Insight and foresight from the global frontlines

South Korea cyberattack: whodunit?

Computer networks at major South Korean banks and top TV broadcasters crashed en masse Wednesday, paralyzing bank machines across the country. Immediate suspicion fell on North Korea.

Lee Jae-Won/Reuters
The screen of an automated teller machine of Shinhan Bank shows a 'out of service' sign after a hacking attack, in central Seoul Wednesday. South Korean police were investigating a hacking attack on an Internet provider that brought down the servers at major South Korean banks and top TV broadcasters.

• A daily summary of global reports on security issues.

South Korean officials are investigating what they say is a widespread cyberattack, responsible for shutting down the computer systems of at least three major news broadcasters and two banks. The Army has raised alert levels out of concern that the attacks are linked to the country’s increasingly hostile neighbor to the north.

"We do not rule out the possibility of North Korea being involved, but it's premature to say so," said a Defense Ministry spokesman.

Just hours before the network disruptions, the South Korean intelligence agency accused North Korea of “carrying out intensive cyber propaganda attacks against the South, designed to damage government policies and encourage social discord,” reports The Telegraph.

Affected networks were “partially or entirely crippled,” according to the Korean Internet Security Agency (KISA), a state watchdog. The BBC reports that KISA has also reported accounts of hacked computers showing skulls on the screens “which could indicate that hackers had installed malicious code in the networks.”

Police said that at least some of the computers affected had files deleted, reports Reuters.

South Korean President Park Geun Hye has put together a cyber security team to look into whether North Korea is the culprit behind today’s attacks. The network disruption coincided with meetings in Seoul today between US and South Korean officials on how to best enforce United Nations-imposed sanctions on the North.

Tensions have been on the rise on the Korean Peninsula since the UN slapped Pyongyang with a fresh round of sanctions in February after its latest nuclear test.

In addition, the North has closely watched and warned against the joint military exercises taking place between the US and South Korea in the region. Last week, North Korea repeated a threat to no longer honor the 1953 armistice that effectively ended the fighting of the Korean War, and cut off a military hotline that connects the neighboring countries, reports The Christian Science Monitor.

“Partly for propaganda purposes and partly out of a kind of paranoia that makes them fear for their security, North Korea regards the exercises as a threat, even though they are defensive in nature,” Yonsei University Professor Moon Chung-in told the Monitor.

Reuters reports that just last week North Korea complained of being a victim of cyberattacks as well, pinning the blame on the US and its allies for attempted “sabotage.” To put that into perspective, less than 1 percent of North Korea's population has access to the Internet. Reports Agence France-Presse: "Access to the full-blown Internet is for the super-elite only, meaning a few hundred people or maybe 1,000 at most, analysts estimate."

Pyongyang has threatened to attack the US and posted a statement on its official state news agency saying “the hostile forces will never escape [North Korea’s] strong military counter-action” if the US continues to fly sorties over the peninsula.

According to Reuters banks have restored all operations today, however:

… TV stations could not say when they would be able to get their systems back up. Some workers at the stations could not boot their computer.

Broadcasts were not affected.

South Korea's military said it was not affected by the attack but raised its state of readiness in response. None of the country's oil refineries, power stations, ports or airports was affected.

“It’s hard to find who did it immediately but North Korea is the usual suspect,” Park Choon Sik, a Seoul Women’s University professor of cyber security who used to work for a government agency specializing in cyber security, told Bloomberg.

“Cyber attacks are much easier weapons for North Korea as they cost far less than missiles or nuclear tests, but they can send more people into a real panic,” Professor Park said.

In April 2011 South Korea blamed the North for similar computer stalls at Nonghyup Bank, disrupting ATM and online banking services for millions of clients for three days, reports Bloomberg. Reuters reports that the biggest cyberattack in the south was nicknamed “10 days of rain” by McAfee, the anti-malware firm.

North Korea has long been believed to have “hacker schools." An article on North Korean hacking was published by Al Jazeera English in 2011 with accounts from two defectors who reportedly attended the North’s “hacking schools.”

"There is a pyramid-like prodigy recruiting system, where smart kids from all over the country – students who are good at math, coding, and possess top analytical skills – are picked up,” one of the defectors told AJE.

Park told Bloomberg that South Korea is particularly “vulnerable to cyber terrorism” due to the high volume of businesses and transactions that take place online there.

“Broadcasters and banks were hit today, which itself is really a big concern, and the next target can be infrastructure, such as power, communication and transportation facilities,” Park said.

of 5 stories this month > Get unlimited stories
You've read 5 of 5 free stories

Only $1 for your first month.

Get unlimited Monitor journalism.