South Korea says attackers used IP address in 5 nations
South Korea said Friday it had identified and blocked five IP addresses used to distribute computer viruses that caused a wave of Web site outages in the U.S. and South Korea.
Subscribe Today to the Monitor
South Korean and American officials have said they believe North Korea was behind the attacks, but none of the blocked Internet Protocol addresses — the Web equivalent of a street address or phone number — were for computers in North Korea.
The addresses point to the computers that distributed the virus that triggered so-called denial of service attacks in which floods of computers try to connect to a single site at the same time, overwhelming the server. They were in Austria, Georgia, Germany, South Korea and the U.S., an official from the state-run Korea Communications Commission said. He spoke on condition of anonymity because he is not authorized to speak to the media on the record.
The latest evidence does not clear North Korea of involvement. It is likely that the hackers used the identified IP addresses to disguise themselves — for instance, by accessing the computers from a remote location — though blocking them helps prevent those computers from being used again to distribute viruses or to carry out denial of service attacks.
U.S. officials have also said some IP addresses have been traced to the North. And South Korean officials have said the attacks could have been carried out by sympathizers who worked outside of North Korea. IP addresses can also be faked or masked, hiding their true location.
The official added that South Korea also blocked another 86 IP addresses in 16 countries that were used to spread different viruses that damaged hard disks or files in computers they contaminated.
Earlier in the day, ruling party lawmaker Chung Chin-sup told reporters that he was told by the country's main spy agency, the National Intelligence Service, that the 86 IP addresses in 16 countries were used to cause the Web outages. None of those addresses were in North Korea, according to another lawmaker briefed.
But the commission official later corrected that those addresses were not used in the denial of service attacks. The damage from the new viruses appears to be small, with only 96 cases being reported in South Korea so far, the commission said in a statement.
The official said the distribution of the virus was linked to the attacks that caused dozens of Web sites — including those of the White House, Pentagon, Nasdaq stock exchange and South Korea's presidential Blue House — to crash or be disrupted.
The original virus, which got affected computers to attack Web sites, later ordered those computers to get a new virus from the 86 IP addresses to damage their hard disks or files, the official said.