July 8, 2009

N Korea Suspected To Be Behind Recent Government Web Attacks

A widespread cyber attack that shut down U.S. and South Korean official websites might have come from North Korea or its sympathizers, according to South Korean security agency probes on Wednesday, AFP reported.

A joint effort by the National Intelligence Service (NIS) and other security authorities conducted several investigations into the breach.

The NIS said in a statement that the recent infiltration was not a simple attack by individuals, but rather appeared to have been elaborately prepared and staged by a certain organization or state.

The NIS told members of parliament's intelligence committee that the communist North or its sympathizers might have instigated the cyber attack, which caused some sites to crash, according to Yonhap news agency.

One legislator was quoted as saying: "The NIS has been telling committee members that North Korea or a pro-North Korean force might be behind the cyber terror."

The hackers are responsible for hijacking 12,000 personal computers in South Korea and 8,000 abroad that were exploited as vehicles for the attacks.

Some 25 U.S. and South Korean sites were hit Tuesday evening and the domestic sites were shut down for nearly four hours, according to officials from the Korea Information Security Agency.

A spokesman told AFP that the sites hit yesterday involved 14 U.S. sites including government ones, however he would not confirm a Yonhap report that the White House website was among those hit.

The 11 Korean entities affected included the defense and foreign ministries, the ruling party, parliament and the US-South Korea combined forces military command.

The hackers orchestrated an attack known as a distributed denial of service (DDoS) by planting viruses in thousands of computers, according to the regulatory Korea Communications Commission. DDoS attacks involve the sending of huge amounts of data that cause web servers to seize up.

Commission official Hwang Chul-Jung told reporters that malicious codes that cause DDoS attacks have infected more than 18,000 personal computers.

Internet service providers were distributing a program to remove the virus as hackers continued to attack some sites on Wednesday.

An investigator with the police Cyber Terror Response Center said hackers used home computers for simultaneous distributed denial of service attacks, but the damage appeared limited.

The attackers apparently focused on its external network and internal data and secret information remained intact, the defense ministry confirmed.

In June, the Defense Security Command reported that the nation's military computer networks were, on average, receiving 95,000 cyber attack cases a day.

While most attacks were the same as those experienced by ordinary users, at least 11 percent were sophisticated attempts to gather intelligence, it said.

A recent U.S. survey showed that South Korea is one of the world's most wired countries, with 95 percent of homes having broadband access.