South Korea cyberattack: whodunit?

Computer networks at major South Korean banks and top TV broadcasters crashed en masse Wednesday, paralyzing bank machines across the country. Immediate suspicion fell on North Korea.

|
Lee Jae-Won/Reuters
The screen of an automated teller machine of Shinhan Bank shows a 'out of service' sign after a hacking attack, in central Seoul Wednesday. South Korean police were investigating a hacking attack on an Internet provider that brought down the servers at major South Korean banks and top TV broadcasters.

• A daily summary of global reports on security issues.

South Korean officials are investigating what they say is a widespread cyberattack, responsible for shutting down the computer systems of at least three major news broadcasters and two banks. The Army has raised alert levels out of concern that the attacks are linked to the country’s increasingly hostile neighbor to the north.

"We do not rule out the possibility of North Korea being involved, but it's premature to say so," said a Defense Ministry spokesman.

Just hours before the network disruptions, the South Korean intelligence agency accused North Korea of “carrying out intensive cyber propaganda attacks against the South, designed to damage government policies and encourage social discord,” reports The Telegraph.

Affected networks were “partially or entirely crippled,” according to the Korean Internet Security Agency (KISA), a state watchdog. The BBC reports that KISA has also reported accounts of hacked computers showing skulls on the screens “which could indicate that hackers had installed malicious code in the networks.”

Police said that at least some of the computers affected had files deleted, reports Reuters.

South Korean President Park Geun Hye has put together a cyber security team to look into whether North Korea is the culprit behind today’s attacks. The network disruption coincided with meetings in Seoul today between US and South Korean officials on how to best enforce United Nations-imposed sanctions on the North.

Tensions have been on the rise on the Korean Peninsula since the UN slapped Pyongyang with a fresh round of sanctions in February after its latest nuclear test.

In addition, the North has closely watched and warned against the joint military exercises taking place between the US and South Korea in the region. Last week, North Korea repeated a threat to no longer honor the 1953 armistice that effectively ended the fighting of the Korean War, and cut off a military hotline that connects the neighboring countries, reports The Christian Science Monitor.

“Partly for propaganda purposes and partly out of a kind of paranoia that makes them fear for their security, North Korea regards the exercises as a threat, even though they are defensive in nature,” Yonsei University Professor Moon Chung-in told the Monitor.

Reuters reports that just last week North Korea complained of being a victim of cyberattacks as well, pinning the blame on the US and its allies for attempted “sabotage.” To put that into perspective, less than 1 percent of North Korea's population has access to the Internet. Reports Agence France-Presse: "Access to the full-blown Internet is for the super-elite only, meaning a few hundred people or maybe 1,000 at most, analysts estimate."

Pyongyang has threatened to attack the US and posted a statement on its official state news agency saying “the hostile forces will never escape [North Korea’s] strong military counter-action” if the US continues to fly sorties over the peninsula.

According to Reuters banks have restored all operations today, however:

… TV stations could not say when they would be able to get their systems back up. Some workers at the stations could not boot their computer.

Broadcasts were not affected.

South Korea's military said it was not affected by the attack but raised its state of readiness in response. None of the country's oil refineries, power stations, ports or airports was affected.

“It’s hard to find who did it immediately but North Korea is the usual suspect,” Park Choon Sik, a Seoul Women’s University professor of cyber security who used to work for a government agency specializing in cyber security, told Bloomberg.

“Cyber attacks are much easier weapons for North Korea as they cost far less than missiles or nuclear tests, but they can send more people into a real panic,” Professor Park said.

In April 2011 South Korea blamed the North for similar computer stalls at Nonghyup Bank, disrupting ATM and online banking services for millions of clients for three days, reports Bloomberg. Reuters reports that the biggest cyberattack in the south was nicknamed “10 days of rain” by McAfee, the anti-malware firm.

North Korea has long been believed to have “hacker schools." An article on North Korean hacking was published by Al Jazeera English in 2011 with accounts from two defectors who reportedly attended the North’s “hacking schools.”

"There is a pyramid-like prodigy recruiting system, where smart kids from all over the country – students who are good at math, coding, and possess top analytical skills – are picked up,” one of the defectors told AJE.

Park told Bloomberg that South Korea is particularly “vulnerable to cyber terrorism” due to the high volume of businesses and transactions that take place online there.

“Broadcasters and banks were hit today, which itself is really a big concern, and the next target can be infrastructure, such as power, communication and transportation facilities,” Park said.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to South Korea cyberattack: whodunit?
Read this article in
https://www.csmonitor.com/World/Security-Watch/terrorism-security/2013/0320/South-Korea-cyberattack-whodunit
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe