Three of South Korea’s top seven leaders have quit their posts and others are shrinking away from a scandal involving a legislative aide who allegedly tampered with government election agency computers during elections in late October, according to a report published on Wednesday by the Wall Street Journal.
South Korea’s cyberterrorism police last Friday arrested the aide to a top ruling party politician after finding evidence that he orchestrated an election-day cyber attack on the National Election Commission’s website, thereby flummoxing young voters trying to find their polling places.
News reports have identified the aide as a 27-year-old named Gong who worked as secretary for Rep. Choi Gu-sik of the governing Grand National Party (GNP).
South Korean police are investigating whether Gong (who is identified only by surname) and three accomplices acted independently to take down the website via a distributed denial of service (DDoS) attack.
Police are also pursuing the possibility that Gong and his three accomplices – workers at an IT firm – were following orders issued by politicians or “other influential figures,” according to The Korea Times.
Investigators suspect that the DDoS was an effort to suppress voter turnout on the part of the young voters who favor opposition parties. The timing of the cyber attack supports the theory, given that young workers typically vote in the morning before going to work, according to The Korea Times’ Lee Hyo-sik.
The massive cyberattack kicked the knees out from under the National Election Commission’s site, creating “mass confusion” for voters trying to find their way to the polls, according to Lee Hyo-sik.
The scandal is only the latest blow to the ruling GNP and its chances of re-election. The three officials who resigned were on the party’s Supreme Council—the Parliament members who lead the party.
GNP chairman Hong Joon-pyo said at a news conference on Wednesday that he would resist pressure to resign, according to the WSJ.
Instead, he said, he’s pondering a move to dissolve the party and rechristen it with a new name, in hopes of smoothing the troubled waters before parliamentary elections in April.
Here’s more context from the WSJ article:
The conservative party, which controls a sizable majority in the 299-seat National Assembly and includes President Lee Myung-bak, has lost popularity in every election since it took power in 2008, a pattern that is typical in Korean politics.
But over the past year, discontent with the party and Mr. Lee has grown, because they are considered to have been slow to address the nation's uneven recovery from the 2008 global economic crisis. The government handled the crisis mainly by creating favorable conditions for the nation's exporters, while smaller businesses struggled as domestic consumption slumped.
Use of DDoS attacks to influence elections or suppress political opinions appears to be becoming commonplace.
Just two days ago, Sophos’s Graham Cluley reported on a similar cyber attack on Russian sites that claimed that the vote was being fixed.
As Cluley noted, compromised computers around the world can be put into the service of deluging a website with pings, “effectively clogging it up and bringing the site to its knees.” These DDoSes exploit poorly-defended home PCs, turning them into zombie bots that can then be used to flood a target with requests.
Tracing the trail of a DDoS to find the responsible party or parties is no simple feat.
Will the South Korean attack prove to be the flailings of a foundering political party, orchestrated by its top brass? Or will it prove to be the work of a few lone actors, similar to the 16-year-old who allegedly tried to DDoS the UK’s royal wedding site?
In this case, the attack certainly smells of officialdom.
But regardless of who’s behind the attack, these type of exploits are here to stay, part of our modern election zeitgeist. As long as PCs sit undefended, there will be plenty of zombies to launch at any target that a lone perpetrator or a corrupt government chooses.