Major computer network meltdown

Politics

Published: 20 Mar. 2013, 21:56

Major computer network meltdown

Workers at KBS, a state-run TV broadcaster, go through the entrance yesterday. By Kim Hyung-soo

At around 2:25 p.m. yesterday major broadcasters and banks saw their computer networks paralyzed, with screens going blank and files being deleted from databases, leading some to point to a cyberattack from North Korea.

Broadcasters KBS, YTN and MBC, along with banks Shinhan, Jeju and Nonghyup had their operations disrupted.

Nonghyup said it disconnected the LAN lines to all computers in its branches nationwide to contain the infiltration in fear that it could be hacked again. Nonghyup’s computer servers were sabotaged in April 2011, which took more than a week to recover, for which Seoul blamed Pyongyang.

Shinhan recovered its damaged network around 4 p.m., about two hours after it went down.

A sign reading “network down temporarily” is shown on a window at the clerk desk at a branch of Shinhan Bank yesterday. Shinhan’s computer networks were hacked yesterday along with three major broadcasters and two other financial institutions, paralyzing its banking transactions. [AP/NEWSIS]

Woori Bank, another major financial institution in the country, also experienced similar banking malfunctions but managed to protect itself with its internal defense system.

The Korea Communications Commission made a statement yesterday, saying “We are now analyzing the cause of the accident and who is behind the attack from the data we collected.”

The commission added that no government bodies were damaged.

As of 5:30 p.m. yesterday, the internal data systems of KBS and MBC were damaged while YTN experienced disruptions in broadcasting servers, the Korea Internet and Security Agency said.

The state-run body added that LG U-Plus, a mobile and internet service provider, had its groupware server damaged. Not all the parties involved used the same service provider, so it couldn’t have been only one service provider’s problem that led to the failure.

YTN, one of the attacked broadcasters, showed its computers in a newsroom being shut down during its news programming yesterday.

The sudden and massive outbreak prompted the Blue House and the National Intelligence Service to look into the case and to determine who is behind it. The military also upgraded its surveillance status following reports of the massive server meltdowns.

“The government is conducting a full-scale investigation into the case to find out the cause of the problem,” said Blue House spokeswoman Kim Haing during a press briefing. The spokeswoman also said President Park Geun-hye has called for swift recovery of the hacked servers and thorough investigation to find the cause of the problem to come up with preventive measures.

The Korea Communications Commission said it was not a denial-of-service (DDoS) attack that damaged the servers yesterday. It said the crash was carried out by spreading malignant, virus-embedded software, or malware. The government said it was trying to find out the source of the malware while the communications watchdog dispatched its workforce to the troubled broadcasters and financial institutions for on-site inspection.

North Korea, which has been ratcheting up tensions with South Korea and the United States over the two allies’ joint military exercises, was immediately thought to be behind the problem.

Yesterday’s widespread crash came less than a week after Pyongyang accused both Seoul and Washington of staging cyberattacks against its computer servers, reportedly disrupting services of the state mouthpiece Korean Central News Agency and the Rodong Sinmun newspaper.

“It is nobody’s secret that the U.S. and the South Korean puppet regime are massively bolstering their cyber forces in a bid to intensify the subversive activities and sabotage against the DPRK,” the KCNA said Friday. DPRK refers to the official name of the country, Democratic People’s Republic of Korea.

As the country’s major TV networks and the banking institutions were caught off guard, it was revealed that the North has carried out over 73,000 cyber attacks on the South over the past five years.

Nam Jae-joon, the nominee to lead the National Intelligence Service, said in his written answers submitted to the National Assembly that the impoverished state has conducted 73,030 cyberattacks against South Korea, including stealing confidential information from facilities storing chemical material and military’s operation plans in the event the two rivals resume the full-fledged war.

The belligerent regime has been accused by Seoul for a series of cyberattacks against the Web sites of the South Korean government, media and financial institutions over the past few years, charges the North has denied.

“This is a massive infiltration prepared over a long period of time,” said Lim Jong-in, dean of the department of cyber defense at Korea University. “One individual can’t single-handily carry out this attack. I [personally] suspect it’s done by the North. The North Korean hacking group can have access to computer network systems of domestic institutions at will once it decides to do so.”

By Kang Jin-kyu [jkkang2@joongang.co.kr]