S. Korea tracks cyber attack to China, North still suspect

Mar 21, 2013 by Lim Chang-Won
Disconnected computer monitors are seen at a visitors center at the Korean Broadcasting System (KBS) headquarters in Seoul on March 20, 2013. Wednesday's concerted cyber attack against South Korean broadcasters and banks originated from an IP address in China, but the identity of the hackers cannot be confirmed, officials said Thursday.

South Korea said Thursday it had sourced a damaging cyber attack on its broadcasters and banks to an IP address in China, fuelling suspicions that North Korea may have been responsible.

Previous online attacks blamed on North Korea—including one last year on the computer network of the conservative JoongAng newspaper in Seoul—have also been tracked back to Chinese sources.

Internet security analysts in South Korea believe official North Korean hackers learned many of their skills in China and operate from there.

The regulatory Korea Communications Commission (KCC) said Wednesday's attack had used the Chinese IP address to access the targeted computer networks and generate malware that crashed their systems.

"The Chinese IP may trigger various assumptions," said Park Jae-Moon, the KCC director of network policy.

"At this stage, we're still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open," Park said.

The attack on Wednesday completely shut down the networks of TV broadcasters KBS, MBC and YTN, and halted financial services and crippled operations at three banks—Shinhan, NongHyup and Jeju.

Their networks were mostly back up and running Thursday, although a large number of individual PCs were not operational.

Members of the Korea Internet Security Agency investigate cyber attacks at a briefing room of KISA in Seoul on March 20, 2013. Immediate suspicion for Wednesday's attack that targeted three major TV broadcasters, two banks and an Internet service provider, focused on North Korea.

"For geopolitical reasons, it's convenient for North Korea to use Chinese IP addresses for such attacks," said Choi Yun-Seong, a security expert at the state-run Korea Information Technology Research Institute (KITRI).

"However, domestic and foreign hackers can use them as well, so we cannot say for sure North Korea was behind this," Choi told AFP.

China, North Korea's main patron which has angrily denied being behind a spate of cyber attacks on US interests, also stressed the IP address location was meaningless.

"We have pointed out many times that hacking attacks are a global problem," foreign ministry spokesman Hong Lei said.

"It is anonymous and trans-national. By using other countries' IP addresses, hackers attack some countries' networks and this is a common practice," he said.

Wednesday's attack came days after North Korea accused South Korea and the United States of being behind a "persistent and intensive" hacking assault that took a number of its official websites offline for nearly two days.

It also coincided with heightened military tensions on the Korean peninsula, following Pyongyang's nuclear test last month.

In testimony last year to the US congressional Armed Services Committee, the commander of US forces in South Korea, General James Thurman, said North Korea was employing "sophisticated computer hackers" trained in cyber attacks.

"Such attacks are ideal for North Korea" because they can be done anonymously, and "have been increasingly employed against a variety of targets including military, governmental, educational and commercial institutions", Thurman said.

North Korea was particularly blamed for cyber attacks in 2009 and 2011 that targeted South Korean financial entities and government agencies.

Those attacks were so-called distributed denial-of-service attacks, which overload a site with data causing it to crash, and are relatively simple to carry out.

Wednesday's coordinated assault was more sophisticated, using malware that can wipe the contents of a computer's hard disk as well as drives connected to the infected computer.

Explore further: LinkedIn membership hits 300 million

add to favorites email to friend print save as pdf

Related Stories

Cyber attack on Seoul's Unification Ministry

Aug 09, 2011

The South Korean ministry which handles relations with North Korea has been targeted by hackers in the latest of a series of online attacks on government and corporate websites, an official said Tuesday.

S. Korea to step up security against cyber attacks

May 24, 2011

South Korea said Tuesday it will step up IT security within the government to fend off cyber attacks from North Korea, which it has accused of mounting a series of strikes in recent years.

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

UAE reports 12 new cases of MERS

Health authorities in the United Arab Emirates have announced 12 new cases of infection by the MERS coronavirus, but insisted the patients would be cured within two weeks.

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...