Intelligence official says North Korea believed behind cyber attacks on SKorean, US Web sites

By Hyung-jin Kim, AP
Wednesday, July 8, 2009

Official: NKorea believed behind cyber attacks

SEOUL, South Korea — South Korean intelligence officials believe North Korea or pro-Pyongyang forces in South Korea committed cyber attacks that paralyzed major South Korean and U.S. Web sites, a lawmaker’s aide said Wednesday.

The sites of 11 South Korean organizations including the presidential Blue House and the Defense Ministry went down or had access problems since late Tuesday, according to the state-run Korea Information Security Agency. Agency spokeswoman Ahn Jeong-eun said 11 U.S. sites suffered similar problems.

On Wednesday, the National Intelligence Service told a group of South Korean lawmakers it believes that North Korea or North Korean sympathizers in the South “were behind” the attacks, according to an aide to one of the lawmakers briefed on the information.

The aide spoke on condition of anonymity citing the sensitivity of the information. He refused to allow the name of the lawmaker he works for to be published.

The National Intelligence Service — South Korea’s main spy agency — said it couldn’t immediately confirm the report.

Earlier Wednesday, the agency said in a statement that 12,000 computers in South Korea and 8,000 computers overseas had been infected and used for the cyber attack.

The agency said it believed the attack was “thoroughly” prepared and committed by hackers “at the level of a certain organization or state.” It said it was cooperating with the American investigative authorities to examine the case.

South Korea’s Yonhap news agency said military intelligence officers were looking at the possibility that the attack may have been committed by North Korean hackers and pro-North Korea forces in South Korea. South Korea’s Defense Ministry said it could not confirm the report.

South Korean media reported in May that North Korea was running a cyber warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.

An initial investigation in South Korea found that many personal computers were infected with a virus program ordering them to visit major official Web sites in South Korea and the U.S. at the same time, Korean information agency official Shin Hwa-su said. There has been no immediate reports of similar cyber attack in other Asian countries.

In the U.S., the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the U.S. Independence Day holiday weekend and into this week, according to American officials inside and outside the government.

Others familiar with the U.S. outage, which is called a denial of service attack, said that the fact that the government Web sites were still being affected three days after it began signaled an unusually lengthy and sophisticated attack. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.

Yonhap said that prosecutors have found some of the cyber attacks on the South Korean sites were accessed from overseas. Yonhap, citing an unnamed prosecution official, said the cyber attack used a method common to Chinese hackers.

Prosecutors were not immediately available for comment.

Shin, the Information Security Agency official, said the initial probe had not yet uncovered evidence about where the cyber outages originated. Police also said they had not discovered where the outages originated. Police officer Jeong Seok-hwa said that could take several days.

Some of the South Korean sites remained unstable or inaccessible on Wednesday. The site of the presidential Blue House could be accessed, but those for the Defense Ministry, the ruling Grand National Party and the National Assembly could not.

Ahn said there were no immediate reports of financial damage or leaking of confidential national information. The alleged attacks appeared aimed only at paralyzing Web sites, she said.

South Korea’s Defense Ministry and Blue House said Wednesday that there has been no leak of any documents.

The paralysis took place because of denial of service attacks, in which floods of computers all try to connect to a single site at the same time, overwhelming the server that handles the traffic, the South Korean agency said in a statement.

The agency is investigating the case with police and prosecutors, said spokeswoman Ahn.

Associated Press writers Wanjin Park in Seoul and Lolita C. Baldor in Washington contributed to this report.

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :