Cheong Wa Dae, USFK sites hit but no damage reported


Websites of about 40 key South Korean institutions, including the presidential office and the Ministry of Foreign Affairs and Trade, came under cyber attack on Friday.

Although there was no serious damage caused by the attack, the websites were hit bydistributed denial-of-service attacks around 10 a.m.

The attacked websites included a number of governmental organizations and major firms. Among they were the Defense Ministry, Unification Ministry, the National Assembly, the U.S. Forces in Korea, the Korea Communications Commission and the military headquarters. The two biggest Internet portals ― Naver and Daum ― as well as major commercial banks such as Kookmin, Woori and Shinhan were on the list.

“There was a DDoS attack, but no damage was reported,” said a presidential aide at Cheong Wa Dae.

The DDoS attack was similar to the cyber attack that targeted 17 local websites during July 7-9, 2009. It launched malicious codes that cause personal computersto bombard sites without users’ consent.

The attack targets specific systems by overloading them. It is also capable of banning access to servers and harming the hard drives of PCs.

Soon after the attack, the Korea Communications Commission, the state telecommunications policymaker, issued a second-level alert following the cyber attack. There are four different alert levels which can be issued.

This indicates that the government will closely monitor the increase of online traffic and keep a close watch on the appearance of malicious codes which could be used for DDoS cyber attacks. The KCC will also partner with related agencies, including the online information security and vaccine firms, in case of an emergency.

“The number of zombie PCs, which are infected by malware and taking part in the attack, currently totals up to 11,000, much smaller than the 115,000 counted during the 2009 cyber attack,” said a KCC official. “However, we’re aware and making preparation measures since the number is likely to increase.”

AhnLab, the country’s top information security firm, said that additional attacks were expected.

The firm also said that the attackers hacked two local peer-to-peer file sharing websites a day before on late Thursday and planted malware in the files.

“For the PC to not be infected by the malicious code, one must have the latest security patch for the computer operating system and must update the vaccine program, along with checking the system in real time,” said Kim Hong-sun, chief executive of AhnLab.

“The attached links sent through the e-mails and online messengers should not be clicked on and files should be screened when downloading them from peer-to-peer sites.”

Earlier on July 7, 2009, local and U.S. websites were flooded with signals from infected computers causing service disruptions. Up to 270,000 computers were used to attack the local and U.S.-based websites.

The incident was traced to a Chinese internet protocol address used by the North Korean Ministry of Post and Telecommunications.

The government then moved to set up a cyber security center for financial and economic institutions, claiming it would include functions to counter the DDoS attacks.

By Cho Ji-hyun (sharon@heraldcorp.com)