South Korea says attackers used IP address in 5 nations
South Korea said Friday it had identified and blocked five IP addresses used to distribute computer viruses that caused a wave of Web site outages in the U.S. and South Korea.
(Page 2 of 2)
On Friday, South Korea's spy agency briefed lawmakers on circumstantial and technical reasons for believing that North Korea could be behind the attacks, Chung said without elaborating.Skip to next paragraph
Subscribe Today to the Monitor
But it also cautioned it was too early to conclude that North Korea was responsible as the investigations were still under way, according to Park Young-sun, another member of the intelligence committee.
The Yonhap news agency, citing an unnamed participant in the briefing, said the spy agency told lawmakers that it suspects a technology research unit under the general staff of the North's military is behind the cyber assaults. The NIS declined to confirm the report.
South Korean media reported in May that North Korea was running a cyber warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service. The Chosun Ilbo newspaper reported Friday the North has between 500-1,000 hacking specialists.
U.S. authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to identify the attackers quickly.
Three U.S. officials said this week while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong Il's government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.
It follows a turbulent few months in which secretive North Korea has engaged in a series of threats and provocative actions widely condemned by the international community, including a nuclear test and missile launches.
North Korea has not responded to the allegations of its involvement in the Web site outages.
On Thursday, seven South Korean Web sites — one belonging to the government and the others to private entities — were attacked in the third round of cyber assaults, but most were back up and running quickly. Attacks were continuing on the seven sites Friday, but they were still accessible, according to the communications commission.
Park, the South Korean lawmaker, said Thursday that a senior intelligence official told her the NIS suspects the North because the country earlier warned it won't tolerate what it claimed were South Korean moves to participate in a U.S.-led cyber warfare exercise, according to a statement from the opposition Democratic Party.
Japan was also being extra vigilant against possible cyber attacks, although there was no sign it had been targeted, officials said.
Copyright © 2009 The Associated Press. All rights reserved.