Go to contents

N. Korea hacked email accounts of Korea Univ. last year

Posted January. 17, 2012 00:14,   


The email accounts of the Graduate School of Information Security at Korea University were hacked last year, and the attempt was confirmed to have been made by Taiwan-based North Korean accounts.

“We found that the first email was sent from a North Korean overseas account that (South Korea’s) Defense Ministry and National Intelligence Service were aware of,” a university source said Monday, adding, “We concluded that North Korea attempted to hack our server to get information out of us immediately after the accident.”

The graduate school learned that an email containing malicious code was sent in November last year to 50 graduates via its internal email account (cist.korea.ac.kr), and conducted a joint investigation with intelligence and defense authorities. After tracking the origin, the email was found to have been sent from a server in Taiwan used often by North Korea.

The latest hacking attempt was made by the organization that sent email to the Korean Military Academy in May last year. When an email with malicious code was sent to 60 military officers in May last year, the Defense Ministry in Seoul tracked the origin and said, “It has the identical IP based in China that North Korea used in a hacking attack on March 4 last year.”

The malicious code can infect PCs and take out users` email exchanges. Fortunately, however, all graduates who got the email never opened the file and the codes themselves were defective, which prevented further damage.

“There was a compatibility issue because the codes were based on Hangul 2002 (a word processing program),” said a graduate school source who analyzed the malicious code, adding, “North Korea seems to have used Hangul 2002 to make the code knowing that the software is often used by the (South) Korean government.”

Korea University blocked the graduate school’s email server, which runs separately, and integrated all accounts with the university account that has a relatively stronger firewall and security protection. After the hacking attempt, it reinforced server monitoring and reinforced security education among staff.

“Samples of malicious code made by North Korean hacker troops are found in (South) Korea,” said a source from the South Korean computer security industry. “We need to find the means to prevent organized attacks by North Korea and defend ourselves."