An aide of ruling party representative commissioned a DDoS attack to election commission homepage

Disclaimer: The following is a totally unauthoritative personal translation of an article on an online media <Newsface> on December 2, 2011, covering a cyber attack on the National Election Management Commission on the day of Seoul mayoral by-election, October 26. One shocking aspect of the cyber attack is that it now turns out to be commissioned by a personal aide of a ruling party representative, making it one of the most volatile political issue in Korea. If the case turns out to have any direct connection to ruling party after all, then the fallout from this issue will be hard to fathom, especially on the side of ruling Grand National Party.

Rights concerning this post stay with the author of original article or with <Newsface> and this post will be scrapped immediately at their requests accordingly. Original article of this post (in Korean) can be found in the link at the bottom.

An aide of ruling party representative commissioned a DDoS attack to the homepage of national election management commission and Park Won-soon (then opposition candidate)

Utilized about 200 zombie PCs; 4 charged for this attack; an unpardonable crime of election sabotage

문용필 기자 |

11.12.02 12:53 | 최종 수정시간 11.12.02 17:31

Concerning the homepage glitch incidents for Central Election Management Commission (CEMC) and Park Won-soon camp on October 26, the election day of Seoul mayoral by-election, a personal aide Gong (27, level 9) of a ruling Grand National Party (GNP) representative Choi Goo-sik (Gyeongnam, Jinju) is known to commission the DDoS attacks causing gigantic ripples across all political spheres in Korea.

Rep. Choi used to be a reporter of conservative mainstream Chosun Ilbo. But, he was not endorsed by GNP in the last general election and ran for office independently. Then, he was elected by the backing of inner circle support group of former GNP leader Park Geun-hye.

A representative of Democratic Party (DP) Lee Seik-hyun revealed the news through a Twitter message on 2nd “OMG! Park Won-soon candidate’s homepage and CEMC’s homepage were down at the last election day, which was due to DDoS attacks commissioned by an aide of a ruling party Rep. Lawless world!”

Rep. Lee then continued “That DDoS attack was conspired by an aide of GNP Rep and a company in Philippines, using about 200 zombie PCs. Arrest warrants for those involved 4 are filed.”

National Police Agency (NPA) cyber counter-terrorism center filed for arrest warrants for 4 including a personal aide of GNP Rep. Choi under the charge of commissioning a DDoS attack to NEMC homepage and paralyze the system on the day of by-election, October 26.

They are known to be suspected to mobilize about 200 zombie PCs and to cause massive 263MB/sec traffic to NEMC homepage.

According to police, Gong ordered the DDoS attack to Kang (26, stayed in Philippines then), one of his hometown junior and a president of a homepage construction company, on October 25, the eve of election. Following this, employees of the company Kim (27) and Hwang (25), a hometown senior and a junior of Kang, are known to execute the DDoS attack themselves from inside Korea.

On the day of Seoul mayoral by-election, October 26, the NEMC homepage was down between 6:15AM and 8:30AM. It worked fine after that.

Since many workers wanted to vote early before going to work, glitches of NEMC homepage during this time was especially troubling to those living in regions where voting station locations were changed from prior elections but not figured out beforehand. On the same day, the homepage of Park Won-soon, then unique opposition candidate, also suffered glitches from external attacks.

To the NEMC homepage glitch problem, the moderator of number 1 podcast program “Naneun ggomsooda (나는 꼼수다)” and the publisher of online media <Ddanzi Ilbo> Kim Eo-june already said in the November 12 program “media claim the problem was due to a DDoS attack. If the government discloses the system log file of NEMC web server, the culprit who broke down the NEMC web server can be easily identified.”

Kim also indicated “police said that they identified 2 zombie PC IPs out of 100 IPs that had accessed NEMC homepage at the time of cyber attack through a cyber investigation. But neither the fact that only 100 IPs accessed NEMC homepage during the time of cyber attack nor the fact that only 2 zombie PCs were enough to cause such a serious glitch the whole time makes sense.” He then continued “so we already demanded government to disclose system log file of NEMC homepage web server. Everything will be simply clarified if we examine it.”

Also, Kim claimed “(system log file) will make everything clear within several hours. It is not a matter that requires weeks.” and then “(if NEMC) decides not to disclose it, that’s really suspicious by itself.”

Regarding ths, <Ddanzi ilbo> requested NEMC to disclose the system log file on 30th last month but NEMC declined the request raising “the Law on public disclosure of information, item 4 of Paragraph 1, Article 9”.

Useful link


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: