It looks like North Korea managed to build a DDoS botnet by infecting computer games at the source, and then selling them at cut-rate prices to online game sites.
Of course, the guy who helped the North Korean spies got fucked and is sitting in jail.
But still, this raises a good point — who expects the factory-original software to be infected?
Sure, maybe in cheap software off eBay. But when the threat model includes an adversary with resources that might desire compromise on a mass scale, you have to be very careful of the source.
(yes, both literally and in the code way too…)
“A 39-year-old South Korean game distributor was arrested on Sunday for involvement and charged with violating the National Security Law.[…]
[The man] met agents of an alleged North Korean trading company. He allegedly asked them to develop game software to be used in the South.[…]
Jo purchased dozens of computer game software for tens of millions of won, which was a third the cost of the same kind of software in the South. The games were infected with malignant viruses, of which Jo knew, an official at the police agency said.
Jo sold the games to South Korean operators of online games. When people played the games, the viruses used their computers as zombies, through which the cyberattack was launched.
So-called “a distributed denial-of-service attack,” this cyberattack against Incheon International Airport occurred two or three times in March 2011, police said. The attack was fended off by the intelligence authorities in the South. “