Sinodefence forum is hacked?


Lieutenant General
Staff member
Super Moderator
Registered Member
Well you know what they say... two and two make four.

Or in this case, 15,000 + 15,000 + 10,000 names of marines= 40,000 names of marines.



Hmmm. I wonder if there's a connection.

Please, Log in or Register to view URLs content!

U.S. troops' details leaked in cyber attacks aimed at South Korea - reports

SEOUL (Reuters) - Hackers say they have leaked personal details of tens of thousands of U.S. troops to websites, South Korean news reports and online security officials said on Wednesday, a day after cyber attacks disabled access to government and news sites.

The hacking attacks on Tuesday, the anniversary of the start of the Korean War in 1950, brought down the main websites of South Korea's presidential office and some local newspapers, prompting cyber security officials to raise the alert.

The identity and motives of the attackers were not immediately clear, but the reports come as cyber security and surveillance have become a global issue, with the United States seeking fugitive former security contractor Edward Snowden who leaked details about U.S. surveillance to the media.

North Korea has been blamed for previous cyber attacks on South Korean banks and government networks, although it denies responsibility and has said it has also been a victim.

The unidentified hackers said they had secured and released publicly personal details of more than two million South Korean ruling party workers and 40,000 U.S. troops, including those stationed in South Korea.

"We have seen the sites where the details were posted and clips that supposedly capture the process of hacking into web sites," an official at the South Korean online security firm NSHC said.

The legitimacy of the information could not be verified, the official who requested anonymity said.

An official at the Communications Ministry said authorities were probing the nature of the attacks and declined to comment on the reports of leaked information about U.S. troops.

The U.S. military in South Korea, where 28,500 U.S. troops are stationed, did not immediately comment.

North and South Korea remain technically at war after their 1950-53 conflict ended in a truce, not a peace treaty. The U.S. troops' presence is aimed at ensuring the truce holds.

News reports said personal details such as dates of birth and ranks of 40,000 U.S. troops including members of the 25th Infantry Division and the 3rd Marine Division were leaked to unspecified websites.

The websites of the presidential Blue House and the Prime Minister's office were down for more than six hours on Tuesday.

North Korea is believed to be running a large corps of computer experts aimed at hacking into the networks of governments and financial institutions and was blamed most notably for the 2011 shutdown of a South Korean commercial bank.

Last week it accused the United States of being at the forefront of rights abuse, pointing to Snowden's revelations of mass surveillance operations by the National Security Agency.

On Tuesday, access to some North Korean news sites was blocked after the hacker group Anonymous vowed to direct a denial-of-service attack direct at them.

(Reporting by Jack Kim; Editing by Nick Macfie)
I was just about to post that. It would actually be pretty cool if it was true, lol.
Wow, we took a few swing at that little fat kid, and we got hacked...that's an honor, SDF must be famous and influential enough to get the royal treatment!
I bet tonight at North Korean news they will say SDF's action is a "declaration of war" and will turn our web pages into "sea of fire" by messing up our reply button.
Maybe they will be merciful to Equation by not messing around with the like button.


Or South Korea is just using this as an opportunity to blame North Korea. Why would the North care about US soldiers personal data to post it on South Korean sites. For all we know whoever in Anonymous that hacked SDF probably couldn't tell the difference between Chinese and Koreans. Maybe South Koreans don't know what the context of "Anonymous" means. They probably looked up the definition in a dictionary and concluded it was North Korea trying to hide by being anonymous.


Now a bunch of nationalistic South Koreans under Anonymous sounds more plausible.

Please, Log in or Register to view URLs content!

Four-year hacking spree in South Korea blamed on 'Dark Seoul Gang'
ReutersBy Jim Finkle | Reuters

By Jim Finkle

BOSTON (Reuters) - Researchers with U.S. security software maker Symantec Corp say they have uncovered digital evidence that links cyber attacks on South Korea dating back four years to a single hacking group dubbed the "Dark Seoul Gang."

Eric Chien, technical director with Symantec Security Response, said late on Wednesday that his firm made the connection while reviewing malicious software code used to launch attacks that disrupted some South Korean government websites earlier in the week.

He said that the evidence did not uncover the identity of the gang members.

North Korea has been blamed for previous cyber attacks on South Korean banks and government networks, although Pyongyang denies responsibility and has said it has also been a victim.

Symantec researchers found chunks of code that were identical to code in malicious programs used in four previous significant attacks, the first of which happened on July 4, 2009, according to Chien.

"We know that they are one gang," he said. "It is extremely well coordinated."

He estimates that the group has between 10 and 50 members, based on the sophistication of the code and the complexity of their attacks.

The July 4, 2009, attack wiped data on PCs and also launched distributed denial of service attacks that disrupted websites in South Korea as well as the United States.

In March of this year, the gang knocked tens of thousands of PCs off line at South Korean companies by destroying data on their hard drives, Chien said. It was one of the most destructive cyber attacks on private computer networks to date.

Symantec published its report on the gang on its website:
Please, Log in or Register to view URLs content!

A hacking attack on Tuesday, the anniversary of the start of the Korean War in 1950, brought down the main websites of South Korea's presidential office and some local newspapers, prompting cybersecurity officials to raise the alert.

(Reporting by Jim Finkle; Editing by Eric Beech)


Junior Member
Anyway guys, if the site goes down, be careful of logging in for awhile. Who knows what malware the attackers could have left behind. They might have gotten IP lists as well, so hope you are sitting behind at least a NAT firewall or something.


Please, Log in or Register to view URLs content!

Studies: Cyberspying targeted SKorea, US military

Youkyung Lee and Martha Mendoza, Associated Press 48 minutes ago MilitarySouth KoreaNorth Korea

SEOUL, South Korea (AP) -- The hackers who knocked out tens of thousands of South Korean computers simultaneously this year are out to do far more than erase hard drives, cybersecurity firms say: They also are trying to steal South Korean and U.S. military secrets with a malicious set of codes they've been sending through the Internet for years.

The identities of the hackers, and the value of any information they have acquired, are not known to U.S. and South Korean researchers who have studied line after line of computer code. But they do not dispute South Korean claims that North Korea is responsible, and other experts say the links to military spying add fuel to Seoul's allegations.

Researchers at Santa Clara, California-based McAfee Labs said the malware was designed to find and upload information referring to U.S. forces in South Korea, joint exercises or even the word "secret."

McAfee said versions of the malware have infected many websites in an ongoing attack that it calls Operation Troy because the code is peppered with references to the ancient city. McAfee said that in 2009, malware was implanted into a social media website used by military personnel in South Korea.

"This goes deeper than anyone had understood to date, and it's not just attacks: It's military espionage," said Ryan Sherstobitoff, a senior threat researcher at McAfee who gave The Associated Press a report that the company is releasing later this week. He analyzed code samples shared by U.S. government partners and private customers.

McAfee found versions of the keyword-searching malware dating to 2009. A South Korean cybersecurity researcher, Simon Choi, found versions of the code as early as 2007, with keyword-searching capabilities added in 2008. It was made by the same people who have also launched prior cyberattacks in South Korea over the last several years, Choi said.

Versions of the code may still be trying to glean military secrets from infected computers. Sherstobitoff said the same coded fingerprints were found on an attack June 25 — the anniversary of the start of the 1950-53 Korean War — in which websites for South Korea's president and prime minister were attacked. A day later the Pentagon said it was investigating reports that personal information about thousands of U.S. troops in South Korea had been posted online.

Sherstobitoff began his investigation after the March 20 cyberattack, known as the Dark Seoul Incident. It wiped clean tens of thousands of hard drives, including those belonging to three television networks and three banks in South Korea, disabling ATMs and other bank services. South Korea says no military computers were affected by Dark Seoul.

The code used in the shutdown is different from that used to hunt for military secrets, but they share so many characteristics that Sherstobitoff and Choi believe they were made by the same people.

Sherstobitoff said those responsible for the spying had infected computers by "spear phishing" — targeted attacks that tricexpek users into giving up sensitive information by posing as a trusted entity. The hackers hijacked about a dozen obscure Korean-language religious, social and shopping websites to make it easier to pull secrets from infected computers without being detected.

The McAfee expert said the hackers have targeted government networks with military information for at least four years, using code that automatically searched infected computers for dozens of military terms in Korean, including "U.S. Army," ''secret," ''Joint Chiefs of Staff" and "Operation Key Resolve," an annual military exercise held by U.S. Forces Korea and the South Korean military.

The report does not identify the government networks that were targeted, but it does mention that in 2009, the code was used to infect a social media site used by military personnel living in South Korea. McAfee did not name the military social media site, nor release what language it is in, at the request of U.S. authorities who cited security issues. South Korea has a military force of 639,000 people, and the U.S. has 28,500 military personnel based in the country.

McAfee also said it listed only some of the keywords the malware searched for in its report. It said it withheld many other keywords that indicated the targeting of classified material, at the request of U.S. officials, due to the sensitivity of releasing specific names and programs.

"These included names of individuals, base locations, weapons systems and assets," said Sherstobitoff.

Choi, who works for a South Korean cybersecurity company, has made similar discoveries through IssueMakersLab, a research group he and other "white-hat" hackers created.

Results of a report Choi produced were published in April by Boan News, a Seoul-based website focused on South Korean security issues, but they did not get broad attention. That report included many search terms not included in the McAfee report, including the English-language equivalents of Korean keywords.

Both McAfee and IssueMakersLab found that any documents, reports and even PowerPoint files with military keywords on infected computers would have been copied and sent back to the attackers.

The attackers are also able to erase hard drives en masse by uploading malware and sending remote-control commands, which is what happened March 20.

Before that attack, hackers had been sending spy malware on domestic networks for months, giving them the ability to gather information about how their internal servers work, what websites the users visit and which computers are responsible for security, the researchers found. This information would have been crucial for planning the coordinated attacks on banks and TV networks.

Anti-virus software and safe practices such as avoiding links and attachments on suspicious emails can prevent computers from getting infected, but the March attack shows how difficult this can be to accomplish on a broad scale. Ironically, some of the malicious codes used were disguised as an anti-virus product from Ahnlab Inc., South Korea's largest anti-virus maker, said McAfee.

McAfee said it shared its findings with U.S. authorities in Seoul who are in close collaboration with South Korean military authorities.

Tim Junio, who studies cyberattacks at Stanford University's Center for International Security and Cooperation, said the McAfee report provides "pretty compelling evidence that North Korea is responsible" for the attacks in the South by tying the series of hacks to a single source, and by showing that users of a military social media site were targeted.

There are clues in the code as well. For example, a password, used again and again over the years to unlock encrypted files, had the number 38 in it, a politically loaded figure for two countries divided on the 38th parallel, security experts said.

Pentagon spokesman Army Lt. Col. James Gregory said the Defense Department is aware of the study and looks forward to reviewing it.

"The Defense Department takes the threat of cyber espionage and cyber security very seriously, which is why we have taken steps to increase funding to strengthen capabilities and harden networks to mitigate against the risk of cyber espionage," he said.

South Korea's Defense Ministry says its secrets are safe. Ministry spokesman Kim Min-seok said officials were unaware of McAfee's study, but added that it's technically impossible to have lost classified reports because computers with military intelligence are not connected to the Internet. When accessing the Web, military officials use different computers disconnected from the internal military server, he said.

A hack of sensitive South Korean military computers from the Internet "cannot be done," Kim said. "It's physically separated."

Sherstobitoff, however, said it can be done, though he's not sure that it has been.

"While it is not entirely impossible to extract information from a closed network that is disconnected from the Internet, it would require some extensive planning and understanding of the internal layout to stage such an exfiltration to the external world," he said.

Kwon Seok-chul, chief executive officer of Seoul-based cyber security firm Cuvepia Inc., said recent hacking incidents suggest that hackers may have enough skills to infiltrate into the internal servers of Korean and U.S. military. Even if two networks are separated, he said, hackers will do anything to find some point where they converge.

"It takes time, but if you find the connection, you can still get into the internal server," Kwon said.

FBI Assistant Director Richard McFeely would not comment on McAfee's findings, but said in a written statement that "such reports often give the FBI a better understanding of the evolving cyber threat."

Neither the McAfee nor the IssueMakersLab reports suggest who is responsible for the cyberattacks, but many security experts believe North Korea is the likely culprit.

South Korean authorities have blamed the North for many cyberattacks on its government and military websites and have said they linked the March 20 attacks to at least six computers located in North Korea that were used to distribute malicious codes.

Several calling cards were left behind after the March attack, taunting victims. Two different and previously unknown groups separately took credit: The "Whois Hacking Team" posted pictures of skulls and a warning, while the "NewRomanic Cyber Army Team" said it had leaked private information from banks and media organizations.

"Hi, Dear Friends," began one such note. "We now have a great deal of personal information in our hands."

But McAfee says that claim, and others — including tweets and online rumors claiming credit for prior attacks — were meant to mislead the public and investigators, covering up the deeper spying program.

James Lewis, a senior fellow at the Center for Strategic and International Studies, said the attack is far more skillful and took place over a much longer period than was previously thought.

"I used to joke that it's hard for the North Koreans to have a cyber army because they don't have electricity, but it looks as if the regime has been investing heavily in this," said Lewis. "Clearly this was part of a larger effort to acquire strategic military information and to influence South Korean politics."

North Korean leader Kim Jong Un has made computer use and the importance of developing the IT sector hallmarks of his reign, devoting significant state resources toward science and technology. Though much of the country lacks steady electricity, a massive hydroelectric power station keeps the capital — and state computer centers — humming.

North Korean officials insist the emphasis on cyberwarfare is on protecting North Korea from cyberattacks, not waging them, but there is widespread suspicion that resources are also being poured into training scores of cyberwarriors as well.

Relatively few North Koreans are allowed to access the Internet — especially when compared to the South's hyper-wired society — but it too has seen its computer systems paralyzed by cyberattacks. Pyongyang blames the U.S. and South Korea and has warned of "merciless retaliation."


Martha Mendoza reported from San Jose, California.


Follow Martha Mendoza at
Please, Log in or Register to view URLs content!

Follow Youkyung Lee at
Please, Log in or Register to view URLs content!
If the attack on Sinodefence forum is directly connected to this, it smells like a cover-up.