Experts suspect North in South Korea cyberattack
SEOUL — A Chinese Internet address was the source of a cyberattack on one of the South Korean companies hit in an enormous computer shutdown that affected five other banks or media companies, initial findings indicated on Thursday.
It's too early to assign blame — Internet addresses can easily be manipulated and disguised — but suspicion for Wednesday's shutdown quickly fell on North Korea, which has threatened Seoul with attack in recent days because of anger over U.N. sanctions imposed for its Feb. 12 nuclear test.
Experts say hackers often attack via computers in other countries to hide their identities. South Korea has previously accused North Korean hackers of using Chinese addresses to attack.
The crash on Wednesday caused computer networks at major banks and top TV broadcasters to crash simultaneously. It paralyzed bank machines across the country and raised fears that this heavily Internet-dependent society was vulnerable.
A Chinese address created the malicious code in the server of one of the banks, Nonghyup, where computers crashed, according to an initial analysis by the state-run Korea Communications Commission, South Korea's telecom regulator.
It is expected to take at least four to five days for the infected computers to recover.
Regulators have distributed vaccine software to government offices, banks, hospitals and other institutions to prevent more outages.
The network paralysis took place just days after North Korea accused South Korea and the United States of staging a cyberattack that shut down its websites for two days last week. Loxley Pacific, the Thailand-based Internet service provider, confirmed the North Korean outage but did not say what caused it.
The South Korean shutdown did not affect government agencies or potential targets such as power plants or transportation systems, and there were no immediate reports that bank customers' records were compromised, but the disruption froze part of the country's commerce.
Some customers were unable to use the debit or credit cards that many rely on more than cash. At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines formed outside disabled bank machines.
Shinhan Bank, a major South Korean lender, reported a two-hour system shutdown, including online banking and automated teller machines. It said networks later came back online and that banking was back to normal. Shinhan said no customer records or accounts were compromised.
Another big bank, Nonghyup, said its system eventually came back online. Officials didn't answer a call seeking details on the safety of customer records. Jeju Bank said some of its branches reported network shutdowns.
Broadcasters KBS and MBC said their computers went down at 2 p.m., but that the shutdown did not affect TV broadcasts. Computers were still down about seven hours after the shutdown began, according to the state-run Korea Communications Commission, South Korea's telecom regulator.
The YTN cable news channel said the company's internal computer network was paralyzed. Footage showed workers staring at blank computer screens.
KBS employees said they watched helplessly as files stored on their computers began disappearing.
An ominous question is what other businesses, in South Korea or elsewhere, may also be in the sights of the attacker, said James Barnett, former chief of public safety and homeland security for the Federal Communications Commission. Barnett heads the cybersecurity practice at Washington law firm Venable.
“This needs to be a wake-up call,” he said. “This can happen anywhere.”