The websites and computer networks of South Korea’s major broadcasters and banks were paralyzed Wednesday afternoon in an apparent concerted cyber attack.
The simultaneous shutdown at 2 p.m. of KBS, MBC, YTN, Nonghyup and Shinhan Bank systems came after North Korea threatened cyber attacks. Jeju Bank and two insurance subsidiaries of Nonghyup were also affected.
The latest mass cyber attack is thought to have used malicious code that changes the URL, or internet address, of the affected organizations.
Experts ruled out the possibility of distributed denial of service, which blocks access to target websites by overloading them using computers infected with malware.
The presidential office launched a joint response team and the government and military upped watch levels. Authorities investigating the case did not rule out the possibility of North Korean cyber attack,
“Kim Jang-soo, the National Security Office chief-designate reported to President Park Geun-hye at 2:50 p.m., and the president ordered for the networks to be restored quickly and to establish a response measure after analyzing the cause,” Cheong Wa Dae spokesperson Kim Haing said in a briefing.
“A military-government-civilian joint response team has established the cyber emergency headquarters and is responding to developments in real time.”
The Ministry of National Defense upgraded the military’s information operations condition or INFOCON to level 3. The military has been operating on INFOCON level 4 in response to the series of threats Pyongyang has issued in recent weeks. The normal INFOCON level for South Korea is 5.
The Korea Internet and Security Agency immediately launched an investigation to find the cause.
“The response center is working to find the cause of the computer networks of broadcasters going down,” a KISA official said. The authorities did not immediately rule out North Korean involvement.
According to reports, all the affected organizations use services provided by LG Group’s telecom operator LG Uplus. The affected organizations, however, also use networks operated by KT Corp. and SK Broadband.
“The cause is unknown, but the networks are operating properly. It was caused by hacking,” a LG Uplus official said.
The Korea Communications Commission was working to isolate the cause of the problems, and the police dispatched 20 investigators to the affected organizations.
Shinhan Bank reported that its network was restored at about 3:50 p.m.
The police agency was looking into the development, suspecting cyber terrorism.
Cheong Wa Dae said its National Security Office was looking into the case and was keeping all options open. It said it was not yet known whether the paralysis was caused by North Korea.
The crash came amid intensified tension between the two Koreas and just days after North Korea claimed cyber attacks had been carried out against its Internet servers.
North Korea has been behind a number of cyber attacks on South Korean organizations, including government websites and media outlets such as the JoongAng Ilbo last year.
At the time, the police pinpointed Pyongyang as the perpetrator after analyzing access records of the hacked system, malicious codes, the IP addresses of two local servers and 17 servers spread in 10 different countries.
Pyongyang also attacked the computer system of Nonghyup, one of the country’s major banks, in 2011; major government and business websites in 2009 and 2011; and email accounts of Korea University in 2011.
According to South Korean experts, Pyongyang’s electronic warfare capabilities are second only to Russia and the United States.
Lee Dong-hoon of the Korea University Graduate School of Information Security also said that Pyongyang’s electronic warfare unit was behind the jamming of GPS signals in South Korea. From April 28 until May 13 2012, GPS signals were jammed here causing difficulties in air and marine traffic controls.
With North Korea continuing to pose an increasingly serious security threat with its advanced electronic warfare skills, South Korea has been striving to bolster its cyber combat capabilities,
Last year, Seoul’s Defense Ministry said that it would elevate the rank of its cyber commander to a major general from brigadier general and increase the number of staff.
Pyongyang, for its part, has accused Seoul and the U.S. of carrying out a “persistent and intensive” cyber attack against its official websites in recent days.
A number of official North Korean websites, including those of the Korean Central News Agency, the daily Rodong Sinmun newspaper, and Air Koryo airline became inaccessible last week.
By Choi He-suk (firstname.lastname@example.org)