North’s intelligence bureau builds zombie PC network in South

The head of a South Korean information technology company handed over the right to access domestic computer network servers to spies from North Korea’s intelligence bureau and a North Korean hacker, transforming more than 100,000 personal computers in the South into zombie PCs, it has been confirmed.

If the North staged a cyber terrorist attack on the South by using the 100,000 zombie PCs, the South could have suffered the worst ever denial of access attack or hacking incident, analysis by South Korean national security authority suggests.

The Seoul Central District Public Prosecutors’ Office and national security authority on Tuesday raided and searched the company, two offices of its server hosting agency and residence of Kim, head of the IT company. He is suspected of helping a North Korean hacker in China to construct “Botnet,’ a zombie PC network by spreading malicious virus into the south Korean computer network, and of contacting spies from the North’s general intelligence bureau.

Prosecution and national security authority have seized servers Kim rented, and secured related documents. They also will check the list of zombie PCs that were infected with the virus without the users’ knowledge, and treat the virus using vaccine programs.

According to prosecution and national security authority, Kim is suspected of borrowing a portion of a server from a small South Korean server hosting agency, and handed over IDs and passwords required to access the servers to a North Korean hacker about two years ago. The North Korean hacker spread malicious virus to the server by using the access right he gained from Kim, and constructed a network of more than 100,000 zombie PCs. Once zombie PCs are created, the server in question will encounter traffic overload. The company that rented the server to Kim once pointed out that “The server that I rented you seems to encounter error due to traffic overload.” Then, Kim contacted the North Korean hacker to advise that “You should be careful to prevent traffic overload.”

Kim is reportedly a former anti-government activist that graduated from the engineering college at a four-year private university in Seoul. He frequently visited China while working with a South-North Korea joint IT company that was based in China in the late 1990s. Prosecutors and national security authority judge that Kim contacted North Korean spies in the process.

Kim is believed to not have taken any financial gifts from the North. Instead, he sold smartphone application developed in the North and earned profit in the South. Prosecutors plan to trace Kim’s bank accounts in the coming weeks to check if he committed the crime in return for favor.

Cyber terror attacks that are believed to have been committed by the North include hacking into South Korean broadcasters and Nonghyup Bank in March this year, denial of access attacks on July 7, 2009, denial of access attack and hacking into Nonghyup’s computer network on March 4, 2011. At the time, an estimated number of up to 20,000 zombie PCs were mobilized to carry out the attacks.

“In light of cases in the past, North Korea has been repeating the pattern, in which it constructed a zombie PC network in South Korea, and launches attacks without revealing any prior signs,” said a source at the national security authority.