Despite prosecutors’ announcement pinpointing North Korea as the culprit for the April 12 cyber attack, security experts say that it is difficult to identify its instigator given the complicated nature of the hacking process.
On Tuesday, investigators at the Seoul Central District Prosecutors’ Office said the Reconnaissance General Bureau, the North’s premier intelligence body, orchestrated the “unprecedented cyber terror” that paralyzed the banking system of the National Agricultural Cooperative Federation, or Nonghyup, for several weeks.
They said that the conclusion came as the methods used in the previous two cyber attacks on a number of key South Korean government and business websites in July 2009 and in March last year were similar to the ones used in last month’s attack.
They also stressed that one of the Internet Protocol addresses used in the attack on the cooperative was identical to that used in last year’s attack.
Experts, however, said that evidence of North Korea’s involvement in the worst-ever cyber attack was too “weak” and only based on “circumstantial assumptions” and that the case could remain unaddressed forever given that identifying the hackers is extremely difficult.
First of all, experts pointed out that hackers usually change IP addresses frequently or use someone else’s address to disguise their identity. Thus, an IP address cannot serve as credible evidence to identify the culprit.
“It appears that prosecutors believe the owner of an empty house with a certain address is the thief who broke into the house while the owner is away,” said a security expert in a media interview on condition of anonymity.
Prosecutors also presented a Media Access Control address which was found on a laptop computer used by the North to launch the attack as evidence. But experts say that the address cannot be reliable as it kept changing on the Internet.
The hacking methods similar to the previous North Korean attacks cannot be clear evidence, either, to hold the North responsible, experts added. They said hackers tend to copy effective methods used by others.
During the announcement, investigative authorities stressed that they could not reveal all pieces of “critical” evidence to the public, citing security concerns. However, their concerns fail to ease doubts over whether the weeks-long result of the prosecutorial investigation is credible.
The North has long focused on cyber warfare. It is known to have established many college-level institutions to produce hackers and stationed cyber warfare personnel in China. The North has used cyber attacks to spy on South Korean government bodies or glean crucial intelligence.
By Song Sang-ho (email@example.com