South Korean police arrested a man from Seoul last week in connection with a plot to use infected video games to launch cyber attacks on behalf of North Korea.
According to Korea JoongAng Daily, police arrested the 39-year-old video game distributor, identified only by the surname Jo, was caught attempting to launch distributed denial-of-service (DDoS) attacks on Incheon International Airport.
The paper reported that police said Jo traveled to Shenyang, northeastern China, starting in September 2009 and met agents of North Korea’s Reconnaissance General Bureau posing as employees of an alleged North Korean trading company. He is accused of asking them to develop game software to be used in South Korea. He then purchased dozens of computer games for tens of millions of won, knowing the games were infected with malware, police said.
The Korea JoongAng Daily reports Jo sold the games to South Korean players whose computers were compromised when the games were launched. Once infected, the computers were used to conduct DDoS attacks against the airport two or three times in March 2011. The attacks were reportedly fought off.
“There have long been claims that North Korea is operating a cyberwarfare unit (presumably being countered by the one alleged to exist in South Korea), and in 2008 it was reported that South Korea’s military command and control centre were the target of a spyware attack from North Korea’s electronic warfare division,” blogged Lisa Vaas, a contributor to security firm Sophos’ Naked Security blog.
According to the paper, South Korean authorities believe the North’s Reconnaissance General Bureau is responsible for a technical glitch in the flight data processor that paralyzed air traffic control at Incheon International Airport for nearly an hour Sept. 15. It is unclear if the malware linked to Jo was involved.