Cyberattack hits South Korean banks, TV networks
Initial analysis shows attack originated in China
The Associated Press
Posted: Mar 20, 2013 3:02 AM ET
Last Updated: Mar 20, 2013 11:16 PM ET
A cyberattack caused computer networks at major South Korean banks and top TV broadcasters to crash simultaneously Wednesday, paralyzing bank machines across the countryand raising fears that this heavily Internet-dependent society was vulnerable.
Screens went blank at 2 p.m. local time, the state-run Korea Information Security Agency said, and more than seven hours later, some systems were still down.
Initial findings indicated that the attack on one of the companies originated in China, although experts say hackers often attack via computers in other countries to hide their identities.
A Chinese address created the malicious code in the server of one of the banks, Nonghyup, where computers crashed, according to an initial analysis by the state-run Korea Communications Commission, South Korea's telecom regulator.
Some experts had earlier suspected that the cyberattack on South Korea was orchestrated by Pyongyang. The rivals have exchanged threats amid joint U.S.-South Korean military drills and in the wake of UN sanctions meant to punish North Korea over its nuclear test last month.
'Hackers left indications in computer files that mean this could be the first of many attacks.'—Kwon Seok-chul, cybersecurity expert
The network paralysis took place just days after North Korea accused South Korea and the U.S. of staging a cyberattack that shut down its websites for two days last week. Loxley Pacific, the Thailand-based internet service provider, confirmed the North Korean outage but did not say what caused it.
The South Korean shutdown did not affect government agencies or potential targets such as power plants or transportation systems, and there were no immediate reports that bank customers' records were compromised, but the disruption froze part of the country's commerce.
Some customers were unable to use the debit or credit cards that many rely on more than cash. At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines formed outside disabled bank machines.
Shinhan Bank, a major South Korean lender, reported a two-hour system shutdown, including online banking and automated teller machines. It said networks later came back online and that banking was back to normal. Shinhan said no customer records or accounts were compromised.
Nonghyup said its system eventually came back online. Officials didn't answer a call seeking details on the safety of customer records. Jeju Bank said some of its branches also reported network shutdowns.
It is expected to take at least four to five days for the infected computers to recover fully.
North Korea had threatened news companies
Broadcasters KBS and MBC said their computers went down at 2 p.m., but that the shutdown did not affect TV broadcasts. Computers were still down about seven hours after the shutdown began, according to the state-run Korea Communications Commission, South Korea's telecom regulator.
The YTN cable news channel also said the company's internal computer network was paralyzed. Footage showed workers staring at blank computer screens.
KBS employees said they watched helplessly as files stored on their computers began disappearing.
Last year, North Korea threatened to attack several news companies, including KBC and MBC, over their reports critical of children's' festivals in the North.
"It's got to be a hacking attack," said Lim Jong-in, dean of Korea University's Graduate School of Information Security. "Such simultaneous shutdowns cannot be caused by technical glitches."
The Korea Information Security Agency had reported that an image of skulls and a hacking claim had popped up on some of the computers that shut down, but later said those who reported the skulls did not work for the five companies whose computers suffered massive outages. KISA was investigating the skull images as well.
"If it plays out that this was a state-sponsored attack, that's pretty bald faced and definitely an escalation in the tensions between the two countries," said James Barnett, former chief of public safety and homeland security for the U.S. Federal Communications Commission.
An ominous question is what other businesses, in South Korea or elsewhere, may also be in the sights of the attacker, said Barnett, who heads the cybersecurity practice at Washington law firm Venable.
"This needs to be a wake-up call," he said. "This can happen anywhere."
An official at the Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches.
LG Uplus Corp., which provides network services for the companies that suffered outages, saw no signs of a cyberattack on its networks, company spokesman Lee Jung-hwan said.
Military, government unaffected
The South Korean military raised its cyberattack readiness level but saw no signs of cyberattacks on its networks, the Defence Ministry said.
No government computers were affected, officials said. President Park Geun-hye called for quick efforts to get systems back online, according to her spokeswoman, Kim Haing.
The shutdown raised worries about the overall vulnerability to attacks in South Korea, a world leader in broadband and mobile internet access. Previous hacking attacks at private companies compromised millions of people's personal data. Past malware attacks also disabled access to government agency websites and destroyed files in personal computers.
Seoul believes North Korea runs an Internet warfare unit aimed at hacking U.S. and South Korean government and military networks to gather information and disrupt service.
Seoul blames North Korean hackers for several cyberattacks in recent years. Pyongyang has either denied or ignored those charges.
Hackers operating from IP addresses in China have also been blamed. In 2011, computer security software maker McAfee Inc. said North
Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites earlier that year. The analysis also said North Korea appeared to be linked to a 2009 massive computer-based attack that brought down U.S. government Internet sites. Pyongyang denied involvement.
"North Korea has almost certainly done similar attacks before," said Tim Junio, a cybersecurity fellow at Stanford University's Center for International Security and Cooperation. "Part of why this wasn't more consequential is probably because South Korea took the first major incident seriously and deployed a bunch of organizational and technical innovations to reduce response time during future North Korea attacks."
South Korea has created a National Cybersecurity Center, a national monitoring sector and a Cyber Command modeled after the U.S. Cyber Command.
"These companies have security monitoring centres getting fed info from all over Korea to help detect incidents quickly and push technical solutions," he said. "They also have formal relationships with the government and sectors within their companies dedicated to national security work, including North Korean malware."
Rising rhetoric over sanctions
The shutdown comes amid rising rhetoric and threats of attack from Pyongyang over the U.N. sanctions. Washington also expanded sanctions against North Korea this month in a bid to cripple the government's ability to develop its nuclear program.
North Korea has threatened revenge for the sanctions and for ongoing U.S.-South Korean military drills, which the allies describe as routine but which Pyongyang says are rehearsals for invasion.
On Wednesday, North Korean leader Kim Jong Un inspected military drills in which drone planes hit targets and rockets shot down mock enemy cruise missiles. Kim told officers the North should "destroy the enemies without mercy so that not a single man can survive to sign a document of surrender when a battle starts," according to the official Korean Central News Agency.
Last week, North Korea's Committee for the Peaceful Reunification of Korea warned South Korea's "reptile media" that the North was prepared to conduct a "sophisticated strike" on Seoul.
North Korea also has claimed cyberattacks by the U.S. and South Korea. The North's official Korean Central News Agency accused the countries of expanding an aggressive stance against Pyongyang into cyberspace with "intensive and persistent virus attacks."
South Korea denied the allegation and the U.S. military declined to comment.
Lim said he believes hackers in China were likely culprits in the outage in Pyongyang, but that North Korea was probably responsible for Wednesday's attack.
"Hackers attack media companies usually because of a political desire to cause confusion in society," he said. "Political attacks on South Korea come from North Koreans."
Orchestrating the mass shutdown of the networks of major companies would have taken at least one to six months of planning and co-ordination, said Kwon Seok-chul, chief executive officer of Seoul-based cybersecurity firm Cuvepia Inc.
Kwon, who analyzed personal computers at one of the three broadcasters shut down Wednesday, said he hasn't yet seen signs that the malware was distributed by North Korea.
"But hackers left indications in computer files that mean this could be the first of many attacks," he said.
Lim said tracking the source of the outage would take months.
Top News Headlines
- Greg Weston: Senate scandal may be Harper's worst hour
- The widening Senate scandal that the prime minister flippantly tried to dismiss as a 'distraction' just days ago has instead become arguably Stephen Harper's worst hour. more »
- 3 injured in Washington state bridge collapse
- A Washington state bridge over a river collapsed Thursday evening, dumping two vehicles into the water and sparking a rescue effort by boats and divers who searched the chilly waterway north of Seattle. more »
- Federal Court won't remove MPs over robocall allegations
- The Federal Court says it won't throw six MPs out of their seats over allegations of widespread vote suppression through automated robocalls in the 2011 federal election. But Judge Richard Mosley did find that fraud occurred in the election. more »
- 3D printers give rise to 'desktop manufacturing'
- Customizable objects from plastic dollhouse furniture to medical prosthetics can now be designed and printed out by almost anyone at the press of a button, and is going to lead to an 'explosion of new stuff,' predicts author Chris Anderson. more »
Latest Business Headlines
- German brewers worry fracking will compromise beer quality
- German brewers are worried that fracking, the process of extracting natural gas from underground shale deposits, will jeopardize the quality of their beer by contaminating the water supply and have asked their government to hold off on passing the fracking regulations it has been drafting for months. more »
- SNC-Lavalin letter says Gadhafi son offered VP post: RCMP
- SNC-Lavalin's ties to Libya's former dictatorship ran so deep the company offered the son of Moammar Gadhafi a six-figure job as a vice president in 2008, according to a newly unsealed RCMP affidavit. more »
- Importers brace for fight over iPods and TVs
- Importers of popular electronics such as big-screen TVs and MP3 players are ramping up their fight against federal tariff changes, accusing the government of misleading them by offering tariff breaks that it planned to claw back later. more »
- Big retailers pull out of $7B credit card fee settlement
- Some of America's largest retailers, including Target Corp. and Macy's Inc., on Thursday filed a lawsuit against MasterCard and Visa, rejecting a settlement reached last year over alleged fee-fixing. more »
- Mobilicity debtholders approve sale to Telus
- The creditors owed money by the financially struggling wireless company Mobilicity approved a deal Thursday that would see the mobile upstart sold to Telus for $380 million, but the sale must still be approved by regulators and the court overseeing Mobilcity's restructuring. more »
Lang & O'Leary Exchange
The data on this site is informational only and may be delayed; it is not intended as trading or investment advice and you should not rely on it as such.
- 3 injured in Washington state bridge collapse
- Toronto mayor fired chief of staff for telling him to 'get help'
- Alleged Ford crack video seller not responding to calls
- Duffy says he wants to give Canadians 'the whole story'
- Pickup truck backs up over mother, 2 children in tent
- Vancouver man abandons Porsche on B.C. ferry
- Toronto Mayor Rob Ford fires chief of staff
- Montreal lifts boil-water advisory
- Federal Court won't remove MPs over robocall allegations