Election-day cyber attack scandal rocks South Korea's ruling party

Filed Under: Denial of Service, Featured, Law & order, Vulnerability

Rep. Choi Gu-sik of the governing Grand National Party (GNP)Three of South Korea's top seven leaders have quit their posts and others are shrinking away from a scandal involving a legislative aide who allegedly tampered with government election agency computers during elections in late October, according to a report published on Wednesday by the Wall Street Journal.

South Korea's cyberterrorism police last Friday arrested the aide to a top ruling party politician after finding evidence that he orchestrated an election-day cyber attack on the National Election Commission's website, thereby flummoxing young voters trying to find their polling places.

News reports have identified the aide as a 27-year-old named Gong who worked as secretary for Rep. Choi Gu-sik of the governing Grand National Party (GNP).

South Korean police are investigating whether Gong (who is identified only by surname) and three accomplices acted independently to take down the website via a distributed denial of service (DDoS) attack.

Police are also pursuing the possibility that Gong and his three accomplices - workers at an IT firm - were following orders issued by politicians or "other influential figures," according to The Korea Times.

Investigators suspect that the DDoS was an effort to suppress voter turnout on the part of the young voters who favor opposition parties. The timing of the cyber attack supports the theory, given that young workers typically vote in the morning before going to work, according to The Korea Times' Lee Hyo-sik.

The massive cyberattack kicked the knees out from under the National Election Commission’s site, creating "mass confusion" for voters trying to find their way to the polls, according to Lee Hyo-sik.

The scandal is only the latest blow to the ruling GNP and its chances of re-election. The three officials who resigned were on the party's Supreme Council—the Parliament members who lead the party.

GNP chairman Hong Joon-pyoGNP chairman Hong Joon-pyo said at a news conference on Wednesday that he would resist pressure to resign, according to the WSJ.

Instead, he said, he's pondering a move to dissolve the party and rechristen it with a new name, in hopes of smoothing the troubled waters before parliamentary elections in April.

Here's more context from the WSJ article:

The conservative party, which controls a sizable majority in the 299-seat National Assembly and includes President Lee Myung-bak, has lost popularity in every election since it took power in 2008, a pattern that is typical in Korean politics.

But over the past year, discontent with the party and Mr. Lee has grown, because they are considered to have been slow to address the nation's uneven recovery from the 2008 global economic crisis. The government handled the crisis mainly by creating favorable conditions for the nation's exporters, while smaller businesses struggled as domestic consumption slumped.

Use of DDoS attacks to influence elections or suppress political opinions appears to be becoming commonplace.

Just two days ago, Sophos's Graham Cluley reported on a similar cyber attack on Russian sites that claimed that the vote was being fixed.

As Cluley noted, compromised computers around the world can be put into the service of deluging a website with pings, "effectively clogging it up and bringing the site to its knees." These DDoSes exploit poorly-defended home PCs, turning them into zombie bots that can then be used to flood a target with requests.

Tracing the trail of a DDoS to find the responsible party or parties is no simple feat.

Will the South Korean attack prove to be the flailings of a foundering political party, orchestrated by its top brass? Or will it prove to be the work of a few lone actors, similar to the 16-year-old who allegedly tried to DDoS the UK's royal wedding site?

In this case, the attack certainly smells of officialdom.

But regardless of who's behind the attack, these type of exploits are here to stay, part of our modern election zeitgeist. As long as PCs sit undefended, there will be plenty of zombies to launch at any target that a lone perpetrator or a corrupt government chooses.

, , , ,

You might like

3 Responses to Election-day cyber attack scandal rocks South Korea's ruling party

  1. Michael · 1396 days ago

    An excellent issue to bring to light.

    I would like to point out that in this case the DDos was not particularly related to the method that you have noted.

    "An official with the police said, “This went beyond simply using zombie PCs and wireless Internet to launder IP addresses. It was a sophisticated attack.”" - http://english.hani.co.kr/arti/english_edition/e_...

    A smaller number of machines was used to perform this attack and the site affected did have systems that would have protected it from a simple form of DDos. This is significant in this case as the method used points to a very well funded, very technically proficient attacker which the accused in this case was not. That is the reason for the retirements at higher levels as the public is not accepting Mr Gong as the principle perpetrator in this matter.

  2. George · 1380 days ago

    Any update so far?? Higher level seems involved. FYI, not only DDos. but also changed loction of voting places were also issued in this case. If it was DDOs only, it is too difficult to explain why the homepage of election control was ok generally. Some experts state that the vote place information menu was not running at that time. It is believed to be well organized election scandal. Please update if you have follow-up info. Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.