Sophos Cloud Optix
South Korean police arrested a man from Seoul last week, on suspicion of working with North Korea to develop games infected with spyware.
According to a news report in the Korea JoongAng Daily, the 39-year-old game distributor was arrested on June 3 and charged with violating the National Security Law.
The law is North Korea-specific. Passed as the National Security Act in 1948, it outlawed:
- communism;
- recognition of North Korea as a political entity;
- organizations advocating the overthrow of the government;
- the printing, distributing, and ownership of “anti-government” material;
- and any failure to report such violations by others.
The man was identified only by his family name, which news outlets render as either Cho or Jo.
Police claim that Cho met with North Korean spies who had set up a hacking base disguised as a trading firm in the Northeastern Chinese city of Shenyang.
The North Korean spies were allegedly associated with the country’s Reconnaissance General Bureau.
According to the Federation of American Scientists, this department ferrets out strategic, operational, and tactical intelligence for the Ministry of the People’s Armed Forces and plants spies in South Korea, either via boat or though tunnels under the demilitarized zone.
The Seoul Metropolitan Police said that Cho paid the spies tens of millions of won to develop the illegal game software.
Ten million won is equal to US $8520 or £5514.
The police allege that Cho turned to the reconnaissance unit to develop the games at this cheap price and knew they were infected.
According to Geek.com, the cost of the infected games was about one-third of a typical price.
Cho is also accused of setting up a server in South Korea that the North Koreans used in attempts to launch DDoS attacks at South Korean networks.
According to Geek.com, one such recent DDoS attack was launched against South Korea’s Incheon International Airport. Airport departures were disrupted multiple times in the spring of 2011 as a result.
The attack used a botnet of zombified computers that had been infected after their owners downloaded the Trojans by playing the poisoned games.
Beyond turning players’ computers into zombies, authorities also believe that Cho may have passed along personal information about more than 100,000 registered users to the North Koreans.
The police said Cho retained the personal information of hundreds of thousands of South Koreans, having collected the data from major portals.
This isn’t the first time North Korea has been implicated in cyberwarfare against South Korea.
There have long been claims that North Korea is operating a cyberwarfare unit (presumably being countered by the one alleged to exist in South Korea), and in 2008 it was reported that South Korea’s military command and control centre were the target of a spyware attack from North Korea’s electronic warfare division.
The sexy female seductress at the centre of that case, who was accused of seducing army officers in exchange for military secrets, was subsequently jailed for five years.
In 2009, a massive DDoS attack crippled 26 South Korean and foreign governmental websites, including military sites.
This spring, between April 28 and May 13, North Korea’s Reconnaissance General Bureau also managed to devastate GPS signals throughout the Korean peninsula.
The Reconnaissance General Bureau’s cultivation of cyber warriors is now at such an advanced state, in fact, that a South Korean expert recently claimed that North Korea’s abilities to wage a devastating cyber war are behind only those of the US and Russia.
North and South Korea image courtesy of Shutterstock.