Cyberattack source still in question

Home > Business > Industry

print dictionary print

Cyberattack source still in question


Workers at the Korea Internet Security Center in eastern Seoul yesterday check the origin of the massive cyberattacks against major banks and TV stations in Korea on Wednesday. [NEWSIS]

Previous reports that Wednesday’s cyberattacks on six major TV networks and banks were from a Chinese Internet Protocol (IP) address have been contradicted by evidence uncovered by the Korea Communications Commission. The top telecom watchdog said yesterday the IP address used for hacking the Nonghyup bank system turned out to be a virtual IP address for the bank’s internal system.

A day earlier, the joint investigation team consisting of the KCC, National Police Agency and the Korea Internet Security Agency said the attack came from China via China Telecom, connecting to the antivirus software-distributing patch management system and planting malicious code into the system to destroy the booting areas of linked computers.

The identification of China as the country of origin led to the assumption that North Korean hackers were behind the crime. The Blue House also said on Thursday it had a “strong suspicion North Koreans spread the malicious code.”

Nonghyup was pinpointed among the six victims because joint investigators found hints of the origin of the attack on some of its computers. TV networks KBS, MBC and YTN and Nonghyup, Shinhan and Jeju banks were attacked.

“We were confused because Nonghyup IP address was similar to the one used in China,” said Lee Jae-il, head of the Internet incidents prevention division at the KISA, yesterday. “That the IP address was based in Nonghyup’s antivirus software update management server does not necessarily mean the hackers were its own employees or South Koreans.”

According to international Internet usage protocol, countries are assigned unique IP addresses, and they are distinguishable from virtual IP addresses for intranet systems at different organizations. However, some addresses may overlap, according to KISA.

Meanwhile, investigators also found out that antivirus software from two major developers - AhnLab and Hauri - played a crucial role in actually spreading the malicious code. Antivirus-program users are supposed to update their software on a regular basis. The update request, however, is done by the central patch management system.

By Seo Ji-eun []
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)

What’s Popular Now