South Korean intelligence officials believe North Korea — or parties sympathetic to the communist nation — committed cyber-attacks that paralyzed major South Korean and U.S. government websites, according to aides to two legislators.
The sites of 11 South Korean organizations, including the presidential Blue House and the Defence Ministry, went down or had access problems since late Tuesday, according to the state-run Korea Information Security Agency.
Eleven U.S. sites suffered similar problems, said agency spokeswoman Ahn Jeong-eun. The agency is investigating the case with police and prosecutors, she said.
There were no immediate reports of financial damage or leaking of confidential national information, Ahn said. The alleged attacks appeared aimed only at paralyzing websites, she said.
Effects of attacks on South Korea:
- Earlier Wednesday, the NIS said in a statement that 12,000 computers in South Korea and 8,000 computers overseas had been infected and used for the cyber-attack.
- Some of the South Korean sites remained unstable or inaccessible Wednesday.
- The site of the presidential Blue House could be accessed, but those for the Defence Ministry, the ruling Grand National Party and the National Assembly could not.
- South Korea's Defence Ministry and Blue House said that there has been no leak of any documents.
- The NIS said it believed the attack was "thoroughly" prepared and committed by hackers "at the level of a certain organization or state."
- It said it was co-operating with U.S. investigators to examine the case.
On Wednesday, the National Intelligence Service — South Korea's main spy agency — told a group of South Korean legislators it believes that North Korea or North Korean sympathizers "were behind" the attacks, according to an aide to one of the lawmakers briefed on the information.
An aide to another lawmaker who was briefed also said the NIS suspects North Korea or its followers were responsible.
The aides spoke on condition of anonymity and refused to allow the names of the lawmakers they work for to be published, citing the classified nature of the information.
Both aides said the information was delivered in writing to lawmakers who serve on the National Assembly's intelligence committee.
The National Intelligence Service declined to confirm the information.
Military intelligence officers were looking at the possibility that the attack may have been committed by North Korean hackers and pro-North Korea forces in South Korea, said South Korea's Yonhap news agency said. South Korea's Defence Ministry said it could not confirm the report.
U.S. sites still affected
In the U.S., the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department websites were all down at varying points over the July 4 holiday weekend and into this week, according to U.S. officials inside and outside the government.
Officials familiar with the U.S. outage — termed a denial of service attack —said the fact the government websites were still being affected three days after it began signalled an unusually lengthy and sophisticated attack.
The officials spoke on condition of anonymity because they were not authorized to speak on the matter.
The Korea Information Security Agency also attributed the attacks to denial of service.
Yang Moo-jin, a professor at Seoul's University of North Korean Studies, said he doubts whether the impoverished North has the capability to knock down the sites.
But Hong Hyun-ik, an analyst at the Sejong Institute think tank, said the attack could have been done by either North Korea or China, saying he "heard North Korea has been working hard to hack into" South Korean networks
No other attacks in Asian countries
South Korean media reported in May that North Korea was running a cyber-warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.
An initial investigation in South Korea found that many personal computers were infected with a virus program ordering them to visit major official websites in South Korea and the U.S. at the same time, Korean information agency official Shin Hwa-su said.
There have been no immediate reports of similar cyber-attacks in other Asian countries.
Yonhap reported that prosecutors have found some of the cyber-attacks on the South Korean sites were accessed from overseas. Yonhap, citing an unnamed prosecution official, said the cyber-attack used a method common to Chinese hackers.
Prosecutors were not immediately available for comment.
The initial probe had not yet uncovered evidence about where the outages originated, Shin said. Police also said they had not discovered where they started. Police officer Jeong Seok-hwa said that could take several days.