Yesterday it emerged that last year's hacking attack on the website of the Seoul-based daily Joongang Ilbo was probably carried out by North Korea. This has led to questions of not only why Joongang Ilbo was targeted, but also why other conservative daily newspapers were not.
The original attack occurred just five days after threats of "merciless retaliation" against major South Korean news outlets Joongang Ilbo, Chosun Ilbo, Channel-A (owned by Donga Ilbo), KBS, CBS, MBC and SBS.
South Korea’s “Cyber Terror Response Center (CTRC)” confirmed the absence of simultaneous attacks on other organizations to Daily NK on the 17th, saying, “We know that no other media outlets were attacked at the time,” and that “there were no reports from or damage to other media outlets.”
Therefore, one cyber-security expert has since suggested that it could be because among all South Korean media groups, Joongang Ilbo is the one whose servers carry the greatest quantity of private information on key individuals.
One Korea University professor who asked to remain anonymous agreed with this suggestion, explaining, “Chosun Ilbo and Yonhap News both provide ‘individual search’ systems for finding specific individuals, but the Joongang Ilbo server has the greatest amount of personal information. Companies utilize their system most frequently, and it is the most rapidly updated.”
“To a North Korean hacker this would have been a very attractive target,” the professor added. “By obtaining information about specific people, they can target them for hacking and cyber terrorism.”
According to experts, a North Korean hacking team will have obtained personal information from the Joongang Ilbo site and then used it to easily hack other South Korean organizations. So-called “Advanced, Persistent Threat (APT)” attacks by bigger teams of hackers take place in this way.
Typically, the first step of an APT hacking project is to find a particular group, company, government agency or persons responsible for certain tasks. Next is to figure out the preferences of those persons and send them “credible” e-mails containing malignant code. In 2011, North Korea attacked South Korean conglomerate Nonghyup in this way, bringing down the entire server.