The VICE Channels

    The "Dark Seoul" Hackers Were After South Korean Military Secrets

    Written by

    Meghan Neal

    contributing editor

    New light has been shed on the major cyberattack that wiped out tens of thousands of computers in South Korea in March. According to a new report from security firm McAfee Labs, the hackers weren’t simply out to cause mischief, wreaking havoc on ATMs and telecommunications throughout the country. They were trying to steal military secrets.

    Researchers say this information adds weight to South Korea's claim that North Korea was behind the "Dark Seoul” attack in March.

    There’s logic to this claim. North Korea has accused its neighbors to the south as being a merely a puppet nation in cahoots with the US, and the report found that the cyberattackers were searching for signs of military plans showing South Korea and the US teaming up.

    The hackers used malware codes injected like a Trojan horse, in a program dating back to 2009, now nicknamed the "Operation Troy,” to search out terms (in Korean) like "US Army," "secret," "weapon," "Joint Chiefs of Staff," and other "sensitive" terms that the report didn't publish at the behest of the US government.

    "This goes deeper than anyone had understood to date, and it's not just attacks: It's military espionage," Ryan Sherstobitoff, a senior threat researcher at McAfee, told the Associated Press.

    The Dark Seoul attack wasn't the first time South Korea has pointed fingers north. (And won't be the last.) Others aren't so sure. Some blame China. Others, like security software maker Symantec, blame the mysterious “Dark Seoul Gang,” which Symantec reports is a well-organized group of 10 to 50 hackers—though of course that tells us nothing about who they are, where they are, or what their motivations are. Is it North Korea? Is it Anonymous? Are they the same?

    Symantec also blames the gang for the latest cyberattack on South Korea, on June 25, the anniversary of the Korean War, while the McAfee report suggests the military-secret-searching hackers were behind that incident. Most people say the hacktivists with Anonymous were behind the stunt.  One way or another, the hack was pretty well bungled. Either Anonymous South Korea successfully hacked North Korea but then botched it and ended up hacking its own country, or North Korea was pretending to be Anonymous when it retaliated. Either way, it's a hot mess.

    The researchers over at McAfee studied each line of malware code to try and find out who the hackers were or what information they may have obtained, but these questions remain mysteries.

    Meanwhile in North Korea, a country where most citizens don’t have steady access to electricity, let alone the internet, the state under Kim Jong-un has focused on developing computers and IT infrastructure, which officials insist are to protect against cyberattacks, not wage them. Experts aren’t so convinced.

    "I used to joke that it's hard for the North Koreans to have a cyber army because they don't have electricity, but it looks as if the regime has been investing heavily in this," James Lewis, a senior fellow at the Center for Strategic and International Studies told the Associated Press.

    In regards to the March attack, McAffee researchers wrote, "The clues left behind confirm that the two groups claiming responsibility were a fabrication to throw investigators off the trail and to mask the true source."

    Therein lies the most convenient thing about waging anonymous cyberattacks: it's real easy to pin it on someone else.