By now we all know the drill:
Zombie “sleeper cells” are programmed to wake up and attack on a designated date — with their hosts none the wiser.
Similarly, it turns out that seemingly innocuous (and free) computer games from our friends in North Korea are merely shells for the evil malware that lurks within.
Far-fetched? Nah. Fact-checked.
Article by Max Fisher in The Washington Post.
Emphasis in red added by me.
Brian Wood, VP Marketing
North Korea may have secretly engineered computer games to launch mass cyber attack
Some free-to-use computer games may secretly be North Korean plants, South Korea’s national police agency warned Tuesday, according to South Korean media.
The seemingly innocent games, designed to appeal to as many users as possible and thus to spread widely on computer networks, could carry malware code controlled from Pyongyang. The code, once activated, would take control of the host computers and allow North Korea to launch mass cyber attacks against major South Korean targets.
This might sound outlandish, but North Korea has actually tried this before, and gotten awfully close to pulling off a potentially deadly attack.
Last June, South Korean police discovered that North Korea had used free-to-download video games to infect up to 100,000 South Korean computers, which it used to conduct coordinated cyber-attacks against Incheon International Airport, one of the world’s busiest airports. The infected users had no idea their computers were being used to take down a major airport.
While it’s not clear exactly what they hoped to accomplish by targeting the airport, it’s not difficult to imagine the potentially serious consequences. North Korea has not been shy about killing civilians in its efforts to provoke and bully its southern neighbor.
The attacks from last year were eventually traced back to a South Korean game developer, who had met with members of North Korea’s shadowy Reconnaissance General Bureau in a part of China near the North Korean border. The developer paid them the equivalent of tens of thousands of U.S. dollars in exchange for the game, which he then sold at a profit to South Korean online computer game companies. The games are typically free to play. Though he paid about a third of the usual rate, it’s not clear whether the South Korean developer knew he was abetting North Korean attacks.
North Korea has launched repeated cyber attacks against South Korea, sometimes to significant effect. This March, it succeeded in shutting down several South Korean TV broadcasters and financial institutions. Though the attacks caused no physical damage, they disrupted markets and, more to the point, generated North Korea lots of the international attention it craves. It’s not clear whether these attacks were linked to South Korean computers controlled by “Trojan Horse” video games.
Personal computers are illegal in the Hermit Kingdom, which restricts computer use to special labs that operate on a sealed-off intranet and run rudimentary forgeries of foreign software. But the country is still thought to operate one of the most skilled cyber warfare outfits in the world, which it uses to steal secrets, launder or acquire money and generally cause trouble.
It would make sense for North Korea to use South Korea’s love of video games against it. Because users distribute the games themselves, and because the vast number of games and gamers makes them difficult to track for malware, North Korea would have to do very little to spread the malicious code around the Internet.
South Korea has one of the highest rates of per capita video game spending in the world, behind only the Netherlands. And North Korea has shown an interest in computer games in the past, pulling from popular American-made games to produce its propaganda videos.