South Korean prosecutors and intelligence agents raided an IT firm suspected of helping North Korean hackers access personal computers in the South and turn them into so-called “zombie PCs.”
Authorities from the Seoul Central District Prosecutors’ Office and the National Intelligence Service Tuesday stormed an IT company and the residence of the company’s owner, who is surnamed Kim.
Kim allegedly had two partner companies that provided him access to servers used by personal computers in South Korea.
Kim, 50, is suspected of providing information on those servers to North Korean hackers and helping them spread malicious viruses to at least 110,000 personal computers in the South.
The viruses allegedly turned the computers into “zombie PCs,” which are remotely controlled by North Korean hackers although their owners don’t know it. Zombie computers can be used for various types of cyberattacks, including the so-called distributed denial of service (DDoS) attack, which transmits a massive amount of traffic to a Web site to paralyze it.
According to the prosecution, Kim helped the hackers set up a so-called “bot-net,” an acronym of “robot” and “network,” a large number of computers controlled by hackers as a zombie computer army.
Over the past two years, Kim allegedly used some servers of his partner companies and offered IDs and passwords to North Korean hackers so they could access the individuals’ computers on the servers.
The contaminated computers were ready to launch a DDoS attack any time the hackers wanted, the prosecution said.
An owner of one of Kim’s partner companies that lent their servers to Kim told him, “The server I lent you seems to have traffic overload,” according to the Dong-A Ilbo.
In response, Kim reported this to his North Korean hacker friends and advised them to “pay attention [to the servers] and not cause overloaded traffic,” the Dong-A Ilbo reported.
Kim is allegedly a former pro-Pyongyang student activist who protested the Chun Doo Hwan dictatorship in the 1980s. He founded an IT firm based in China, mainly running inter-Korean business.
Prosecutors and agents suspect Kim could have met with North Korean agents during his trips to China, which is a violation of the National Security Law.
The prosecutors and NIS agents confiscated possible evidence and planned to call Kim in for questioning as soon as they complete an analysis. They said they will pinpoint the 110,000 infected computers and contact them to recommend vaccine programs.
Kim didn’t seem to get paid by North Korea for granting them access to the South Korean computers, the Dong-A Ilbo said, at least not in cash. Instead, he was offered some smartphone applications made by North Korean engineers for free and sold them.
BY KIM HEE-JIN [heejin@joongang.co.kr]