Open

Coming up

Don't miss

Replay


LATEST SHOWS

REPORTERS

Exclusive: an unlikely victim of the 'War on Terror'

Read more

#THE 51%

Sweden: A Feminist's Paradise?

Read more

FRANCE IN FOCUS

Politics: parties under pressure

Read more

FOCUS

In Burma, the rise of radical Buddhism

Read more

ENCORE!

Haute Couture: the hand-stitched clothing made in Paris that sells for the price of small yachts

Read more

IN THE PAPERS

'Caution, another Cast Lead lies ahead'

Read more

BUSINESS DAILY

Rising into the ranks of Haute Couture

Read more

DEBATE

Gaza: How to Stop the Spiral? Israel Readies For Ground Offensive

Read more

DEBATE

Gaza: How to Stop the Spiral? Israel Readies For Ground Offensive (part 2)

Read more

  • Exclusive: an unlikely victim of the 'War on Terror'

    Read more

  • The third-place playoff: the World Cup game no one wants to play

    Read more

  • Suspect in Brussels Jewish Museum shooting drops extradition appeal

    Read more

  • Kurdish forces take over two oilfields in northern Iraq

    Read more

  • Are French high school students getting smarter?

    Read more

  • Italy’s Trentin wins seventh stage of Tour de France

    Read more

  • Disgraced Suarez leaves Liverpool for Barcelona

    Read more

  • In pictures: Chanel, Dior and so much more at the Paris couture shows

    Read more

  • French ‘Civic Service’ eyes massive expansion amid huge demand

    Read more

  • Amazon snubs French free delivery ban with one-cent charge

    Read more

  • In Pictures: Petrol station hit by Hamas rockets

    Read more

  • Manhunt as FIFA partner flees Rio hotel to avoid arrest

    Read more

  • Video: Living in Tel Aviv, under threat of rocket attack

    Read more

  • Video: Palestinians fear full Israeli military offensive in Gaza

    Read more

  • Ukrainian forces close in on Donetsk

    Read more

Asia-pacific

S. Korean cyber attack traced to Chinese IP address

©

Text by News Wires

Latest update : 2013-03-21

A cyber attack that shut down thousands of computers at South Korean banks and media outlets this week has been traced to a Chinese IP address, authorities said Thursday, although those responsible could have been operating anywhere in the world.

Investigators have traced a coordinated cyberattack that paralyzed tens of thousands of computers at six South Korean banks and media companies to a Chinese Internet Protocol address, authorities in Seoul said Thursday.

IP addresses, which are unique to each computer connected to the Internet, can easily be manipulated by hackers operating anywhere in the world, and the investigation into who was actually behind Wednesday’s attack and whether they were in China could take weeks. Suspicion for the simultaneous shutdown is still focused on North Korea, which has threatened Seoul and Washington in recent days over U.N. sanctions imposed for its Feb. 12 nuclear test and is accused of waging similar cyberattacks over the past four years.

The cyberattack did not affect the government or military, and there were no immediate reports that customers’ bank records were compromised. But it disabled scores of cash machines across the country, disrupting commerce in this tech-savvy, Internet-dependent country, and renewed questions about South Korea’s Internet security and vulnerability to hackers.

If the attack was in fact carried out by North Korea, the purpose would seem to be to send a tacit message -- and a warning -- to South Korea that Pyongyang is capable of breaching its computer networks.

On Thursday, only one of the six targets, Shinhan Bank, was back online and operating regularly.

South Korean investigators say there is no proof yet that North Korea was behind the attack. However, the outage took place as Pyongyang warned Seoul against holding joint military drills with the U.S. that it considers rehearsals for an invasion.

North Korea also has threatened retaliation for sanctions imposed for the nuclear test, as well as its launch of long-range rocket in December. Pyongyang blames Seoul and Washington for leading the push to punish the North.

The Korean Peninsula has remained in a technical state of war, divided by a heavily militarized border, since the foes signed a truce in 1953. Over the past decade, the two Koreas have engaged in deadly naval skirmishes in waters that both countries claim. And increasingly, their warfare has extended into cyberspace.

Seoul’s National Intelligence Services believes Pyongyang was behind six cyberattacks between 2009 and 2012.

Pyongyang, meanwhile, blamed Seoul and Washington for an Internet shutdown that disrupted its network last week.

“If it plays out that this was a state-sponsored attack, that’s pretty bald-faced and definitely an escalation in the tensions between the two countries,” said James Barnett, former chief of public safety and homeland security for the U.S. Federal Communications Commission.

An ominous question is which other businesses, in South Korea or elsewhere, may also be in the sights of the attacker, said Barnett, who heads the cybersecurity practice at Washington law firm Venable.

“This needs to be a wake-up call,” he said. “This can happen anywhere.”

Wednesday’s attack in South Korea, which disabled some 32,000 computers at broadcasters YTN, MBC and KBS, as well as three banks, appeared to come from “a single organization,” regulators said. The initial findings were based on results from an investigation into one target, Nonghyup Bank, and the investigation is continuing into the shutdown at the five other firms.

A malicious code that spread through the Nonghyup server was traced to an IP address in China, said Cho Kyeong-sik, a spokesman for the state-run Korea Communications Commission.

The attack may also have extended to the United States. The website of the U.S.-based Committee for Human Rights in North Korea also was hacked, with reports on satellite imagery of North Korean prison camps and policy recommendations to the U.S. government deleted from the site, according to executive director Greg Scarlatoiu.

However, experts say signs do not point to Chinese hackers since Chinese hacking, either from Beijing’s cyber-warfare command or freelance hackers, tends to be aimed at collecting intelligence and intellectual property -- not simply at disrupting commerce.

China also is home to a sizable North Korean community, both North Koreans working in the neighboring nation and Chinese citizens of ethnic ancestry who consider North Korea their motherland.

In 2011, computer security software maker McAfee Inc. said North Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites that year. The analysis also said North Korea appeared to be linked to a massive computer-based attack in 2009 that brought down U.S. government Internet sites. Pyongyang denied involvement.

Previous hacking attacks on commercial ventures have compromised the personal data of millions of customers. Past malware attacks also disabled access to government websites and destroyed files on personal computers.

Last year, North Korea threatened to attack several South Korean news outlets, including KBC and MBC, for reports critical of Pyongyang’s activities.

In recent days, North Korea’s Committee for the Peaceful Reunification of Korea -- a government agency that often targets South Koreans in its push to draw attention to reunification -- warned Seoul’s “reptile media” that the North was prepared to conduct a “sophisticated strike” if its negative coverage continued.

“North Korea has almost certainly done similar attacks before,” said Timothy Junio, a cybersecurity fellow at Stanford University’s Center for International Security and Cooperation. “Part of why this wasn’t more consequential is probably because South Korea took the first major incident seriously and deployed a bunch of organizational and technical innovations to reduce response time during future North Korea attacks.”

South Korea also created a National Cybersecurity Center and Cyber Command modeled after the U.S. Cyber Command. Junio said South Korea’s anti-virus firms also play a large role in stopping hacking attacks.

Immediately after Wednesday’s attack, South Korean regulators distributed anti-virus software to government offices, banks, hospitals and other institutions. It could be days before the targeted companies are back online, and weeks before the investigation is complete.

“Hackers attack media companies usually because of a political desire to cause confusion in society,” said Lim Jong-in, dean of Korea University’s Graduate School of Information Security. “Political attacks on South Korea come from North Koreans.”

(AP)

 

Date created : 2013-03-21

  • NORTH KOREA

    US imposes new sanctions as N. Korea threatens war

    Read more

  • North Korea

    S Korea-US joint drills escalate tensions with North

    Read more

Comments

COMMENT(S)