June 7, 2012: Last year there was an odd incident in South Korea, where a widely distributed computer game appeared to be infected with malware (software that secretly uses the PC it is on for criminal activity, including stealing valuable data from the PC it is on). What caught the attention of South Korean military intelligence was the fact that the malware was hidden in every copy of this game and, at one point, many of the 100,000 infected PCs tried to shut down the air traffic control system at a major South Korean airport.
Further investigation revealed that the airport attack was part of a growing Cyber War campaign by North Korea against government and military web sites in South Korea. One of the most disruptive North Korean Cyber War weapons was DDOS (distributed denial of service) attacks. These are carried out by first using a computer virus (often delivered as an email attachment or, in this case, via a game), that installs a secret Trojan horse type program that allows someone else to take over that computer remotely and turn it into a "zombie" for spamming, stealing, monitoring, or DDOS attacks to shut down another site. There are millions of zombie PCs out there and these can be rented, either for spamming or launching DDOS attacks. Anyone with about $100,000 in cash, including North Korea, could carry out attacks. You can equip a web site to resist, or even brush off, a DDOS attack and some of those attacked ware prepared. But others were not. The South Korean airport was disrupted for several hours.
Last year was the third time since 2009, that someone, apparently North Korea, has launched DDOS attacks and attempted to hack into South Korean networks. But part of this latest DDOS effort was carried out by a North Korean botnet of zombie PCs obtained by selling the malware infected games. Further investigation found that the South Korean creator of the games had been financed by North Korea agents, who provided the malware payload. These games were made available for sale on South Korean web sites. Police are still inspecting the malware, which may have been stealing data from infected PCs, in addition to be part of a botnet of PCs used for DDOS attacks.