South Korean police said Wednesday that North Korea was behind the massive cyber attacks that severely slowed and disrupted dozens of South Korean government and business websites last month.
The sites of about 30 key South Korean government agencies, including the presidential office Cheong Wa Dae, and financial institutions came under a so-called distributed denial-of-service attack on March 4, with about 100,000 “zombie” computers swamping sites by simultaneously seeking access to them.
“After closely probing a number of websites that carried malicious codes, zombie computers and overseas servers that ordered the attacks, the strikes are identical to those of July 7, 2009, in ways of organizing the attack and designing the malicious codes,” an official at the Cyber Terror Response Center of the National Police Agency said.
Two years ago, some 35 websites of South Korea and the U.S. were hit by a massive DDoS attack ordered by North Korea.
Police said that some servers used to issue orders for this year’s incident were also used during the 2009 attack.
“There are 4.2 billion Internet protocol addresses in the world. The fact that some of the command servers have the same IP addresses shows that both attacks were carried out by the same person,” said the official.
The investigators said that they will seek international cooperation in discovering more overseas servers that spread the attack orders.