Skip to: Content
Skip to: Site Navigation
Skip to: Search


South Korea again hit by cyber-attacks, as search for hackers intensifies

By Matthew Shaer / July 9, 2009

An employee of AhnLab Inc. watches a screen at the Security Operation Center in Seoul, South Korea on Thursday. South Korea was on a high alert Thursday after a massive cyber attack on key sites in the South and the United States fueled suspicions of North Korean involvement.

Ahn Youn-joon/AP


Even as a fresh wave of cyber-attacks today hit South Korean networks, computer analysts around the globe were predicting that the worst of the storm is over. According to media reports from Seoul, several institutions in South Korea were targeted Thursday, including Kookmin Bank, one of the country's largest corporations.

Skip to next paragraph

Recent posts

But officials in South Korea suggested that security programs had effectively blunted the assault, and told reporters that most sites were up and running at normal levels. In the US, where several government websites had come under fire from hackers, security teams have successfully repelled the threat, a White House spokesman said.

“The preventative measures in place to deal with frequent attempts to disrupt’s service performed as planned," Nick Shapiro said yesterday, "keeping the site stable and available to the general public, although visitors from regions in Asia may have been affected.”

Meanwhile, security analysts set to work unpacking the exact nature of the campaign, which appeared to have been launched by a relatively unsophisticated team of hackers. The majority of the problems that plagued South Korean and US websites were caused by denial-of-service attacks, a tactic that floods a network with so many requests, that the network effectively shuts down.

"Experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since," Kim Zetter wrote yesterday on Wired's website. "The Mytob virus might have been used, as well."

The rudimentary nature of the cyber-attack has led many analysts to conclude the campaign may have been a glorified publicity stunt, created to grab headlines around the globe.

According to Joe Stewart, director of malware research at SecureWorks, “Usually you see a [denial-of-service] attack against one or two sites and it will be for one of two reasons — they have some beef with those sites or they’re trying to extort money from those sites," Stewart told Zetter. "To just attack a wide array of government sites like this, especially high-profile, just suggests that maybe the entire point is just to get attention."

Assigning blame

The White House has declined to speculate as to the identify of the attackers, and South Korea says it is cooperating with the US investigation. But today, many in the US continued to point the blame at North Korea or pro-Pyongyang forces. Some Republicans took the attacks as an opportunity to berate the Obama administration.

Read Comments

View reader comments | Comment on this story