Hacker IP traced to China
A joint government-civilian-military team, formed in response to the cybersecurity breach, announced its initial findings based on analysis of the data collected from Nonghyup Bank that the malicious code that paralyzed the network systems came from a Chinese IP address.
“After we analyzed the network systems of Nonghyup [one of the three banks hacked], we discovered an IP address from China accessed a bank server that managed [antivirus] software updates, which then produced malicious files,” Park Jae-moon, director of the Korea Communications Commission’s network policy team told reporters during a briefing yesterday.
The director said it was through the virus infected-update-management server that other computers at the bank headquarters and branches were also infected with the malware.
The embedded malicious code, delivered by unidentified hackers with the Chinese IP address, was programmed to start destroying the boot function of the computers to paralyze the network system.
The state-run body also reported 32,000 computers and network servers of the six targeted institutions were sabotaged.
Experts say it is hard to track down the IP address if it comes from a third country, such as China, which is why Pyongyang is strongly thought to have orchestrated the massive infiltration Wednesday. North Korea is thought to have carried out its cyber-espionage attempts in the past via IP addresses in China, an allegation the communist state has denied so far.
“As we have identified a source of the attack, many different scenarios [about the attack] are possible now. We are now doing our best to identify those responsible for the hacking,” added the official.
The spontaneous cyberattack waged on Wednesday caused shutdowns of computer servers at three TV network stations, MBC, KBS and YTN, and hindered banking transactions at Shinhan, Nonghyup and Jeju banks as their computers were also infected with the virus.
As of 5 p.m. yesterday, the Web site of KBS was still down while the groupware operations at MBC were malfunctioning. YTN also reportedly suffered from losing its database.
Shinhan Bank said it fully resumed its banking operations following the recovery of network operations. It was business as usual at Nonghyup except for some 20 percent of the ATM machines in the county weren’t working. The groupware Web page of the telecom service provider LG U+ showed an image of skulls with a message from the hackers.
The Korea Internet Security Agency said it would take at least four to five days to restore functioning of the computer network systems of the damaged institutions.
One senior-ranking official at the Blue House said there is a “high suspicion that the attack was committed by the North while the government is analyzing the incident with all the possibilities in mind.”
Another official at the presidential office, who also spoke on condition of anonymity, said it’s “too early to say the attack was done by the North at the current stage.” But he added the North is fully “capable of carrying out the cyberattack” like the one seen on Wednesday with its cyberwarfare unit that reportedly has trained around 3,000 elite hackers.
“We already have taken action to raise readiness against another round of cyberattacks that could target national infrastructure facilities,” said the official.
Amid rising speculation it was a Pyongyang-driven plan to disrupt media and financial operations in the tech-savvy country, the National Intelligence Service said in its report to the National Assembly that 73,030 cyberattacks on South Korean government and private institutions have been waged over the past five years. The spy agency strongly believes six out of the total numbers were carried out by the North.
One of the suspected six Pyongyang-led cyberattacks is the hacking of the Web site and server of the JoongAng Ilbo and the Korea JoongAng Daily, in June of last year, which disrupted the network system and destroyed the database that stored articles and photos.
The three targeted broadcasters - KBS, YTN and MBC - were on a list of media groups Pyongyang warned of retaliation last year for their critical coverage of North Korean affairs.
Pyongyang has neither acknowledged nor denied responsibility for the Wednesday attack as of yesterday. It has not commented on the incident.
By Kang Jin-kyu [email@example.com]