March 20, 2013

Google Logo Add Us On GoogleAdd SciAm

Cyber Attack Takes Down Computers in South Korea, Motives and Culprit Unclear

By Larry Greenemeier

Join Our Community of Science Lovers!

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American

The cyber attacks against several South Korean television stations, banks and insurance firms on Wednesday may not have been crippling or widespread, but their timing further fuels concerns over who is launching such attacks, what constitutes “cyber warfare” and how should countries react to such online aggression.

The malicious software—or malware—used in the attack interferes with antivirus and other security software and can wipe the contents of a computer’s hard disk as well as drives attached to or mapped to the infected computer, according to a blog post by Symantec, a cyber security researcher and software vendor. The malware then forces the infected computer to reboot, which it cannot do because its files have been wiped, rendering the device useless. The attacks prevented some bank customers from using their debit and credit cards, although South Korea’s government agencies or critical infrastructure were not impacted. Currently, investigators have no indications of the source of this attack or how the attackers infiltrated the victims’ computers.

The malware attack follows North Korea’s accusations last week of U.S.-led efforts to attack that country’s Internet servers, on top of the increased rhetoric implicating China in cyber attacks directed at the U.S. Yet analysts and officials have not linked these latest cyber attacks to North Korea, and the malicious software used does not appear to contain any novel attack methods that would strike fear into the South Korean institutions targeted.

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

Investigators often have difficulty locating the origin of cyber assaults because the attackers tend to evade detection by breaking into poorly secured computers and using those hijacked systems as proxies through which they can launch and route attacks worldwide.

Still, any investigation into Wednesday’s attacks will likely assess the attacker’s motive as a means to develop an appropriate response. Is a cyber attack an act of aggression, or is it merely provocative, on par with a country testing weapons within its own borders, as North Korea did last month with its underground nuclear weapons test? “From a foreign policy perspective, we haven’t come to grips with what different cyber activity signifies,” says Daniel Castro, a senior analyst with the tech think tank Information Technology & Innovation Foundation.

For instance, the alleged attacks by China on U.S. firms strongly indicate “that China is interested in stealing intellectual property,” Castro says. Aside from “cost and embarrassment” to the South Korean victims for fixing the compromised computers and having the attacks made public, there does not appear to be any lasting damage, he adds.

Instead of being intimidated, the companies victimized are more likely to pour additional resources into the cyber defenses. Says Castro: “The attackers didn’t come up with a novel way of damaging their adversaries, and the attacks don’t show any strength of cyber military capability.”

South Korea has faced serious cyber threats in the past—in particular the 2011 and 2009 attacks attributed to North Korea (although they denied involvement)—this most recent incident must be put in perspective. “We need to start being more sophisticated about how we talk about cyber ‘attacks’ and cyber ‘war,’” says Peter Singer, director of The Brookings Institution’s Center for 21st Century Security and Intelligence.

Just as law enforcement would not place a mugger, a terrorist, a spy and a soldier in the same threat category because they all might use the same technology—gunpowder—cyber incidents should be carefully evaluated, Singer says. Even if North Korea were involved in Wednesday’s attack, “harassing South Korean Web sites is something very different than Chinese hackers stealing intellectual property,” he adds. “Both are bad, but very different bads.”

Larry Greenemeier is the associate editor of technology for Scientific American, covering a variety of tech-related topics, including biotech, computers, military tech, nanotech and robots.

More by Larry Greenemeier

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American

Subscribe