Incident: Cyberattack on South Korean TV and Banks Systems.

Published Date: 2013-03-20

Postmortem Analysis
Timeline 1. The software failure incident happened on March 20, 2013.
System 1. Systems of major television operators and banks 2. Computers of YTN, KBS, MBC 3. Shinhan Bank system 4. Nonghyup Bank equipment 5. Jeju Bank computers and ATMs [17652]
Responsible Organization 1. Hackers using malicious code or malware were responsible for causing the software failure incident affecting major TV operators and banks in South Korea [17652].
Impacted Organization 1. YTN station 2. KBS network 3. MBC television 4. Shinhan Bank 5. Nonghyup Bank 6. Jeju Bank [CNN]
Software Causes 1. The software causes of the failure incident were related to a hack using malicious code or malware, affecting the systems of major television operators and banks in South Korea [17652].
Non-software Causes 1. Power outage leading to computer shutdowns [17652] 2. Infection with a virus [17652]
Impacts 1. Several major television networks and banks in South Korea experienced system disruptions, with computers being disabled and networks being paralyzed [17652]. 2. Shinhan Bank's system was paralyzed for over an hour and a half, affecting customer access to online services [17652]. 3. Nonghyup Bank reported disconnection of some equipment due to a virus infection, although its main server remained operational for online transactions [17652]. 4. Jeju Bank encountered issues with some computers and ATMs, which were mostly resolved by the afternoon [17652].
Preventions 1. Implementing robust cybersecurity measures such as firewalls, intrusion detection systems, and antivirus software to prevent malware attacks [17652]. 2. Conducting regular security audits and penetration testing to identify and address vulnerabilities in the systems [17652]. 3. Providing cybersecurity training to employees to enhance awareness and prevent social engineering attacks [17652]. 4. Establishing a coordinated response plan for cyber incidents to mitigate the impact and restore operations quickly [17652].
Fixes 1. Enhancing cybersecurity measures to prevent future hacking incidents [17652] 2. Conducting thorough investigations to identify the vulnerabilities in the systems and address them [17652] 3. Implementing stronger network security protocols to protect against malware attacks [17652]
References 1. South Korean police 2. South Korean communications regulator 3. Affected companies (YTN, KBS, MBC, Shinhan Bank, Nonghyup Bank, Jeju Bank) 4. South Korean Ministry of Defense 5. South Korean government crisis cyber team 6. Experts 7. General James Thurman, commander of the US Forces in South Korea 8. North Korea (as the potential source of cyberattacks) 9. South Korean government officials (Kim Haing, spokesperson for the president) 10. Reporters (K. J. Kwon, Jethro Mullen, Judy Kwon, Hilary Whiteman) [17652]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident having happened again at one_organization: The article mentions that South Korea has experienced multiple cyber attacks in the past, with the government blaming North Korea for these attacks. The incident involving the hack affecting major TV operators and banks is not the first of its kind in South Korea, indicating a recurring issue with cyber attacks in the country [17652]. (b) The software failure incident having happened again at multiple_organization: The article reports that South Korea has faced various cyber attacks targeting government sites, companies, and military establishments in recent years. The government has attributed these attacks to North Korea, which has denied the accusations. This suggests that there have been multiple instances of cyber attacks targeting different organizations in South Korea, indicating a recurring issue with cybersecurity in the country [17652].
Phase (Design/Operation) design, operation (a) The software failure incident in the news articles was related to the design phase. The incident was attributed to a hack involving the use of malicious code or malware that affected the systems of major television operators and banks in South Korea. The regulator of South Korean communications linked the computational failures to a hacking incident, indicating that the contributing factors were introduced by external malicious activities targeting the systems [17652]. (b) The software failure incident was also related to the operation phase. The incident caused disruptions in the operations of several companies, including television stations and banks. For example, Shinhan Bank reported its system being paralyzed for over an hour and a half, impacting the operation of online services for customers. Nonghyup Bank also experienced disconnections in some of its equipment due to being infected with a virus, affecting the operation of their systems [17652].
Boundary (Internal/External) within_system (a) The software failure incident reported in the news article is primarily attributed to factors originating from within the system. The failure was linked to a cyberattack involving the use of malicious code or malware, affecting major television operators and banks in South Korea [17652]. The incident led to disruptions in the operations of these organizations, such as the paralyzation of internal networks, computer shutdowns, and difficulties in online transactions. The police and regulatory authorities in South Korea associated the failures with a hacking incident, indicating that the root cause of the software failure was internal to the systems affected.
Nature (Human/Non-human) non-human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident in South Korea affecting television stations and banks was attributed to a hack using malicious code or malware. The regulator of South Korea's communications linked the computer failures to this hacking incident [17652]. (b) The software failure incident occurring due to human actions: The article does not provide specific information about the software failure incident being directly caused by human actions.
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The incident involved a hack that affected the systems of major television operators and banks in South Korea, leading to an increase in the military's cyber alert level amid concerns about North Korea [17652]. - One of the affected banks, Shinhan Bank, experienced a system paralysis for over an hour and a half before returning to normal operation. Customers reported issues with logging into the website [17652]. - Another bank, Nonghyup Bank, reported disconnection of some equipment after being infected with a virus. However, its main server was still operational for internet transactions [17652]. - Jeju Bank also faced problems with some computers and ATMs, most of which were resolved by the afternoon [17652]. (b) The software failure incident occurring due to software: - The software failure incident was related to a hack using malicious code or malware, as confirmed by the South Korean communications regulator [17652]. - The South Korean Communications Commission attributed the apparent cause of the failures to a hack with malware [17652].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident reported in the news article was malicious in nature. The incident was related to a hack involving the use of malicious code or malware that affected major television operators and banks in South Korea. The police and regulatory authorities linked the computer failures to a hacking incident with malware [17652]. The incident led to disruptions in the operations of several companies, including television stations and banks, indicating a deliberate attempt to harm the systems.
Intent (Poor/Accidental Decisions) unknown (a) The software failure incident reported in the news article was related to a hack that affected the systems of major television operators and banks in South Korea. The incident was attributed to a cyber attack using malicious code or malware, indicating a deliberate and malicious intent behind the failure [17652]. (b) The incident was not attributed to accidental decisions or mistakes but rather to a deliberate cyber attack, suggesting that poor decisions were not a contributing factor in this specific software failure incident.
Capability (Incompetence/Accidental) development_incompetence, unknown (a) The software failure incident related to development incompetence is evident in the news article as it mentions that the South Korean police are investigating a computer failure that affected the systems of major television operators and banks. The failures were related to a hack using malicious code or malware, indicating a security vulnerability that could have been prevented with better development practices [17652]. (b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article.
Duration temporary (a) The software failure incident reported in the news article was temporary. The incident involved a hack that affected the systems of major television operators and banks in South Korea. The systems of these companies were paralyzed for a certain period before returning to normal operation. For example, Shinhan Bank mentioned that its system was paralyzed for more than an hour and a half before returning to normal operation [17652].
Behaviour crash, other (a) crash: The software failure incident in the news article can be categorized as a crash. This is evident from the description of systems being affected, networks being paralyzed, and computers being disabled, leading to disruptions in the operations of major television stations and banks [17652]. (b) omission: There is no specific mention of the software failure incident being caused by the system omitting to perform its intended functions at an instance(s) in the news article [17652]. (c) timing: The software failure incident is not described as a timing issue where the system performed its intended functions correctly but too late or too early in the news article [17652]. (d) value: The software failure incident is not attributed to the system performing its intended functions incorrectly in the news article [17652]. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions in the news article [17652]. (f) other: The behavior of the software failure incident in the news article can be categorized as a cyberattack involving the use of malware to disrupt the operations of major television stations and banks in South Korea. The incident led to systems being paralyzed, networks being affected, and computers being disabled, indicating a deliberate attack on the systems' functionality [17652].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay, non-human, theoretical_consequence (a) death: There is no mention of people losing their lives due to the software failure incident in the provided article [17652]. (b) harm: There is no mention of people being physically harmed due to the software failure incident in the provided article [17652]. (c) basic: There is no mention of people's access to food or shelter being impacted because of the software failure incident in the provided article [17652]. (d) property: People's material goods, money, or data were impacted due to the software failure incident. Several companies, including banks and television stations, experienced disruptions in their systems, with computers being disabled, networks paralyzed, and servers infected with malware [17652]. (e) delay: People had to postpone activities due to the software failure incident. For example, Shinhan Bank's system was paralyzed for more than an hour and a half before returning to normal operation, and customers reported difficulties logging into websites [17652]. (f) non-human: Non-human entities were impacted due to the software failure incident. Computers, networks, and servers of various companies, including banks and television stations, were affected by the hack or malware, leading to disruptions in operations [17652]. (g) no_consequence: There were real observed consequences of the software failure incident, as mentioned in the article [17652]. (h) theoretical_consequence: There were potential consequences discussed of the software failure incident that did not occur, such as the Ministry of Defense of South Korea increasing its Infocon level in response to the outages, and concerns about cyber security vulnerabilities in South Korea [17652]. (i) other: The article does not mention any other specific consequences of the software failure incident beyond those already described in options (d) to (h) [17652].
Domain information, finance, entertainment (a) The software failure incident affected the television industry as major TV operators experienced system disruptions [17652]. (h) The incident also impacted the finance industry, with Shinhan Bank and Nonghyup Bank reporting system paralysis and virus infections affecting their operations [17652].

Sources

Back to List