Chinese internet address involved in S. Korea cyberattack
South Korean regulators still investigating attack on banks, media outlets
The Associated Press
Posted: Mar 21, 2013 12:33 AM ET
Last Updated: Mar 21, 2013 4:07 AM ET
A Chinese internet address was the source of a cyberattack on one company hit in a massive network shutdown that affected 32,000 computers at six banks and media companies in South Korea, initial findings indicated Thursday.
It's too early to assign blame — internet addresses can easily be manipulated and the investigation could take weeks — but suspicion for Wednesday's shutdown quickly fell on North Korea, which has threatened Seoul and Washington with attack in recent days because of anger over UN sanctions imposed for its Feb. 12 nuclear test.
South Korean regulators said they believe the attacks came from a "single organization," but they've still not finished investigating what happened at the other companies.
Experts say hackers often attack via computers in other countries to hide their identities. South Korea has previously accused North Korean hackers of using Chinese addresses to infect their networks.
"We do know that North Korea does route attacks through Chinese servers because that's the only way they can communicate with South Korea," Timothy Junio, a cybersecurity fellow at Stanford University's Center for International Security and Cooperation, said. "It's not surprising there's a Chinese IP address involved."
Seoul believes North Korea runs an internet warfare unit aimed at hacking U.S. and South Korean government and military networks to gather information and disrupt service.
The attack Wednesday caused computer networks at major banks and top TV broadcasters to crash simultaneously. It paralyzed bank machines across the country and raised fears that this heavily internet-dependent society was vulnerable. On Thursday, only one of the attacked banks, Shinhan, was fully online, officials said.
A Chinese address created the malicious code in the server of Nonghyup bank, according to an initial analysis by the state-run Korea Communications Commission, South Korea's telecom regulator.Disconnected computer monitors are seen at a visitors center of Korean Broadcasting System (KBS) headquarters in Seoul. (Kim Jae-Hwan/AFP/Getty Images)
KCC spokesman Cho Kyeong-sik said investigators are analyzing the log-in records and the malicious code collected from the infected servers and computers. It could take at least four to five days for the infected computers to recover fully, he said. Experts say the entire investigation could take weeks.
South Korean regulators have also distributed vaccine software to government offices, banks, hospitals and other institutions to prevent more outages.
In an indication of the high tension on the Korean Peninsula, South Korean media reported that North Korea sounded air-raid warnings in radio broadcasts Thursday morning as part of military drills.
The network paralysis took place just days after North Korea accused South Korea and the U.S. of staging a cyberattack that shut down its websites for two days last week. Loxley Pacific, the Thailand-based internet service provider, confirmed the North Korean outage but did not say what caused it. South Korea denied the allegation.
The attack may have also extended to the United States. Greg Scarlatoiu, executive director of the U.S.-based Committee for Human Rights in North Korea, said he discovered early Wednesday that their website had been hacked. They have yet to establish who was behind it but strongly suspect it came from North Korea.
Several of the committee's publications, including lengthy reports with satellite imagery of North Korean prison camps, had been removed, along with biographies of their staff and board, and their policy recommendations to the Obama administration.
The South Korean shutdown did not affect government agencies or sensitive targets such as power plants or transportation systems, and there were no immediate reports that bank customers' records were compromised, but the disruption froze part of the country's commerce.
Some customers were unable to use the debit or credit cards that many rely on more than cash. At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines formed outside disabled bank machines.
Broadcasters KBS and MBC still didn't have full computer use on Thursday, but the shutdown did not affect TV broadcasts.
The YTN cable news channel also said the company's internal computer network was paralyzed. Footage showed workers staring at blank computer screens.
KBS employees said they watched helplessly as files stored on their computers began disappearing.
Last year, North Korea threatened to attack several news companies, including KBC and MBC, over their reports critical of children's' festivals in the North.
'This needs to be a wake-up call'
"If it plays out that this was a state-sponsored attack, that's pretty bald faced and definitely an escalation in the tensions between the two countries," said James Barnett, former chief of public safety and homeland security for the U.S. Federal Communications Commission.
An ominous question is what other businesses, in South Korea or elsewhere, may also be in the sights of the attacker, said Barnett, who heads the cybersecurity practice at Washington law firm Venable.
"This needs to be a wake-up call," he said. "This can happen anywhere."
An official at the South's Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches.
The shutdown raised worries about the overall vulnerability to attacks in South Korea, a world leader in broadband and mobile internet access. Previous hacking attacks at private companies compromised millions of people's personal data. Past malware attacks also disabled access to government agency websites and destroyed files in personal computers.
Seoul blames North Korean hackers for several cyberattacks in recent years. Pyongyang has either denied or ignored those charges. Hackers operating from IP addresses in China have also been blamed.
In 2011, computer security software maker McAfee Inc. said North Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites earlier that year. The analysis also said North Korea appeared to be linked to a massive computer-based attack in 2009 that brought down U.S. government Internet sites. Pyongyang denied involvement.
"North Korea has almost certainly done similar attacks before," Junio said. "Part of why this wasn't more consequential is probably because South Korea took the first major incident seriously and deployed a bunch of organizational and technical innovations to reduce response time during future North Korea attacks."
South Korea has created a National Cybersecurity Center, a national monitoring sector and a Cyber Command modeled after the U.S. Cyber Command. Junio said South Korea's major antivirus firms also play a large role in stopping hacking attacks.
The shutdown comes amid rising rhetoric and threats of attack from Pyongyang over UN sanctions imposed for its December long-range rocket launch and February nuclear test. Washington also expanded sanctions against North Korea this month in a bid to cripple the government's ability to develop its nuclear program.
North Korea has threatened revenge for the sanctions and for ongoing U.S.-South Korean military drills, which the allies describe as routine but which Pyongyang says are rehearsals for invasion.
Last week, North Korea's Committee for the Peaceful Reunification of Korea warned South Korea's "reptile media" that the North was prepared to conduct a "sophisticated strike" on Seoul.
Lim Jong-in, dean of Korea University's Graduate School of Information Security, said North Korea was probably responsible for Wednesday's attack.
"Hackers attack media companies usually because of a political desire to cause confusion in society," he said. "Political attacks on South Korea come from North Koreans."
Top News Headlines
- WHO concerned coronavirus spreading person to person
- The World Health Organization has issued a blunt assessment of the coronavirus outbreak in Saudi Arabia, acknowledging for the first time that there are concerns the virus may be spreading from person to person, at least in a limited way. more »
- Toronto mayor cancels weekly radio show
- Toronto Mayor Rob Ford will not be hosting his weekly radio show this weekend after explosive allegations that he was recorded on video appearing to smoke crack cocaine. more »
- Senator Pamela Wallin leaves Conservative caucus
- Senator Pamela Wallin says she is recusing herself from the Conservative caucus while her travel expense claims are under scrutiny. Wallin's departure comes one day after Senator Mike Duffy left the Tory caucus amid controversy over his expense claims. more »
- Body found after fishing boat capsizes off New Brunswick
- A man's body has been found after a lobster fishing boat capsized off the eastern coast of New Brunswick. more »
Latest Technology & Science News Headlines
- 2 earthquakes felt in Ontario and Quebec
- Two earthquakes near the Ontario-Quebec border could be felt across both provinces this morning. more »
- Chris Hadfield's translator: Q&A with Canadian astronaut Jeremy Hansen
- While Chris Hadfield was returning from the International Space Station on Monday night, another Canadian astronaut was offering his own unique play-by-play of the action as the Soyuz capsule plunged to Earth. more »
- Why some Canadians want to die on Mars
- More than 80,000 people have applied for a Dutch non-profit organization's proposed one-way trip to Mars. Anna Maria Tremonti, host of The Current, spoke to four Canadians — two Mars one applicants, a member of the Mars One team, and astronaut Julie Payette — about whether it's a good idea. more »
- Is warp speed possible?
- Star Trek Into Darkness hit the big screen this week, taking moviegoers back to a science fiction universe where starships are capable of warp speed, crossing light years of interstellar space in minutes. But is that scientifically possible? And if so, how? more »
Bob McDonald's Blog
- Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.
Quirks & Quarks
- May 18: Apps for Apes May. 17, 2013 4:26 PM Scientists at more than 2 dozen zoos around the world, including the Toronto Zoo, have been using computer tablets to stimulate our bright orange primate cousins, the orangutans. And the orangutans have been loving it.
- Senator Pamela Wallin leaves Conservative caucus
- Toronto Mayor Rob Ford denies crack cocaine allegations
- Milwaukee bar wins overturn of bra ban
- Tim Bosma public memorial Wednesday in Hamilton, Ont.
- Public raising funds to buy alleged Rob Ford crack video
- Dennis Oland named as prime suspect in father's slaying
- Sailor fighting cancer says AWOL charges dropped
- Afghan legislators block law protecting women
- RCMP has 'no interest' in discussing harassment suit settlement