Share This Page

Experts suspect North in South Korea cyberattack

| Wednesday, March 20, 2013, 9:45 p.m.

SEOUL — A Chinese Internet address was the source of a cyberattack on one of the South Korean companies hit in an enormous computer shutdown that affected five other banks or media companies, initial findings indicated on Thursday.

It's too early to assign blame — Internet addresses can easily be manipulated and disguised — but suspicion for Wednesday's shutdown quickly fell on North Korea, which has threatened Seoul with attack in recent days because of anger over U.N. sanctions imposed for its Feb. 12 nuclear test.

Experts say hackers often attack via computers in other countries to hide their identities. South Korea has previously accused North Korean hackers of using Chinese addresses to attack.

The crash on Wednesday caused computer networks at major banks and top TV broadcasters to crash simultaneously. It paralyzed bank machines across the country and raised fears that this heavily Internet-dependent society was vulnerable.

A Chinese address created the malicious code in the server of one of the banks, Nonghyup, where computers crashed, according to an initial analysis by the state-run Korea Communications Commission, South Korea's telecom regulator.

It is expected to take at least four to five days for the infected computers to recover.

Regulators have distributed vaccine software to government offices, banks, hospitals and other institutions to prevent more outages.

The network paralysis took place just days after North Korea accused South Korea and the United States of staging a cyberattack that shut down its websites for two days last week. Loxley Pacific, the Thailand-based Internet service provider, confirmed the North Korean outage but did not say what caused it.

The South Korean shutdown did not affect government agencies or potential targets such as power plants or transportation systems, and there were no immediate reports that bank customers' records were compromised, but the disruption froze part of the country's commerce.

Some customers were unable to use the debit or credit cards that many rely on more than cash. At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines formed outside disabled bank machines.

Shinhan Bank, a major South Korean lender, reported a two-hour system shutdown, including online banking and automated teller machines. It said networks later came back online and that banking was back to normal. Shinhan said no customer records or accounts were compromised.

Another big bank, Nonghyup, said its system eventually came back online. Officials didn't answer a call seeking details on the safety of customer records. Jeju Bank said some of its branches reported network shutdowns.

Broadcasters KBS and MBC said their computers went down at 2 p.m., but that the shutdown did not affect TV broadcasts. Computers were still down about seven hours after the shutdown began, according to the state-run Korea Communications Commission, South Korea's telecom regulator.

The YTN cable news channel said the company's internal computer network was paralyzed. Footage showed workers staring at blank computer screens.

KBS employees said they watched helplessly as files stored on their computers began disappearing.

An ominous question is what other businesses, in South Korea or elsewhere, may also be in the sights of the attacker, said James Barnett, former chief of public safety and homeland security for the Federal Communications Commission. Barnett heads the cybersecurity practice at Washington law firm Venable.

“This needs to be a wake-up call,” he said. “This can happen anywhere.”

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.