China IP address link to South Korea cyber-attack

  • Published
Employees of Korea Internet Security Center work after computer networks at two major South Korean banks and three top TV broadcasters went into shutdown mode en masse, at a monitoring room in Seoul, South Korea, Wednesday, March 20, 2013.
Image caption,
Around 32,000 computers at six organisations were affected by Wednesday's attack

A cyber-attack on South Korean banks and broadcasters came from an internet address in China, South Korean officials say, but the identity of those behind it cannot be confirmed.

The telecoms regulator said hackers used a Chinese address to plant a malicious code that hit networks at six organisations on Wednesday.

Officials said they were continuing to investigate the origins of the attack.

North Korea has been blamed for previous attacks in 2009 and 2011.

"Unidentified hackers used a Chinese IP address to contact servers of the six affected organisations and plant the malware which attacked their computers," said Park Jae-moon of South Korea's communications regulator.

"At this stage, we're still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open," he said.

Computer vaccines

Officials stressed that the IP address did not reveal who was behind the attack, as hackers can route their attacks through addresses in other countries to obscure their identities.

The discovery has strengthened speculation that North Korea was behind the attack, the BBC's Lucy Williamson reports from Seoul.

An unidentified high-ranking official from South Korea's presidential office, quoted by Yonhap news agency, said the government had "all possibilities open, while bearing a strong suspicion that North Korea conducted the attack."

Intelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks.

A taskforce is being formed to analyse the virus and stop further attacks, and free computer vaccines have been handed out to South Korean companies, our correspondent adds.

Korea's Communications Commission (KCC) said that the attacks on all six organisations appeared to come from a single entity.

The networks had been attacked by malicious codes, rather than distributed denial-of-service (DDoS) attacks as initially suspected.

"We have said many times that hacker attacks are a global problem, which are anonymous and cross-border. Hackers often use the IP addresses of other countries to carry out their attacks," Chinese Foreign Ministry spokesman, Hong Lei, said.

'Persistent hacking'

Following Wednesday's attack, the KCC raised its cyber-attack alert levels to "caution," the third highest out of five levels.

The banks and broadcasters were reportedly able to restore their main networks by Thursday morning.

Around 32,000 computers were affected by the incident, and some services at Shinhan bank, including internet banking and ATM machines, were disrupted.

So far no damage had been detected in public institutions and infrastructure, the KCC was quoted as saying by Yonhap.

The incident comes with tensions between the two Koreas high.

North Korea has stepped up rhetoric in recent days in response to fresh UN sanctions over its nuclear test in February and joint annual military drills between the US and South Korea, which it bitterly opposes.

On Thursday, Pyongyang threatened to attack American naval bases in Japan and an air base in Guam.

On 15 March, North Korea's KCNA news agency accused the US and its allies of "intensive and persistent" hacking attacks on its internet servers.

Meanwhile, the United Nations has for the first time set up a commission of inquiry into human rights abuses in North Korea, which it says may amount to crimes against humanity.

The UN Human Rights Council in Geneva unanimously adopted a resolution that was proposed by the European Union and Japan and backed by the US.