The National Intelligence Service (NIS) or South Korea, similar to the CIA in the US, has been accused of actively using remote hacking systems via virtual private servers (VPS’s). The Italian “Hacking Team” data-mined for analysis and found there were a minimum of 109 IP addresses the NIS was using—all with pseudonyms—in at least 15 countries. The data was leaked on July 21 by a venture enterprise, Redsocks, also based out of South Korea. Redsocks is an expert at finding malware, and has declared the “5163 Army Division”, or NIS, as heading up a major hacking strategy. Also, it is touted as “one of the most active users” according to the leaked report.
Redsocks gives NIS credit for having great disguises, allowing them to go undetected for what could be years. “(NIS) was using a large variety of VPS infrastructure to infect its targets,” notes the report. VPS setups use proxy servers that could be anywhere in the world—but there aren’t any real, tangible servers in these locations. Just like most technology, VPS can be used for good or “evil.” It can let hackers, whether government agencies or not, gather information without easily revealing locations.
The Southeast Asian Hacking Game
Not far away, in China, hackers have been flooding the hacker-friendly site Drops to ask questions about the South Korean reveal. There are supposed to be monitoring systems, such as those in Google Play Store, to highlight Hacking Team apps and prevent attacks. How did 110 out of 146 apps that were allegedly tested make it through this vetting system? This led to a smorgasbord of games from South Korea being infected, including the popular Dragon Flight.
Around the world, white and black hat hackers alike are delving into this story. From the US, Rook Security has offered complimentary checks to Hacking Team. The Chinese are pushing for more information. Unfortunately, in South Korea, at least one suicide has been reported: A NIS agent has killed himself, citing the scandal for his actions.
Thus far, the name of the NIS employee who killed himself hasn’t been released. His body was discovered next to a suicide note that apologized for “causing controversy,” reports the police. It’s rumored that he was in his 40s and was found in his car parked near a mountain on the outskirts of Seoul. Early autopsy reports suggest that carbon monoxide poisoning from burning charcoal was the suicide method.
According to Police Chief Park Ki-young, the employee confessed in his letter to delating information about North Korea surveillance and counterterrorism. The note also suggested that South Korean government officials were spying on citizens until the 2012 election period. The NIS has since admitted that remote control system (RCS) software was purchased from Italy before the 2012 elections, though for “research purposes” only.
However, RCS software can also be used to hack mobile devices and desktops, and is often used for monitoring. Lawmakers were told that the NIS purchased the RCS programs right after North Korea allegedly hacked 25,000 South Korean computers. Ki-young says, “The NIS’ position on the usage of the software is that it is being used strictly according to law and was never used against our people and do not feel the need to use it against our people.”