South Korea misidentifies China as cyberattack origin
Attack hit 32,000 computers at 6 companies
The Associated Press
Posted: Mar 22, 2013 3:48 AM ET
Last Updated: Mar 22, 2013 2:21 PM ET
Members of the Korea Internet Security Agency (KISA) check on cyberattacks at a briefing room of KISA in Seoul on March 20, 2013. South Korean researchers misidentified a Chinese IP address as being involved in the attack. (Jung Yeon-Je/AFP/Getty Images)
Related
In an embarrassing twist to a coordinated cyberattack on six major South Korean companies this week, investigators said Friday they wrongly identified a Chinese internet protocol address as the source.
A joint team of government and private experts still maintains that hackers abroad were likely to blame, and many analysts suspect North Korea. But the error raises questions about investigators' ability to track down the source of an attack that shut down 32,000 computers Wednesday and exposed big internet security holes in one of the world's most wired, tech-savvy countries.
South Korean investigators said Thursday that a malicious code that spread through the server of one of the hackers' targets, Nonghyup Bank, was traced to an IP address in China. Even then it was clear that the attack could have originated elsewhere because hackers can easily manipulate such data.
But the state-run Korea Communications Commission said Friday that the IP address actually belonged to a computer at the bank. The IP address was used only for the company's internal network and happened to be identical to a public Chinese address.
"We were careless in our efforts to double-check and triple-check," KCC official Lee Seung-won told reporters. He blamed the error on investigators' rush to give the public details on the search for a culprit.
'Ridiculous' blunder
Yonhap news agency, in an analysis Friday, called the blunder "ridiculous" and said the announcement is certain to undermine government credibility.
Yonhap criticized officials for failing to dispel public anxiety in a country where people's lives are closely interwoven with services provided by media and financial institutions.
An initial assumption that the attack came from abroad may have made investigators jump to conclusions, said Lee Kyung-ho, a cybersecurity expert at Seoul's Korea University.
"They rushed," he said. "They should've investigated by checking the facts step by step."
The investigation will take weeks. Investigators have said the attacks appeared to come from "a single organization" and suspect the hackers were from outside the country. Lee Seung-won, the KCC official, discounted the possibility that the attack could have come from within South Korea, but he didn't elaborate.
Lee Kyung-ho and many other South Korean experts suspect North Korea is behind the attack on broadcasters YTN, MBC and KBS, as well as Nonghyup and two other banks.
While there are many possible explanations, he said, including a homegrown hacker, the culprits are most likely to be North Koreans angry over ongoing U.S.-South Korean military drills. Lee said Pyongyang is well aware that an attack on financial institutions and media companies would create lots of publicity and turmoil in South Korea's vibrantly capitalistic society.
North Korea has issued many threats against the South and the U.S. in recent days, but by Friday it had yet to mention the South Korean computer crashes in state-run media.
South Korean officials say they have no proof of Pyongyang's involvement. The country is preparing to deal with more possible attacks, presidential spokesman Yoon Chang-jung told reporters earlier Friday. He didn't elaborate.
North Korea a leading suspect
Determining who's behind a digital attack is often difficult, but North Korea is a leading suspect for several reasons.
It has unleashed a torrent of threats against Seoul and Washington since punishing UN sanctions were imposed for Pyongyang's Feb. 12 nuclear test. It calls ongoing routine U.S.-South Korean military drills a threat to its existence. Pyongyang also threatened revenge after blaming Seoul and Washington for a separate internet shutdown that disrupted its own network last week.
Seoul alleges six previous cyberattacks by North Korea on South Korean targets since 2009.
Wednesday's cyberattack did not affect South Korea's government, military or infrastructure, and there were no initial reports that customers' bank records were compromised. But it disabled cash machines and disrupted commerce.
All three of the banks that were hit were back online and operating regularly Friday. It could be next week before the broadcasters' systems have fully recovered, though they said their programming was never affected.
Share Tools
Top News Headlines
- Senior Pakistani politician shot dead
- Gunmen in Pakistan have killed a senior member of Imran Khan's Movement for Justice (PTI) party outside her home in Karachi. more »
- Rescue attempt over for New Brunswick fishermen
- The rescue attempt for two missing fishermen has been called off in New Brunswick, hours after one body was found. more »
- Car drives into crowd at Virginia parade
- About 50 to 60 people were injured after a driver described by witnesses as an elderly man drove his car into a group of hikers marching in a parade in a small Virginia mountain town. more »
- Spectator killed at Edmonton Jeep event
- A 20-year-old woman died Saturday during an event for Jeep enthusiasts held in a parking lot just west of downtown Edmonton. more »
Must Watch
Latest Technology & Science News Headlines
- High Arctic research station saved by new funding
- Canada's northernmost research lab won't have to shut down after all and will be able to resume year-round operations, with the help of a new grant from the federal government. more »
- 2 earthquakes felt in Ontario and Quebec
- Two earthquakes near the Ontario-Quebec border could be felt across both provinces this morning. more »
- Chris Hadfield's translator: Q&A with Canadian astronaut Jeremy Hansen
- While Chris Hadfield was returning from the International Space Station on Monday night, another Canadian astronaut was offering his own unique play-by-play of the action as the Soyuz capsule plunged to Earth. more »
- Why some Canadians want to die on Mars
- More than 80,000 people have applied for a Dutch non-profit organization's proposed one-way trip to Mars. Anna Maria Tremonti, host of The Current, spoke to four Canadians — two Mars one applicants, a member of the Mars One team, and astronaut Julie Payette — about whether it's a good idea. more »
Bob McDonald's Blog
Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.
Quirks & Quarks
- May 18: Apps for Apes May. 17, 2013 4:26 PM Scientists at more than 2 dozen zoos around the world, including the Toronto Zoo, have been using computer tablets to stimulate our bright orange primate cousins, the orangutans. And the orangutans have been loving it.
Latest Features
- Spectator killed at Edmonton Jeep event
- Car drives into crowd at Virginia parade
- Toronto Mayor Rob Ford cancels weekly radio show
- Rescue attempt over for New Brunswick fishermen
- Winning ticket sold in Florida for $590M Powerball jackpot
- Email is proof Senate greenlit expenses, Brazeau says
- Astronaut Chris Hadfield adjusts to 'earthling' life
- Senior Pakistani politician shot dead
- 1 person hurt after trains collide near Medicine Hat
