to hide themselves to abuse other’s IP address or fake it up on open internet for hacking. The group claims that a few records of IP addresses by which accesses were made to south Korean computer networks prove that the case was the ‘north’s work.’ This cannot be construed otherwise than evidence of ignorance of how cyber warfare is waged,” KCNA reported.

The next piece of evidence came in the form of software code used to mount the attacks. Of 76 pieces of code recorded, roughly a third were identical to code used in previous hacking attempts against South Korea, the government report said.

“This assertion is utterly baseless,” KCNA quoted the spokesman as saying.

The rebuttal then goes on to assert that South Korea doesn’t really understand how hackers operate. If it did, it wouldn’t have come to its conclusions.

“All this goes to clearly prove that what the group claims is nothing but a sinister plot hatched by those hell-bent on the confrontation with fellow countrymen, bereft of even an elementary concept of the cyber warfare,” the spokesman told KCNA.

The response shouldn’t come as a surprise to anyone that watches the peninsula. It was inevitable whether the DPRK was behind the hacking or not.

What’s more interesting perhaps is that it marks the first time the state-run media has commented on the event in a major way. On March 20 and in the days after, the North Korean government didn’t mention the attacks. Perhaps that’s because this time, unlike after previous computer attacks, the South Korean government didn’t immediately assign blame to the DPRK. But plenty of others in Seoul were pointing their fingers towards Pyongyang.

For whatever reason, North Korea decided to speak up only after the government made its allegations.

[Update]

Here’s what Voice of Korea, the DPRK’s international radio station, had to say about the report:

[audio:https://www.northkoreatech.org/wp-content/uploads/2013/04/130413-vok-hacking-web.mp3]
An affiliate of 38 North