North behind hacking attack on JoongAng Ilbo

North Korea was behind the cyberattack that temporarily disabled the JoongAng Ilbo’s Web site and server last year, according to the National Police Agency.

The attack was orchestrated by Pyongyang’s Ministry of Posts and Telecommunications, South Korean police said.

On June 9, 2012, at around 6:30 p.m., the news site (www.joongang.co.kr) was shut down.

A photo of a grinning white cat above a statement “Hacked by IsOne” appeared instead, along with unknown code in green behind the cat.

Following the cyberattack, the JoongAng Ilbo and the Korea JoongAng Daily lost the databases that store articles and photos and the editing system was damaged, disrupting operations.

“We reached the conclusion that the culprit is North Korea,” Jong Seok-hwa, chief investigator of the Cyber Terror Response Center of the National Police Agency, said at a briefing.

“At the request of the JoongAng Ilbo, we conducted an investigation over the past seven months,” he said.

“The investigation was difficult, because the entire system was wiped out,” Jeong said. “So we traced clues using the online security system and Internet firewall of the JoongAng Ilbo.

“As a result, we found two domestic servers the hackers used and 17 other servers used by computers in 10 foreign countries,” he said. “We also detected six malicious pieces of code involved with the hacking.”

Through the information on the servers in foreign countries, police analyzed the servers.

“The crucial proof is that one of the servers was constantly connected to an IP address of the Joson Telecommunication Company, an affiliate of North Korea’s Posts and Telecommunications Ministry,” Jeong said.

Police also found one of the servers was also used in the previous two hacking cases, a three-day distributed denial-of-service (DDoS) attack that crippled 40 Web sites run by the government and private businesses on March 4, 2011, and a massive cyberattack on Nonghyup Bank on April 12, 2011.

At the time, police also concluded the North Korean regime was responsible.

“Statistically, there’s very little chance that different hackers used an identical server,” he said. “There are about four billion addresses in the world. The hacker in all three cases must be the same person.”

Jeong also said the hacker behind the JoongAng Ilbo attack encrypted malignant code in the system that was identical to that of previous cases.

Before the attack on the JoongAng Ilbo, Pyongyang had denounced the South’s critical reports on their national occasions.

Four days before the hacking, the regime warned that it would stage a military attack against local media companies, including the JoongAng Ilbo.

“We can’t tolerate North Korea’s hacking of the JoongAng Ilbo’s news production system, an infringement of the freedom of press and the public right to know,” Seo Gyeong-ho, the chief communication manager at JoongAng Ilbo, said. “We call on Pyongyang not to repeat that kind of act.”

By Kim Hee-jin [heejin@joongang.co.kr]