By: Denise Simon | Founders Code
Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.
Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.
The compromised documents include wartime contingency plans drawn up by the US and South Korea.
They also include reports to the allies’ senior commanders.
Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.
Mr Rhee belongs to South Korea’s ruling party, and sits on its parliament’s defence committee. He said some 235 gigabytes of military documents had been stolen from the Defence Integrated Data Centre, and that 80% of them have yet to be identified.
The hack took place in September last year. In May, South Korea said a large amount of data had been stolen and that North Korea may have instigated the cyber attack – but gave no details of what was taken.
North Korea denied the claim. The isolated state is believed to have specially-trained hackers based overseas, including in China. More here.
Russia is always part of the rogue nation process, it timing is curious as you read on. TransTeleCom is owned by Russia’s state-run railway company and has fiber optic cables that follow all the country’s main train lines, including all the way up to the North Korean border.
Related reading: North Korea gets new Internet access via Russia
Reuters: North Korea has opened a second internet connection with the outside world, this time via Russia, a move which cyber security experts said could give Pyongyang greater capability to conduct cyber attacks.
Previously traffic was handled via China Unicom (0762.HK) under a deal dating back to 2010. TransTeleCom now appears to be handling roughly 60 percent of North Korean internet traffic, while Unicom transmits the remaining 40 percent or so, Dyn said.
The new external connection was first reported by 38 North, a project of the U.S.-Korea Institute at Johns Hopkins School of Advanced International Studies (SAIS).
TransTeleCom declined to confirm any new routing deal with the North Korean government or its communications arm. In a statement, it said: “TransTeleCom has historically had a junction of trunk networks with North Korea under an agreement with Korea Posts and Telecommunications Corp signed in 2009.”
North Korea’s internet access is estimated to be limited to somewhere between a few hundred and just over 1,000 connections. These connections are vital for coordinating the country’s cyber attacks, said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye, a cyber-security company.
Boland said the Russian connection would enhance North Korea’s ability to command future cyber attacks.
Having internet routes via both China and Russia reduces North Korea’s dependence on any one country at a time when it faces intense geo-political pressures, he said.
>Many of the cyber attacks conducted on behalf of Pyongyang came from outside North Korea using hijacked computers, Boland said. Those ordering and controlling the attacks communicate to hackers and hijacked computers from within North Korea.
“This will improve the resiliency of their network and increase their ability to conduct command and control over those activities,” Boland said.
The Washington Post reported earlier that the U.S. Cyber Command has been carrying out denial of service attacks against hackers from North Korea designed to limit their access to the internet. (wapo.st/2yRbg8w)
In February 2005, the TTK became the largest party in terms of the European Internet Exchange London Internet Exchange (LINX). In July 2005, the TTK became the fifth operator in Russia, received the right to provide long-distance services (after Rostelecom, Tsentrinfokoma, Golden Telecom and MTT). “TransteleCom” JSC provides communications services in Kazakhstan and for a map of locations and services, go here.