North Korea defector hack: Personal data of almost 1,000 leaked

[The AchieVer]

Image copyrightGETTY IMAGES

Image captionWhen defectors arrive in South Korea, they are put through a state resettlement programme

Almost 1,000 North Korean defectors have had their personal data leaked after a computer at a South Korean resettlement centre was hacked, the unification ministry said.

A personal computer at the state-run centre was found to have been "infected with a malicious code".

The ministry said this is thought to be the first large-scale information leak involving North Korean defectors.

The hackers' identity and the origin of the cyber-attack is not yet confirmed.

• Could defectors affect North Korea talks?
• N Korea defector numbers 'drop' under Kim
• My friend the North Korean defector

The North Gyeongsang resettlement centre is among 25 institutes the ministry runs to help an estimated 32,000 defectors adjust to life in South Korea.

Are defectors' families in danger?

The North Korean government does not know the identities of all citizens who have defected. Some may be considered "missing persons" or they may have even been registered as dead.

Some 997 North Korean defectors have now been informed that their names, birth dates and addresses have been leaked but it is not clear what impact this will have.

Analysts say there are some concerns that the leak could endanger the defectors' family members who remain in North Korea.

Sokeel Park, South Korea Country Director for Liberty in North Korea, an international NGO that assists North Korean defectors, says this hack will make other defectors feel less safe living in South Korea. They may change their names, phone numbers and home addresses.

Investigations by the unification ministry and the police are currently ongoing, with the ministry saying it would "do its best to prevent such an incident from happening again".

On 19 December, the ministry became aware of the leak after they found a malicious program installed on a desktop at a centre in North Gyeongsang province.

Image copyrightGETTY IMAGES

Image captionNorth Korean defectors are seen here at a different resettlement facility in South Korea

The ministry said that no computers at other Hana (resettlement) centres across the country had been hacked.

One expert on North Korean cyber-warfare, Simon Choi, believes that this might not be the first time a Hana centre has been hacked.

"[There is a North Korean hacking] group [that] mainly targets [the] North Korean defector community... we are aware that [this group] tried to hack a Hana centre last year," he told the BBC.

However, he added that it was not yet clear if any North Korean groups were responsible for the latest attack.

Has North Korea been behind previous attacks?

Cyber-security experts have been warning of the increasing sophistication of hackers from the North for some time.

In September, US prosecutors charged a North Korean man alleged to have been involved in creating the malicious software used to cripple the UK's National Health Service.

The 2017 incident left NHS staff reverting to pen and paper after being locked out of computer systems.

One of the most high profile hacks linked to North Korea in recent years targeted Sony's entertainment business in 2014 - wiping out massive amounts of data and leading to the online distribution of emails, and sensitive personal data.

North Korean state media has also often threatened to silence defectors in the South who make derogatory statements about the regime.

Sokeel Park told the BBC that cyber-attacks and phishing attempts on people working on North Korea are a common occurrence.

"They represent an asymmetric advantage for the North Korean authorities because attribution for cyber-attacks is so difficult and because the North Korean government intentionally relies so little on the internet", he added.

However, the government in the South has not pointed the finger at North Korea this time.

 

source

[straycat19]

In almost every single case of a hacked computer system the cause can be tracked back to a user who clicked a link, opened an attachment, or wanted a piece of software they saw on the internet and installed it.  That is the reason why organizations should have two separate networks, one that has no external connections and one that does.  One is used to process sensitive information and the other is used for all other requirements.  Today there are networks that have no access to the internet but have access to other networks around the world thru encrypted microwave and satellite communications.  These are used by government agencies to process, store, and evaluate classified and sensitive material.  For years the US government has created false data storage files for foreign governments to access.  The most publicized was the files for the space shuttle that the Russians were allowed to obtain.  There was so much wrong information in those files that the Russian copy almost burned up and they never built another one.  The US ensures that foreign nations think they really got something by salting the false information with some factually accurate information that can be checked and verified and by then publicizing the intrusion through all media channels.  It all comes under the heading counter-intelligence.  So when stories like the above come out, there is always the question, how much actual data was divulged and how much false information did they manage to feed their adversary.