Fwd: [ISN] Hackers exploit Korea to attack global systems
Hmm speaking of the Asian rim:
http://www.koreaherald.co.kr/SITE/data/html_dir/2002/04/26/200204260031.asp
By Yang Sung-jin Staff reporter 2002.04.26
Hackers are increasingly using South Korea as an entry point to attack computer systems in other countries, a serious situation that could undermine the country's image ahead of the World Cup finals, experts and industry sources said yesterday.
Major international studies show that a large percentage of computer attacks can be traced to Korea, suggesting that the country's cyber security system needs an urgent upgrade or overhaul.
According to New York-based Predictive Systems Inc., Pacific Rim countries were involved in 91 percent of attacks that weren't traced to the U.S., which continued to be the leading source of attacks and target for them. Korea accounted for 34 percent, followed by 29 percent for China, 10 percent for Japan and 7 percent for Taiwan.
The National Policy Agency's Cyber Center said the number of hacking incidents is rising steadily with the World Cup just around the corner.
Some foreign servers block access attempts whose origins are traced to Korea, implying that the country's leadership in the broadband Internet business may be marred by its negligence in upgrading lame security protection systems, the center said.
The center, in charge of cracking down on cyber crime and hacker attacks, estimated that 22 international hackers broke into 11,222 server systems around the world between August last year and March this year. Of 6,287 sites with identifiable origins, 39 percent were traced to Korea, the center said.
It said about 4,376 systems in Korea have been the targets of hacking attempts during the period and the actual damage might have affected more than 40,000 systems nationwide.
The police cyber center said Korea was most vulnerable to hacker attacks, followed by the United States, China, Taiwan, Romania and India.
The victims ranged from a major Internet portals to state-run research agencies to security solutions providers.
Even a government organization armed with the latest security solutions was a victim of an attack by sophisticated foreign hackers, police said.
According to the center, the average number of hacking incidents in the year to March was 614, up 20.2 percent from the year-earlier period. More importantly, a large number of victims did not know their systems had been attacked.
Police said its cyber team is chasing 22 suspects whose origins are outside of Korea in connection with the latest hacking incidents. Police are tracking hackers' IP (Internet Protocol) addresses and working with investigators in other countries.
Police said 18 of the 22 suspects are Romanian and others come from Australia, Brazil, Germany and Russia.
"Schools have turned out to be most vulnerable to hackers' attacks since they care little about their network security and international hackers are exploiting such school systems," the Cyber Center said.
Hackers use a variety of techniques to hop from one computer to another to disguise their location, making it hard for investigators to trace the criminal activities.
The reason for the frequent attacks on Korean systems is the country's fast-growing broadband network. More than half of the nation's households are now wired to the high-speed Internet network and tens of thousands of local PC salons are crowded with multi-user network game users and online stock traders.
Although the broadband network has advanced by leaps and bounds, Korea is required to strengthen its security level by adopting advanced software and solutions to block hacking attempts.
Some foreign servers block access attempts whose origins are traced to Korea, implying that the country's leadership in the broadband Internet business may be marred by its negligence in upgrading lame security protection systems, the center said.
No kidding. Some of us have gotten so tired of spam from Korea, both stuff relayed from the west and Korean-language spam promoting Korean web sites, combined with the complete lack of response to all abuse reports, that we've blocked all mail from Korean networks. As an experiment, I set up an RBLish blocking list at korea.services.net. It lists all the APNIC space assigned to Korea (I think, APNIC's records are sloppy) along with any ARIN space assigned to Korea that's come to my attention due to being spammed from it. It blocks a lot of spam, with very little collateral damage for me since despite having books in print in Korean in Korea, nobody ever writes to me from there. I've told people they can use it informally, and it now gets about 5 hits per second, up from 3 a few weeks ago. The blocking message points at a web page explaining why I'm blocking mail, with an unblocked address to write to me, so I get about one message a week from Korean sysadms saying "I fixed my open relay, please unblock my /32 now". I write back and say it's not just them, their entire ISP is blocked due to unresponsiveness. I hope someday they'll clean up their act enough to stop blocking them, but I'm not holding my breath. Anyone's welcome to use it informally. There's no SOA and no zone transfers since it's running rbldns, not bind, but you can check dig 3.0.0.127.korea.services.net to see how it works. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com, Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
On 26 Apr 2002, John R. Levine wrote:
Some foreign servers block access attempts whose origins are traced to Korea, implying that the country's leadership in the broadband Internet business may be marred by its negligence in upgrading lame security protection systems, the center said.
No kidding. Some of us have gotten so tired of spam from Korea, both stuff relayed from the west and Korean-language spam promoting Korean web sites, combined with the complete lack of response to all abuse reports, that we've blocked all mail from Korean networks.
It extends beyond spam. We run a fairly high-volume website for a client that has a members area. We have seen nothing but continuous DOS and password scanning attempts against the site(on the order of several thousand per second) from numerous points across Korean IP space to the point that we've begun blackholing all of it as soon as these attacks begin(several a day.) Scary stuff. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
participants (3)
-
blitz -
johnl@iecc.com -
Patrick