Hackers post U.S. troops’ personal details; collateral damage from the Korean cyberwar?

[Erica Absetz <erica () riskbasedsecurity com>]

Computer hackers leaked personal information about thousands of U.S.
troops stationed in South Korea, the Pentagon confirmed Wednesday,
adding it is investigating the security breach, which came a day after
cyberattacks knocked South Korean government and news websites
offline.

“The department is currently investigating reports that the personal
information of U.S. forces was compromised in recent cyberattacks
against [South] Korea,” said Air ForceLt. Col. Damian Pickart,
aPentagon spokesman.

The attacks “keenly illustrate the continued challenges and threats
posed in cyberspace,” he said.

The computer attacks Tuesday came on the anniversary of the outbreak
of the Korean War in 1950 and are widely believed to be the work of
North Korean state-sponsored hackers.

A South Korean security firm, NSHC, first reported the online posting
of personal data about the U.S. troops and of an estimated 2 million
members of South Korea’s ruling political party.

Initial accounts failed to specify what information about the troops
had been posted. Col. Pickart said the Pentagon’s definition of
personal data includes names, birth dates and Social Security numbers
of service members.

The databases used to store such information can easily be compromised
if the data is improperly stored or unencrypted.

The online posting of the personal data on U.S. troops in South
Koreacame on the heels of what appeared to be a large-scale
cyberattack onSouth Korean government and news websites Tuesday that
temporarily shut down more than a dozen of the sites.

Park Jae-moon, director of the South Korean Science Ministry's
Information Technology Strategy Bureau, told reporters Tuesday that
the websites of 11 media outlets, four government agencies and the
conservative New Frontier political party had been shut down by the
malware-based attack.

The websites of South Korea’s presidential residence and prime
minister’s office were offline for most of the day.

North Korea’s communist government has been linked to earlier computer
attacks against the South.

An official South Korean inquiry traced back to North Korea a more
widespread attack in March that wiped data from 32,000 computers at
three banks and three TV broadcasters.

It also shut down email, websites, ATMs and online banking for a day or more.

North Korea was blamed for cyberattacks in 2009 and 2011 that also
targeted South Korean financial institutions and government agencies.

This week’s attacks and the hacking in March exploited flaws in
computer software that can allow malicious programs to be downloaded
onto affected computers — a relatively complex action suggesting a
sophisticated attacker.

“The use of the data dump tactic indicates the attack was likely done
by a politically motivated group,” rather than state-sponsored
hackers, according to the British technology news website V3.

In testimony last year to the House Armed Services Committee, the
commander of U.S. forces in South Korea, Gen. James D. Thurman, said
North Korea was employing special “units of sophisticated computer
hackers” to carry out cyberattacks.

“Such attacks are ideal for North Korea,” he added, explaining that
they are difficult to trace.

North Korean cyberattacks “have been increasingly employed against a
variety of targets including military, governmental, educational and
commercial institutions” in the South, Gen. Thurman said.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.