New focus on Nonghyup cyberattack

The prosecution said yesterday that it is putting more weight on the possibility that outside hacking caused last week’s paralysis of Nonghyup’s banking network since it discovered multiple traces of network break-ins.

The prosecutors said they would seek cooperation from financial security agencies and computer experts to learn the operating mechanism of the company’s banking servers and computer programs for deleting key files that caused the crash of the servers.

“[We discovered that] there are many traces that outsiders have made the attack,” said an official at the Seoul Central District Prosecutors’ Office.

The prosecution said a certain group of hacking professionals could have attacked the servers on their own for a certain purpose or in collaboration with insiders.

“We will put more effort on analyzing the system and programs in order to learn the exact route of the cyberattack,” said the official. “It is more complex than we first thought. We expect it would take two to three weeks to analyze.”

Prosecutors earlier said a batch of computer files containing “delete” commands had been installed onto a laptop used inside the computer room of Nonghyup at least about a month prior to the attack, indicating the April 12 attack was deliberate.

They also said the preset commands activated simultaneously from the laptop owned by an employee of IBM Korea, a computer network maintenance subcontractor of Nonghyup, to delete major computer files in the servers that evening.

Nonghyup’s online financial transactions were suspended for days last week, sparking concerns over local companies’ maintenance of computer security and personal information, following the hacking of the country’s leading consumer financial firm, Hyundai Capital Services Inc. Customers were unable to make ATM deposits or withdrawals, or conduct any online or phone banking.

Yonhap