South Korea on high alert for more cyber attacks amid suspicions of North Korea involvement
By Hyung-jin Kim
July 9, 2009
SEOUL, South Korea — Seoul was on high alert Thursday for more cyber attacks amid suspicions that North Korea was behind a recent wave of Web site outages in South Korea and the United States. The South warned that computer networks of key infrastructure could be targeted.
The National Intelligence Service said in a statement it was strengthening cyber security measures for government computer networks, citing a possible new wave of attacks that could target national infrastructure operators like energy, telecommunications and media companies.
Earlier Thursday, the country’s leading computer security company also warned another wave of attacks was expected in South Korea later in the day. There was no word on whether U.S. sites would be hit again.
Seoul-based antivirus software developer AhnLab said it has analyzed a virus program that sent a flood of Internet traffic to paralyze Web sites in both South Korea and the United States. It said seven South Korean sites were likely to be targeted on Thursday.
Twelve South Korean sites were initially attacked Tuesday, followed by strikes Wednesday on 10 others, including government offices. The U.S. targets included the White House, Pentagon, Treasury Department and the Nasdaq stock exchange.
Some South Korean sites remained inaccessible or unstable on Thursday, including the National Cyber Security Center, affiliated with the main spy agency. No major disruptions, however, were reported.
The NIS informed members of parliament’s intelligence committee Wednesday that it believes North Korea or pro-Pyongyang forces were behind the cyber attacks, a lawmaker said.
On Thursday, Rep. Park Young-sun, a member of the committee, said a senior intelligence official told her the NIS suspects the North because the country warned it won’t tolerate what it claimed were South Korean moves to participate in a U.S.-led cyber warfare exercise, according to a statement from the opposition Democratic Party.
Park also told a party meeting that the NIS official cited the fact that most of the attacked sites were those of conservative organizations that have pushed the government to take a harder line on North Korea. Among the sites targeted were those of the presidential Blue House and the ruling Grand National Party.
Park said the NIS official told her the spy agency only gave the committee members the information in the form of a progress report, suggesting no conclusions had been made. Park didn’t identify the official.
The spy agency said it could not immediately confirm Park’s remarks.
The agency’s statement Thursday didn’t mention suspected North Korean involvement and only repeated it was closely cooperating with the U.S. and other countries to discover the origin of the attacks. On Wednesday it said the sophistication of the attacks suggested they were carried out at a higher level than rogue or individual hackers.
U.S. authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to identify the attackers quickly.
Three U.S. officials said while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong Il’s government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.
On Thursday, the Dong-a Ilbo newspaper reported that South Korea has detected signs that North Korea or its sympathizers in China or elsewhere committed the cyber attacks.
The paper, citing an unidentified government official, said the assessment was made after an investigation of infected computers’ IP addresses — the Internet equivalent of a street address or phone number.
South Korean media reported in May that North Korea was running a cyber warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.
The communist North has recently engaged in a series of threats and provocative actions widely condemned by the international community, including a nuclear test and missile launches.
The cyber outages were caused by so-called denial of service attacks in which floods of computers all try to connect to a single site at the same time, overwhelming the server that handles the traffic, the state-run Korea Information Security Agency said.
Ku Kyo-young from the state-run Korea Communications Commission said about 20,000 computers in South Korea had been infected by Wednesday evening and the number could have increased.
There were no immediate reports of financial damage or leaking of confidential national information, according to the Korea Information Security Agency. The attacks appeared aimed only at paralyzing Web sites.
No comments:
Post a Comment