NORTH KOREA’S HACK THREAT

The Washington Times Daily - - WORLD - BY BILL GERTZ

The FBI and Depart­ment of Home­land Se­cu­rity warned this week that North Korea is us­ing ma­li­cious soft­ware to set up net­works of hi­jacked com­puter de­vices that can be used in large-scale cy­ber­at­tacks on crit­i­cal in­fra­struc­ture.

A re­port pub­lished Tues­day iden­ti­fies the tech­ni­cal tools and net­works used by North Korean gov­ern­ment hack­ers to tar­get me­dia, aero­space, fi­nan­cial and crit­i­cal in­fra­struc­ture in the United States and around the world un­der the code name Hid­den Co­bra.

“DHS and FBI as­sess that Hid­den Co­bra ac­tors will con­tinue to use cy­ber oper­a­tions to ad­vance their gov­ern­ment’s mil­i­tary and strate­gic ob­jec­tives,” the re­port said. “Cy­ber an­a­lysts are en­cour­aged to re­view the in­for­ma­tion pro­vided in this alert to de­tect signs of ma­li­cious net­work ac­tiv­ity.”

North Korea is con­sid­ered to be a grow­ing cy­ber­war­fare threat and is be­lieved to be de­vel­op­ing ca­pa­bil­i­ties to con­duct large-scale cy­ber­at­tacks on the United States.

The mal­ware linked to the North Korean hack­ers is called Delta Char­lie and is “used to man­age North Korea’s dis­trib­uted de­nial-of-ser­vice (DDoS) bot­net in­fra­struc­ture,” the no­tice from DHS’ Com­puter Emer­gency Readi­ness Team says.

The DHS and the FBI urged all sys­tem ad­min­is­tra­tors who de­tect Hid­den Co­bra — ei­ther the mal­ware, net­work sig­na­tures or other in­di­ca­tors — to re­port them to the DHS or FBI as soon as pos­si­ble. Both agen­cies have spe­cial units to deal with such in­fra­struc­ture cy­ber­at­tacks, the Na­tional Cy­ber­se­cu­rity Com­mu­ni­ca­tions and In­te­gra­tion Cen­ter un­der the DHS and the FBI has its Cy­ber Watch pro­gram.

The no­tice says any signs of the North Korean cy­ber­at­tack should be “given high­est pri­or­ity for en­hanced mit­i­ga­tion” — an in­di­ca­tion of the level of con­cern.

The no­tice listed a num­ber of in­ter­net pro­to­col ad­dresses used by the North Kore­ans.

“Since 2009, Hid­den Co­bra ac­tors have lever­aged their ca­pa­bil­i­ties to tar­get and com­pro­mise a range of vic­tims; some in­tru­sions have re­sulted in the ex­fil­tra­tion of data while oth­ers have been dis­rup­tive in na­ture,” the no­tice said.

Al­ter­na­tive names used by the North Kore­ans in­clude the Lazarus Group and Guardians of Peace.

The Guardians of Peace was the cover name used by North Korean hack­ers op­er­at­ing from China and South­east Asia that car­ried out the Novem­ber 2014 cy­ber­at­tack against Sony Pic­tures In­ter­na­tional, one of the first ma­jor na­tion-state cy­ber­at­tacks to be iden­ti­fied pub­licly by the U.S. gov­ern­ment.

The North Kore­ans are us­ing large net­works of hi­jacked com­put­ers, called bot­nets, that are part of dis­trib­uted de­nial of ser­vice at­tacks. Other hack­ing tools in­clude key­log­ging soft­ware that can record and send key­strokes, re­mote ac­cess tools used in cy­beres­pi­onage at­tacks, and “wiper” mal­ware that de­stroys data.

“Fur­ther re­search is needed to un­der­stand the full breadth of this group’s cy­ber ca­pa­bil­i­ties. In par­tic­u­lar, DHS rec­om­mends that more re­search should be con­ducted on the North Korean cy­ber ac­tiv­ity that has been re­ported by cy­ber­se­cu­rity and threat re­search firms.”

North Korean hack­ers gen­er­ally tar­get com­puter net­works that use older, un­sup­ported ver­sions of Mi­crosoft op­er­at­ing sys­tems that con­tain se­cu­rity flaws. Adobe Flash player soft­ware vul­ner­a­bil­i­ties also have been used by Py­ongyang’s hack­ers.

“A suc­cess­ful net­work in­tru­sion can have se­vere im­pacts, par­tic­u­larly if the com­pro­mise be­comes pub­lic and sen­si­tive in­for­ma­tion is ex­posed,” the re­port warned, not­ing the dan­ger of lost data, dis­rup­tion of oper­a­tions, fi­nan­cial losses and rep­u­ta­tional dam­age. Net­work ad­min­is­tra­tors are be­ing urged to ap­ply se­cu­rity patches to all soft­ware to stave off at­tacks. ar­eas near the United States in a bid to counter ex­ten­sive Air Force and Navy sur­veil­lance around China’s coasts.

“China is ex­pand­ing its ac­cess to for­eign ports to pre-po­si­tion the nec­es­sary lo­gis­tics sup­port to reg­u­lar­ize and sus­tain de­ploy­ments in the ‘far seas,’ waters as dis­tant as the In­dian Ocean, Mediter­ranean Sea, and At­lantic Ocean,” the re­port says in a spe­cial sec­tion on over­seas ac­cess.

The most vis­i­ble base is be­ing built near the Horn of Africa in Dji­bouti. The Chi­nese be­gan build­ing a mil­i­tary base there in Fe­bru­ary 2016 and are ex­pected to com­plete the fa­cil­ity this year. Bei­jing has said the base will help Chi­nese navy and army units take part in U.N. peace­keep­ing, as­sist naval es­cort mis­sions in the area for Chi­nese freighters, and pro­vide hu­man­i­tar­ian as­sis­tance.

But the Pen­tagon said the base and reg­u­lar naval vis­its to for­eign ports “both re­flect and [am­plify] China’s grow­ing in­flu­ence, ex­tend­ing the reach of its armed forces.”

The re­port re­verses decades of U.S. in­tel­li­gence re­port­ing that in­sisted China har­bored no in­ter­na­tional am­bi­tions be­yond pre­par­ing to fight a con­flict with Tai­wan, lo­cated 100 miles across the strait with south­ern China. The Pen­tagon now be­lieves China wants to project mil­i­tary power around the world to sup­port its eco­nomic in­ter­ests and crit­i­cal sea lanes.

“China most likely will seek to es­tab­lish ad­di­tional mil­i­tary bases in coun­tries with which it has a long-stand­ing friendly re­la­tion­ship and sim­i­lar strate­gic in­ter­ests, such as Pak­istan, and in which there is a prece­dent for host­ing for­eign mil­i­taries,” the re­port said.

China also is be ex­pected to uti­lize the

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.