2010 Japan–South Korea cyberwarfare
On February 23rd, 2010, members of DC Inside, Humor University, Ruliweb, Daum Truepicture, todayhumor, and various other online communities formed the Terror Action(Response?) Association, and attacked the Japanese website 2ch on March 1st, 2010, the 100th anniversary of the Japan-Korea Treaty of 1910. Since 2004, DC Inside and 2ch has had numerous conflicts both large and small.
On February 23, 2010, 2channers made offensive comments about a Korean international student that was beaten to death in Russia in the winter of 2009. “Dog died, why is it on the news?”, “Kill more!”, and other remarks were made. A few days prior, the Korean figure skater Yuna Kim won the gold medal in the 2010 Vancouver Winter Olympics, and 2channers asserted that officials must have been bribed. These expressions from 2chan flowed into DC Inside’s Humor Program Gallery. DC Inside and Humor University (Korean web communities) agreed on the date of the attack to be on March 1st, 2010, and began recruiting from other online communities such as Today’s Humor, Ruliweb, Daum.net. They formed the Terror Action Association (TAA), amassing more than 102,000 participants in a day. On 1 PM March 1st (GMT+9), the TAA vandalized 2chan’s galleries and executed a massive DDoS attack, paralyzing 2chan’s servers.
According to Pacific Internet Exchange, who were hosting 2chan’s servers, beginning 11:40 AM, Japanese servers were already experiencing increased volume of requests from Korea facilitated by bots. Other websites incorporated with 2chan were also affected by the attack.
On the evening of March 1st, 2chan servers were suspended and IP addresses from all sources of attacks were blocked.
On March 2nd, damages were estimated to be above $2.5 million. Mainly 2chan’s “Korea Slander Gallery", "VIP Gallery", "Breaking News Gallery" were targeted.
Timeline and the Aftermath
On February 24th, Korean online communities noticed a series of posts on the Japanese website 2chan regarding Yuna Kim, a Korean figure skater, and a Korean international student that was murdered in Russia. Korean online communities claimed that 2chan members were accusing Yuna Kim of bribery and finding delight in the murder of the Korean student in Russia. An internet community, Terror Response Association was formed with the objective of carrying out a cyber attack on 2chan on March 1st, 2010. Although the TAA prohibited the distribution or the use of illegal software, members continuously distributed illegal software leading up to the day of the attack.
On February 25th, around midnight, Japanese posts appeared on DC Inside’s comedy gallery and its users claimed that the servers had slowed down, and interpreted these as signs of a preemptive attack from 2chan. Korean appeared on 2chan’s Korean threads as well, however Japanese did not appear on 2chan’s Korean galleries. In a few minutes, the DC Inside servers returned to its usual speeds.
On February 26th, attacks were carried out on 2chan’s Yaoi forum. During the Figure Skating Short Program of the Vancouver Olympics that took place a few days before the attack, Kim Yu Na took the lead over Asada Mao by meager 5 points and won the gold medal. 2channers suggested that Kim Yu Na won the gold medal through bribery. However, whether this attack really originated from Korean users is unclear because the vandalism that appeared on 2chan’s website did not contain any Korean but only English phrases such as “I’m Korean.” The identity of the attackers is unclear, and it is possible that this attack was actually carried out by 2chan users.
On February 28th, a committee of 2channers scheduled two rounds of attacks on DC Inside at 8 PM and 9 PM within 30 minute windows. These attacks proved to be ineffective. The upcoming cyber war began attracting attention from the press.
1 PM on March 1st, the TAA began the attack in two teams – one team vandalized the website, the other team carried out a DDoS attack. 1:03 PM, only three minutes after the initiation of the attack, 2chan’s VIP gallery was paralyzed. 1:13 PM, five servers were paralyzed. 1:16 PM, the main channel’s login requests started to get effected. 1:22 PM, all but two of the thirty-three 2chan servers were all paralyzed. 1:44 PM, the entire server was down.2:13 PM, 2chan’s main page was hacked and replaced with a page containing the Korean flag. 2:43 PM, naver.com blocked Japanese IPs. 3:35 PM, 2chan blocked Korean IPs, however the servers were not yet restored. A Korean student in Japan spied on the Japanese plans for retribution. At 6 PM, it was discovered that a website had plans for attacking the Blue House website. However, some Koreans who disliked Lee Myung Bak (Korean President at the time of the attack) participated in this attack. The Blue House shortly blocked Japanese IPs. 6:11 PM, VANK homepage started receiving attacks and was paralyzed for about 1 hour but was soon restored. It has been rumored that some of VANK’s routers exploded from the attack. 6:38 PM, attacks on Comedy Program Gallery began, but the attacks were deflected in four minutes. 8:43 PM, organizers from 2chan declared the end of the attacks. 9:35 PM, 2chan had been effectively downed for 8 hours, and MBC reported on the outcome.
Around 6 PM of the following day, the servers began to restore (At 8 PM, most of the servers were running normally). At 7 PM, another attack on VANK was made without success, and prompted a retribution attack from TAA, downing the control server of 2chan. Around 8 PM, attacks were again initiated by 2ch, but failed. 10 PM, VANK blocked all Japanese IPs.
On March 5th, 2ch provisionally suspended attacks and promised to strike on August 15th. On August 15th, the attacks were announced but the day passed by without offense from either side. A Korean gaming portal was downed this day but it was confirmed this was not an attack from Japan. A lot of fingers were pointed, including at China, at business establishments, and some speculated that it was an inside job by DC Inside. The Japanese Wiki article on this topic claims that VANK had a main role in this attack.
Connecting to 2chan were impossible from the morning of March 1st until the evening of March 2nd when the attacks shrunk and a portion of the servers were partially recovered. The next day, about a third of the servers were restored, and by the evening all but the Dubai server were completely restored. The Dubai server was never completely restored due damages, and according to 2chan admins, the recovery of the data on the Dubai server was difficult and it was stated that the gallery would be opening on a different server.
The webpages of VANK and the Blue House were slowed down due to the attacks. There were reports that routers at VANK exploded, however, VANK had merely blocked Japanese IPs.
Reactions and Responses
- Pacific Internet Exchange, the managing company of 2chan’s servers, declared on March 2nd that they were preparing to investigate this event as a cyber-terrorism attack in collaboration with USA’s Federal Bureau of Investigations (FBI), by collecting and analyzing data related to this attack. However, the investigation was not actually carried out. This cyberwarfare collaterally impacted some US agencies. Management of Big-server.com stated that a German who enforced cyberattacks was arrested in the US and sentenced to two years. However, it was later confirmed that this scenario was fantasized by 2chan users, and a US journalist had picked up on this and published an article without checking the details. Because the FBI investigates activity that occurs within the United States, it is unlikely that they have actually investigated this cyberwar. CIA, on the other hand, may investigate this cyberwar in collaboration with South Korean or Japanese intelligence agencies, police forces, and etc., with the approval of ministries on both ends (Japan has no official collective intelligence agency, instead there are intelligence clusters such as the Chief Cabinet Secretary’s intelligence investigators, the Ministry of Justice’s Public Inspection Agency, National Police Agency Security Bureau, and the Defense Agency).
- The head of Voluntary Agency Network of Korea (VANK) stated, “Japan has hurt their own reputation in the eyes of the international society”, “Inflicting F5 attacks is no different than what Japan did. We must ignore them.”
- JoongAng Daily– Editorials criticized both the way that Japanese netizens reacted to not winning the gold medal, as well as the way Korean netizens similarly reacted to the Japanese netizens.
- Korea Communications Commission stated that they are obtaining a holistic profile of this case and preparing measures. They stated “We are worrying about how to protect [Korean] netizens if this case evolves into a dispute between the two countries.”
- Matsumoto Tetsujo, representative of the SoftBank Group, recorded on his blog that “If Japanese right-wing truly has ability and the sense of duty for the country, and if there is a site with anti-Japanese sentiments, whether it is Korean or Chinese, why don’t they also try gathering total power and launching a multi-scale assault just like the Koreans?”
- "한국 네티즌 일본 사이트 공격". www.dt.co.kr.
- Yu Kim (2010-03-01). "Epic Cyber War (Full Story): Japan V.S Korea". Archived from the original on 2010-03-12. Retrieved 2015-08-02.
- 한·일 누리꾼, '3.1절 사이버 전쟁', YTN
- "한일양국에서〈삼일절 사이버 전쟁〉 움직임 김연아 비방 사이트 狙い 국내 넷 유저〈오늘 대대적 공격〉". 중앙일보. 2010-03-01. Retrieved 2010-03-02.
- "김연아를 비방한 일본의 사이트가 다운". 중앙일보. 2010-03-02. Retrieved 2010-03-02.
- "韓 네티즌, 한국 비방 日사이트 2ch 공격 초토화". 맥스무비. 2010-03-01.
- "20100225002408.jpg (730x600 pixels)". Archived from the original on 12 July 2012. Retrieved 19 March 2019.
- "20100225005031.jpg (642x500 pixels)". Archived from the original on 11 July 2012. Retrieved 19 March 2019.
- "(cache) Graph: 2chtotal" (in Japanese). 2010-03-03.
- "(cache) ２ちゃんねる サーバ負荷監視所". 2010-03-02.
- "２ちゃんねる復活への奇跡の軌跡". ula.cc.
- "2chサーバのデータセンター、「サイバーテロ」として米機関に調査依頼へ". ITmedia NEWS.
- 2ちゃんねる攻撃で米企業がFBIと法的措置検討 損害2億2千万円 Archived 2011-01-08 at the Wayback Machine 産経新聞 2010.3.2閲覧
- "2ちゃん攻撃は国際犯罪 FBIが首謀者割り出し捜査へ : J-CASTニュース". J-CASTニュース. 2010-03-03.
- 이 사건은 2003년에 캘리포니아 주 로스앤젤레스에 본사를 置くウィークネス社と마이애미에 본사를 置くラピードサテライト社がDDoS攻撃を受け、サーバーが使用不能になり20万ドルの損害を蒙った事件の事と思われる。この事件ではアメリカ合衆国司法省とFBIが捜査に乗り出し、逮捕された1名は2年間服役している。これに関連して、アメリカのゲーム会社Valve Softwareにハッキングし、開発中だった하프라이프2のデータを盗み出したドイツ人クラッカーがFBIのおとり捜査で逮捕された前例も存在する（クラッカーは15年の懲役を宣告され服役中）해당 기사.
- 반크 박기태 단장 “한일 사이버전쟁, 결국 제살깎아먹기” 민일보 《쿠키뉴스》, 2010년 03월 02일
- (in Japanese) 【社説】日本ネチズンの行きすぎた行動…勝った私たちが負けよう 중앙일보 일어판, 2010년 3월 3일
- 한·일 사이버대전 FBI 손으로 Archived 2015-09-24 at the Wayback Machine, 《경제투데이》
- "아고라 : 사이버테러의 문제 - 마쓰모토 데쓰조". Retrieved 2010-03-20.
- "松本 徹三- SBI Business 公式プロフィール". Retrieved 2010-03-20.