Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

South Korea Backtracks On China As Source of Cyberattack 125

hackingbear writes "The suspected cyberattack that struck South Korean banks and media companies this week didn't originate from a Chinese IP address, South Korean officials said Friday, contradicting their previous claim. The Korea Communications Commission said that after 'detailed analysis,' the IP address used in the attack is the bank's internal IP address — which is, coincidentally identical to a Chinese ISP's address, among the 2^32 address space available."
This discussion has been archived. No new comments can be posted.

South Korea Backtracks On China As Source of Cyberattack

Comments Filter:
  • Hanlon's (Score:5, Insightful)

    by gmuslera ( 3436 ) on Sunday March 24, 2013 @09:17PM (#43266681) Homepage Journal

    The bank used public IP addresses (existing, used elsewhere) for their internal network? The one that designed that should be considered a bigger security threat that any current cyberattack.

    BTW, the CNN editorial "Why cyber attacks threaten our freedom [cnn.com]" is another piece of art of more or less the same magnitude. I'd say that is on a par with this one [dailymail.co.uk]

  • ntr (Score:2, Insightful)

    by shentino ( 1139071 ) <shentino@gmail.com> on Sunday March 24, 2013 @09:18PM (#43266689)

    Who wants to bet that China instigated some North Korean pressure to back off?

  • by Narcocide ( 102829 ) on Sunday March 24, 2013 @09:31PM (#43266755) Homepage

    Yes, you are right, whoever did this was not qualified to be setting up networks for their own personal use, much less production banking servers. Seems like the type of novice-level engineering mistake pretty typical of the hiring practices of the US IT industry lately, actually.

    Why pay me 150$/hour when there is some teenager who will feel lucky to get the gig for 10$? This is why.

  • Re:Hanlon's (Score:5, Insightful)

    by icebike ( 68054 ) on Sunday March 24, 2013 @09:41PM (#43266833)

    They are supposed to be.
    But read what gmusiera said in his first sentence.

    For your internal address (inside your router, you typically use a Private Network Address [wikipedia.org] from one of the common ranges specifically set aside for this per RFC 1819.

    This bank instead chose a public address range that was not theirs and used that as their private range. You can get away with this in a NAT situation, because only YOUR OWN ROUTER knows about this.

    But it is monumentally dumb to do this.
    I've seen noob admins do this in the past just to avoid an RFC1819 address space internally, usually as a means to avoid a routing error that they didn't understand. Its never justified. And there are security implications and mind bogglingly hard to figure out routing errors if you have to actually deal with the real owner of the address space.

Thus spake the master programmer: "When a program is being tested, it is too late to make design changes." -- Geoffrey James, "The Tao of Programming"