2013 South Korea cyberattack 5th Anniversary Special! Why did the police confiscate President Obama blackmailer's laptop?
We will clarify the whole threat of President Obama and Lippert ambassador in South Korea in 2015.
This is a report of the National Police Agency.
Paralysis of the computer network of National Agricultural Cooperative Federation occurred in Korea on 12th April 2011.
Mr. Han, an IBM employee managing the National Agricultural Cooperative Federation server, was dissatisfied with the employment environment.
He connected to the server using a laptop and entered the delete command.
National Agricultural Cooperative Federation network data was deleted on a large scale.
However, the police concluded that Mr. Han infected malicious code planted by North Korea while using the Web hard site.
On 20th March 2013, 2013 South Korea cyberattack fight occurred.
Broadcasting and banking computers were severely paralyzed.
The two cases are related to each other.
The research team found an IP address of 184.108.40.206 in malicious code.
The Korean government hid the actual place of IP.
The Korean government first announced to the press that it was China's IP address.
China strongly criticized South Korea.
The Korean government changed the announcement that it is the IP address of North Korea.
Next, it changed again that it is an internal IP address of National Agricultural Cooperative Federation.
However, in reality, this IP address was the Korean IP address assigned to the AP Reuters reception seat of KBS International Department.
3.20 Telegraph Two months ago, Mr. Lee who was working part-time at KBS International Department stopped working part-time.
Mr. Lee graduated from a computer related university and knew the password of the KBS server archive.
They presumed that Mr. Lee bullied at the company remotely accesses its server via backdoor and distributes malicious code.
However, the National Police Agency estimated that Mr. Lee was dissatisfied with employment, connected to the server on a laptop, and issued a deletion order like Mr. Han.
The Korean government thinks that it is worth learning about this hacking technique in preparation for future cyber warfare.
Korea's National Intelligence Service pointed out Mr. Lee and conducted an investigation.
Korean police were watching Lee's residence for over two years.
They were also ordered to infect Lee's laptop with a hacking program and observe the monitor in real time.
For this reason, the police were tired and overloaded.
As a result of secret investigation, Mr. Lee came out of his apartment, his house.
Mr. Lee studied French at the laptop and wrote politics on the Internet.
He mainly used a laptop computer at night and the police found it difficult to observe.
Also, Mr. Lee's Internet connection is often disconnected and you can not monitor your monitor continuously.
We perform a power outage throughout the apartment and investigate the router, but we can not find the cause of the disconnection of the Internet connection.
At the end of June 2015, Mr. Lee planned the format of the laptop hard disk in early July.
Since his notebook operating system was French Windows XP, he saved it in a laptop sticky note program in English.
The cyber crime team reports that Mr. Li was arrested and must confiscate the laptop computer before formatting.
We have advanced rapidly.
The top of Korean police was very greedy and tried to bring out actual results.
Korean police estimate that voice phishing organizations and illegal software programmers are providing malicious code to Mr. Li.
They decided to combine Lee's arrest and voice phishers and illegal software programmers.
It was to clarify their connection through it and to acknowledge our achievements.
As work volume increased, employees were tired because they could not sleep.
Furthermore, unfortunately, since there was no time to prepare evidence, the police suddenly had to make an emergency arrest and it was impossible to prepare to find the suspect.
At the beginning of July 2015, we confiscated a laptop computer before formatting and at the same time the police committed extensive arresting voice phishing criminals.
In early July 2017, the regional investigation team arrested Mr. Li under suspicion of threatening President Obama and Lippert ambassador.
I forfeit my laptop and get a search warrant to urgently arrest him.
First of all, I pretend to be KBS from a public phone at the entrance of the apartment.
I spoke to Mr. Lee's parents and confirmed that Mr. Lee was at home.
The cyber analysis team brought the laptop in 5 hours and reported text files and images.
In addition, I found lots of corpse photographs, female anal photos, child pornography photos, and strange image files.
According to free cardiacism, they are evidence of the effective motivation for the intimidation of President Obama and Lippert Ambassador.
During the investigation, Mr. Lee was neither a computer expert nor a technician.
However, we tried to lead a statement on 2013 South Korea cyberattack, but failed.
I got a resident card in 2001 in cooperation with the Dongdaemun police station.
Mr. Lee noticed that it is a resident card issued before 2015.
We said to him. The reason for us arresting him was that the FBI investigator requested the police.
When he saw the FBI survey request form, Mr. Lee noticed that the police first asked the FBI for a survey.
We tried to refer Mr. Lee to 2013 South Korea cyberattack but failed.
First arrested Mr. Lee, I decided to look for evidence on my laptop.
Hurrying, I entered the police analysis room and turned on my laptop to find the evidence of 2013 South Korea cyberattack. I can not find a doubt about how computer crime was hacked.
There was no text file or image file on the laptop. This is a proof of the threat of President Obama and Lippert Ambassador that the cyber analysis team presented to Mr. Lee's house.
Lee deleted these files just before arrest, but forgot to delete it.
We store text files and captured image files we found when monitoring Lee with a hacking program in a notebook.
Since the hash value has changed since turning on the notebook computer in the police analysis room, I can not even image the hard disk and submit it to the court as evidence.
From the Korean police, Lee is instructed to apply the intimidation of President Obama and Lippert ambassador for confiscation.
I already had press releases to reporters, so I could not fix it because the news appeared
We called a psychiatrist's profiler, and pressed Lee for a perverted person.
In the case of general suspects, a mandatory investigation can receive a false confession, but Mr. Lee is not so it was clear that he hid something.
After finishing the police investigation, we decided to hand over the case to the prosecution.
The prosecution tried to close the case without filing a complaint, but the prosecution missed the alibi that was trying to escape.
In addition, Mr. Lee insisted that the prosecution should check the hacking of the notebook computer, and the prosecution imagined the hard disk that the police can not do.
Eventually, the prosecution hands him over to the court and locks him in the camp.
Mr. Lee, detained in Seoul Detention Center, was not confessed despite intense interrogation at 2013 South Korea cyberattack.
He was admitted to a psychiatric hospital and performed psychoanalysis, but he could not suffer from psychosis, but he did not confess 2013 South Korea cyberattack even with medication.
Later, we took off him from the camp for a follow-up survey, but I could not find any evidence that he was a hacker.
We dispatched a lawyer who was bribery to the police and got cooperation from Mr. Lee's next lawyer, but did not collect any additional evidence.
2013 South Korea cyberattack Although there was no investigation result, from the beginning, the decision to make the US government the name of the terrorism investigation was expected to cause diplomatic friction.
However, there is time to avoid diplomatic friction in the presidential election in November 2016, President Obama and Lippert Ambassador are changing soon.
In order to delay the judgment, the judge suspected that there was a problem in arbitrating the suspect and made a detailed investigation of the case in court.
The court attempted a trial while examining witnesses and evidence.
As part of the process, in mid-July 2016, the prosecutor actually confirmed the US FBI survey request form to the US embassy.
The US embassy does not recognize the report until the end of September 2016, but the US actually confirms this fact and keeps track of it.
The US Embassy requested the South Korea Court for a quick trial and intense punishment, the situation changed and became a serious diplomatic issue.
It was uncomfortable for the US government to understand it at the beginning of September 2015 when a Korean court sentenced the assassination of the US Ambassador.
At the beginning of November 2016, Mr. Trump was elected President of the United States of America.
Before the change of government, the Obama administration exerted great pressure on the Korean government.
After all, in mid-November 2016, the judge accused Lee of trying to intimidate President Obama and Lippert Ambassador, detained him.
As a result, this lawsuit affects the US side intervening in the dismissal of Park Geun-hye and replacing the Korean government.
I questioned again about 2013 South Korea cyberattack, suspected Mr. Lee who was imprisoned again in the camp.
The obtained declassified state confidential confidential document
South Korea's major Cyberattack … Not North Korea's hacking, But South Korean business.
Summary of the incident in 2011
Agricultural cooperative computer network mahi incident occurred on April 12 in Korea.
The data of the agricultural cooperative computer network was deleted on a large scale.
Mr. IBM Temporary Han Mr. Manufacturer of servers to manage agricultural cooperative servers.
Mr. Han graduated from the IT department and was familiar with computer knowledge.
Mr. Han knew the administrator password of the agricultural cooperative server.
Mr. Han was dissatisfied with employment conditions and work environment and was scheduled to leave.
Mr. Han executed a delete command remotely to the agricultural cooperative archive backdoor at the laptop con.
Delete the whole archive in CMD with log record of laptop CON. * Was entered.
Mr. Han had concealed that he had been infected with malware planted by North Korea after visiting the Web hard site.
Han Mr. arrested on suspicion of gamble site fraud and dismissed him in a mental hospital.
Summary of the case in 2013
Similar accident occurred on 20th March and the calculation was 3.20.
Broadcasting and financial business computers are paralyzed on a large scale.
It was Mr. Lee's broadcasting station KBS receiving external broadcasting.
Likewise, he was dissatisfied with employment conditions and working conditions and left the company two months before the incident.
Mr. Lee graduated from the IT department, knowledge of the computer and knew the server password.
Lee disseminated the malicious code by remote connection to the KBS server backdoor at laptop con.
I found KBS internal IP address 220.127.116.11 and the first usable address from malware.
The Internet router installed in KBS International Department allocated it to the external business computer receiving the AP ‧Reuters communication.
First hidden Yupjiji address with China, this time North Korea, this time the internal IP address of the agricultural cooperative.
There was intervention of the organization behind the malware production was investigated.
Summary of the incident in 2015
The purchase slip of the hacking program was hacked and released on WikiLeaks one month before July.
From the National Intelligence Center 5163 team in 2013, Mr. Laptop Kon planted a constant monitoring hacking program RCS.
As the investigation prolonged, hacker-born special recruitment staff operated the RCS at the police agency Enetan.
The 5163 team received a comprehensive report directly in the morning.
Enetan also tracked voice-fishing organizers and software contract manufacturers in parallel.
Mr. Lee saved the format plan of July's hard disk with a sticky note to the laptop in June 2015.
The 5163 team contacted me and confiscated Lee's laptop before formatting.
Hurriedly arrested on 13th, seized Lee's laptop con.
We could not get malware development source from laptop.
Mr. Hayashi, a staff member of the National Intelligence Service, on 18th, the members of the Enetan team who committed suicide were charged responsibly.
Summary of the incident in 2017
Frequently in June 2017, a Ransomware computational accident occurred on a small scale.
We received encrypted corporate data and bit coin retrieval cost.
It was a staff of RCS of Enetan.
Collected malware from computer accident and contributed to evolution.
By law, funds of 5163 teams were frozen and the details of their use were announced.
The RCS license fee paid by monitoring blacklist subjects also increased.
I bought the maintenance budget itself with bit coins and avoided money tracking.
Hacked virtual currency bit coin exchanges that also contributed to bit coin price manipulation operations.
I got a profit on the market on a large scale in Enetan.
Enetan at the senior related institution recovered this ability.http://i65.tinypic.com/2m7i4g1.jpghttp://i68.tinypic.com/2wnb4wm.jpghttp://i63.tinypic.com/t6qwjc.png