Who out of the year, while hundreds of thousands of South Korean computer hackers to do far more than wipe out the hard drive, network security company, said: They are trying to steal South Korean and U.S. military for many years, they have been sending malicious code via the Internet Secrets .
The identity of the hackers, they have been given the value of any information, do not know that the U.S. and Korean researchers who have studied underwent lines of computer code. But they do not dispute the claim Korea, North Korea was responsible, and other experts say the link military spying allegations of additional fuel Seoul.
Headquartered in Santa Clara, California, McAfee Labs researchers said the malware was designed to find and upload information refers to U.S. troops in South Korea, joint exercises, or even the word "secret."
McAfee said that an ongoing attack, which requires the operator to Troy, because interspersed with ancient version of the code has been infected with malicious software, a lot of sites. McAfee said that in 2009, malware to social media sites in South Korea's military personnel.
Ryan Sherstobitoff, senior threat researcher at McAfee, who gave a report from the Associated Press, the company is releasing later this week, "the deepening understood better than anyone else, it does not just attack, saying:" This is military espionage. He analyzed by the U.S. government partners and private clients shared code examples.
McAfee found malware keyword search can be traced back to the 2009 version. A Korean network security researcher, Simon Choi version of the code and found that back in 2007, in 2008 the new keyword search function. It is composed of the same people who have launched before the cyber attacks in the past few years in South Korea, Choi said.
Version of the code may still be trying to collect on an infected computer military secrets. Sherstobitoff said fingerprints found on the same encoding attack June 25 - anniversary of the 1950-53 Korean War began - South Korean President and Prime Minister websites were attacked. A day later, the Pentagon said it is investigating reports that tens of thousands of U.S. troops in South Korea's personal information is posted online.
Sherstobitoff began his investigation, on March 20 after a cyber attack, known as the Dark Fall Incident. It is clean, including those belonging to the three major television networks and three banks in South Korea, tens of thousands of hard drives, disable ATMs and other banking services. Seoul South Korea by the darkness that no military computer.
The code used in the shutdown is used to find the different military secrets, but they have so many features, I believe they are the same person Sherstobitoff and Choi.
Sherstobitoff says spy responsible person has infected computers "spear phishing" - targeted attacks to trick users to give up sensitive information through impersonate trusted entities. Hackers hijacked about a dozen obscure Korean language religious, social and shopping sites, making it easier from an infected computer to pull secret without being detected.
McAfee's experts say hackers have targeted government at least four years of military information networks, the use of automatic code search dozens of infected computers Korea's military terminology, including "Army", "secret", "Joint Chiefs of Staff staff meetings "and" operation key solution ", by USFK and South Korean troops at the annual military exercises.
This report does not identify the targeted government networks, but it does mention, in 2009, military personnel residing in Korea using a social media site code was used to infect. McAfee did not name the military's social media sites, nor released, it is in what kind of language, asked the U.S. authorities citing security concerns. South Korea has 63.9 million people in the military, but there are 28,500 U.S. military personnel stationed in the country.
McAfee also said that only a list of some in its report of malware search keywords. It said it concealed many other keywords, for confidential material in the United States officials request due to the release of the specific name and program sensitivity.
"These measures include individuals, base location, weapon systems and asset name, said:" Sherstobitoff.
Choi, who works for the South Korean network security company, has similar findings, he and other "white hat" hackers created a research team IssueMakersLab.
Results to a report published in April by the fiscal boanmycin news, Seoul's website, focusing on South Korea's security problems, but they did not get much attention. The report contains a number of search terms are not included in McAfee's report, including South Korea's key English equivalents.
McAfee and IssueMakersLab have found any documents, reports, and even PowerPoint files on the infected computer's military keyword will be copied and sent back to the attacker.
An attacker could also upload malicious software removal Hard collective and send remote control commands, which took place on March 20.
Before the attack, the hacker has been sent several months in the domestic network spy malware, so that they can gather information about their work to the internal server, which sites users visit, be responsible for computer security, the researchers found. This information was originally planning coordinated attacks Bank and the television networks is essential.
Anti-virus software and security practices, such as avoiding suspicious links and e-mail attachments, you can prevent the infected computer, but how difficult the March attack, which can be completed in a wide range. Ironically, some of the use of malicious code disguised as Simon Company, South Korea's largest anti-virus vendors of anti-virus products, McAfee said.
McAfee said in Seoul with South Korean military authorities in close cooperation, sharing its findings with the U.S. authorities.
Tim JUNIO, who at Stanford University Center for International Security and Cooperation research network attacks, says McAfee report "fairly compelling evidence North Korea was responsible for the" hacker attacks in the South series tied to a single source, and through the military social media Site users were targeted.
There are clues in the code. For example, a password, and use again and again for years to unlock the encrypted file, there are 38 numbers, the figures in politics loaded in the military demarcation line separating the two countries, security experts said.
Pentagon spokesman Lieutenant Colonel James Gregory said the Defense Department is aware of the study and look forward to the review.
"Department of Defense cyber espionage and cyber security threats very seriously, which is why we have taken measures to increase capital investment, capacity and harden networks, in order to reduce the risk of cyber espionage," he said.
South Korean Defense Ministry said that its secret is safe. Foreign Ministry spokesman Kim Min-seok said officials do not know McAfee's research, but added that it is technically impossible to segment reporting, as it has lost its military intelligence computer is not connected to the Internet. When accessing a Web page, military officials use a different computer disconnects the internal military servers, he said.
Sensitive Korean military "computer hackers from the Internet can not be done," said Kim. "This is physically separated."
Sherstobitoff however, says it can be done, but he did not know it had been.
"Although it is not entirely impossible to extract information from a closed network, disconnect from the Internet, which will require some extensive planning and interior layout stage seeping into the outside world to understand," he said.
Right tin Zhe, Seoul Cuvepia network security company CEO said that the recent hacker attacks that hackers might penetrate into the internal server, South Korea and the U.S. military has enough skills. Even if the two networks are separate, he said, hackers will leave no stone unturned to find some point in their convergence.
"It takes time, but if you find a connection, you can still get to the internal server, the right to say."
FBI Assistant Director Richard McFeely McAfee's findings would not comment, but said in a written statement, "This report regularly to the FBI to better understand the evolving cyber threats."
McAfee nor the IssueMakersLab this report indicate who is responsible for the attacks, but many security experts believe that North Korea may be the culprit.
South Korea accused the North Korean government and military authorities on the site of many network attacks and said they March 20 terrorist attacks linked to at least six computers, located in Korea, was used to spread malicious code.
After leaving several phone cards, March attack, mocking victims. Two different and previously unknown groups separated credit "Whois hacker team" posted pictures of skulls and warnings, and the "Cyber ??Army NewRomanic team," said it had leaked from the bank private information and media organizations.
"Hi, my dear friends," began such a description. "We now have a lot of personal information in our hands."
But McAfee said that this argument, and others - including claiming credit for the attack before the tweet and online rumors - and surveys in order to mislead the public, covering a deeper spyware.
In the U.S. Center for Strategic and International Studies senior researcher James Lewis said the attack was more skillful, occurs over a longer period of time than previously thought.
"I used to joke that this is a network Korean army, because they have no electricity, but it looks as if the regime has invested heavily in this," Lewis said. "Obviously, this is the acquisition of strategic military information and affect the South Korean politics as part of a larger effort."
North Korean leader Kim Jong Un has made computer use and development of the IT sector mark his reign, put a lot of national resources, the importance of science and technology. While most of the country lacks a stable power, a huge hydroelectric power station preserve capital - National Computer Center - hum.
North Korea North Korean officials insist on the protection of network attacks, rather than launching them on the importance of cyber warfare, but the resources are being poured into a network of soldiers training results and there is widespread skepticism.
Relatively small number of Koreans have been allowed access to the Internet - especially in the South compared to ultra-connected society - but it also has seen its computer systems paralyzed network attacks. Pyongyang accused the United States and South Korea has warned of "merciless retaliation."
Other News:
Cyberspying targeted SKorea, US military
Gulf drive against Hezbollah may hit ordinary Shi'ites
Argentina rescinds Famatina mining concession
German exports down 2.4 percent in May
EBX restructuring to leave $1.7 billion debt, $2 billion in assets: source
Obama orders US to review aid to Egypt
Japan moves closer to restarting nuclear reactors
Mexican generals accused of ties with drug cartel set free
