South Korea’s prosecution is looking into whether North Korea was involved in the weeks-long paralysis of the South Korean farm cooperative’s banking system after finding some suspicious Internet protocol addresses originating from China, officials said Tuesday.
Traces of break-ins into Nonghyup’s servers were discovered in a laptop owned by an employee of IBM Korea, the cooperative’s computer network maintenance subcontractor, which is believed to be the main source of the April 12 attack.
The pre-set “delete” commands installed on the laptop were carried out simultaneously to destroy the lender’s computer system, crippling its online services for several days, according to investigators.
They said some of the IP addresses were connected from China.
“It’s too early to conclude that North Korea is behind the incident, but we are open to every possibility,” said an official at the Seoul Central District Prosecutors’ Office, citing a series of recent cyber attacks staged by Pyongyang.
Key South Korean and U.S. Web sites, including Seoul’s presidential Cheong Wa Dae, came under the so-called “distributed denial-of-service (DDos)” attacks for days in 2009. North Korea’s telecommunications ministry was later found to have orchestrated the attacks.
Prosecutors noted the fact that the laptop, which was supposed to be used only inside the computer room of Nonghyup, accessed the Internet from outside of it. Nonghyup’s online financial transactions were suspended for several days.
The case set off concerns over local financial services firms’ cyber security and protection of personal information, which was bolstered by a separate hacking incident into Hyundai Capital Services Inc., the country’s leading consumer financial firm.
Customers were unable to use Nonghyup’s automated teller machine or online or phone banking services during the first few days. As of Tuesday, most of the banking services returned to normal, but some credit card services remained crippled, according to Nonghyup.