South suspects North Korean hackers hit on June 25

A denial of service attack on a South Korean DNS server (Image: Fortinet)

The South Korean government says it suspects hackers in North Korea were behind a series of cyber attacks last month.

The attacks took place on June 25, the anniversary of the beginning of the Korean war, and continued for several days. When they began, several South Korean government and private-run websites were defaced or taken offline.

The main evidence behind the South’s accusations was the discovery of an IP address linked to North Korea and similarities in software code between the June 25 attack and previous attacks, the Ministry of Science, ICT and Future Planning, said Tuesday.

IP addresses are unique numeric identifiers assigned to every device on the Internet that underpin routing of traffic on the network. All known North Korean IP addresses — there are 1,280 of them — are controlled by the Ministry of Posts and Telecommunications or Star, an affiliated Internet service provider.

Computer security company Fortinet analyzed the June 25 attack and said many of the websites that were taken offline were not directly attacked. Instead, hackers attacked servers that translate human-memorable Internet addresses, like www.example.com, into numeric IP addresses, like 10.234.12.76.

The servers, called DNS or domain name system servers, are queried everytime a human-memorable address is typed into a browser, added to an email or followed from a link. Because the numeric IP address is what’s actually used to send, route and receive data, computers need to know that before anything can happen.

Therefore, if the DNS server isn’t available, it’s impossible to connect to the target website, even if the target website is available.

A denial of service attack on a South Korean DNS server (Image: Fortinet)

A denial of service attack on a South Korean DNS server (Image: Fortinet)

The attacks on South Korean sites coincided with a previously announced attack on North Korean-related websites by members of the international hacking collective Anonymous. The group launched a series of denial of service attacks that made it difficult to access the sites for several days. Leaders of the Anonymous attacks denied on Twitter any link to the actions against South Korean websites.

One of the attacks targeted the website of the South Korean president and resulted in the site being offline for most of the day.

Comments are closed.

An affiliate of 38 North