JoongAng hit by major cyberattack
A screen capture of the JoongAng Ilbo’s Internet news site Saturday evening after it was hit by a major cyberattack that shut down the whole production network. A photo of a white cat and the statement “Hacked by IsOne” appeared on the site with some unknown computer code beneath.
The JoongAng Ilbo’s Internet news site and its database server were hacked Saturday evening, prompting the police to begin an investigation.
Following the cyberattack, the JoongAng Ilbo and the Korea JoongAng Daily lost the databases that store articles and photos. The editing system that moves copy was also destroyed, disrupting the newspaper-making process.
The cyberattack took place at around 6:30 p.m. Saturday, and the connection to the site www.joongang.co.kr was cut off.
A photo of a white cat and the statement “Hacked by IsOne” was posted instead. Some unknown code in green-colored fonts was also posted on the site with a message insinuating that additional media sites will be hacked on two days, the 19th and the 29th. It wasn’t clear which month was being referred to.
Immediately after the hacking, the JoongAng Ilbo redirected the site to another news site of the company, joongang.joins.com, and continued reporting of the news.
Experts say such a massive cyberattack on a media Web site is unprecedented.
“There have been some hacking groups overseas that changed the Web site screen of certain media to show off their hacking ability, but there hasn’t been an instance where the entire production network and servers shut down,” said Yoon Kwang-taek, director of Symantec, a software security firm.
The attack was meticulously planned. The hacker connected to the JoongAng Ilbo’s Web site by typing in an unusual domain address, www.joongang.co.kr, which is used only by the employees. Normally, if an outsider connects to this address, the company automatically directs him or her to the domain www.joins.com through a redirection program. The hacker, however, is known to have remained on the www.joongang.co.kr address to attack the internal server.
“We have dispatched our investigators urgently to the JoongAng Ilbo to secure evidence,” said Jong Seok-hwa, chief investigator of the Cyber Terror Response Center of the National Police Agency. “We have never seen a strong attack like this before. We will find out the origin of the hacking and take necessary measures.”
The JoongAng Ilbo and the Korea JoongAng Daily, which uses the same server, are currently using a temporary server to publish. They aim to normalize the system as soon as possible by backing up lost data and installing a new operating system.
The police said they were looking into the possible involvement of North Korea. Pyongyang recently threatened South Korean media outlets.
North Korea has a history of railing at South Korean media outlets over their critical reports about the communist regime. On June 4, the North issued an unprecedented threat of military attacks against seven media outlets, including the JoongAng Ilbo.
In April 2011, a cyberattack took place on the network of the Nonghyup, paralyzing its banking operations for days. In the following month, South Korea’s prosecution said North Korea was behind the breakdown.
By Ser Myo-ja, Park Tae-hee [myoja@joongang.co.kr]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)