Cyber sabotage hits day 3; more may be in store

Cyber sabotage by an unidentified group of hackers on high-profile Korean government and corporate Web sites persisted for a third day yesterday and officials fear more is to come.

As AhnLab Inc., Korea’s top computer security firm, had warned, hackers launched a third attack yesterday, targeting No. 1 lender Kookmin Bank beginning at 6 p.m. Kookmin was one of seven vulnerable sites pinpointed by AhnLab. Earlier, the National Intelligence Service had stepped up measures to deflect additional troubles and to minimize damage.

Following the initial attack on 11 Korean sites on Tuesday evening, hackers made a second cyberspace raid Wednesday afternoon on 16 additional sites with a method called distributed denial-of-service, or DDoS.

Included in the attackers’ crosshairs were the National Intelligence Service, AhnLab and the U.S.-Korea Combined Forces. The National Police Agency, the prosecution and other government agencies have launched coordinated efforts to track down the origin and identity of the involved hackers but have yet to produce visible progress. While the Seoul Central District Prosecutors’ Office yesterday established an Internet crime investigation team consisting of 10 experts, police formed a 24-member team solely devoted to the probe.

Prime Minister Han Seung-soo said in a press briefing that the ongoing cyber attack is “an attack against the national system and a provocation threatening national security” - something distinct from past Internet network virus attacks.

The Associated Press reported yesterday that U.S. authorities are eyeing North Korea as the origin of the cyber sabotage, “although they warned it would be difficult to quickly and definitively identify the attackers.” Fourteen U.S. government and corporate sites suffered DDoS attacks using the same method on Tuesday. Both the Korean and U.S. governments suspect the attacks on the two countries are linked.

The targets of the second attack here included 10 new entities - the National Cyber Security Center under the NIS, the Public Administration Ministry, AhnLab, software developer ESTsoft, Web portals Daum and Paran, and Woori, Hana and Kookmin banks plus the Industrial Bank of Korea. Also under attack were six originally targeted sites - the Blue House, Defense Ministry, Naver e-mail service, the Chosun Ilbo newspaper and the online shopping site Auction, owned by eBay. Access to some of those sites was on and off through yesterday, while Internet banking service for the four lenders was suspended Wednesday night.

The Financial Services Commission, the country’s top financial authority, said a total of seven banks have been attacked as of yesterday but no customer information was compromised nor have illegal money transfers been detected.

AhnLab customers had problems updating V3 computer anti-virus software Wednesday night. Auction, whose daily sales revenue averages around 7.6 billion won ($5.9 million), had its sales suspended for a full day. Its service restarted Wednesday night.

Some U.S. sites, including those of The Washington Post, New York Stock Exchange and Nasdaq have blocked
access from Korea to prevent further attacks. According to AhnLab, the third-attack targets mostly overlap those in the first and second attacks. They are: the Public Administration Ministry, Chosun Ilbo, Kookmin Bank, Naver, Daum, Paran and Auction.

Kim Hong-sun, chief executive of AhnLab, said in an interview with Yonhap News Agency yesterday that the latest attacks are “the worst cyber terror” he has seen in his 15-year career in the computer security industry. He compared the event to the Sept. 11 attack in the United States in which terrorists hijacked private planes to destroy the World Trade Center.

Although only personal computers acted as “zombies” for the present attack, Internet TV and phones could also be commandeered, Kim said. He said the incident is the last chance for Korean society to boost its Web security infrastructure. According to Kim, the Korean government allocates less than 1 percent of its annual IT-industry budget on security, compared with 5-12 percent in other major economies.

DDoS floods Web sites with requests from a collection of zombie computers, making them inaccessible to the general public. Hackers create zombies by remotely hijacking vulnerable computers via e-mail or malicious code. Police and IT authorities estimate some 23,000 zombies were used domestically for the initial attack, followed by around 6,000 for the second.

By Seo Ji-eun [spring@joongang.co.kr]