Bad security advice ensures endless joy for the North
South Korea is accusing the North of using online attacks to target 90 diplomats, security officials, and journalists and of breaching 56 accounts run by such folk.
The attacks were thought-out and well constructed.
Email account credentials were stolen through targeted spear-phishing linked to 27 domains setup to lure specific targets, rather than a generic wave of phishing containing broadly enticing subject matter.
Seoul has not yet confirmed if sensitive state secrets have been compromised, local news agency YonHap reports.
Supreme Prosecutors’ Office officials said Monday the attacks occurred between January and June with attacks targeting the ministries of Foreign Affairs, and Defense and Unification.
Journalists posted to those agencies were targeted along with those investigating Pyongyang.
Seoul officials reckon the attacks reek of the North as threat fingerprints mirror those of a confirmed Pyongyang hack in 2014.
They blame the North’s General Bureau of Reconnaissance, otherwise known as the nation’s state-sponsored offensive hacking unit.
South Korea’s National Security Service and the Korea Internet and Security Agency worked in concert with prosecutors to kill the phishing sites.
“It is important (for government officials) to refrain from using private email accounts for official work, and they should frequently change their email passwords,” one prosecution official said.
“When officials carry out important tasks, it is desirable for them to take some security steps such as temporarily shutting down the internet.”
That advice is off centre. Regular password resets have been long shown to do little to bolster defence or boot intruders, and can actually soften systems since users are generally inclined to select weaker and more cliche passwords as the need to constantly select new codes wears thin.
Shutting off the internet on a machine otherwise open to the public web would be little more than a chance coffee break for attackers.
North Korea attacks include hacks against Seoul defence contractors, social networks, and major online retailers, all of which have exposed sensitive documents and the personal information of tens of millions of residents. ®
Sponsored: Global DDoS threat landscape report