South Korea network attack 'a computer virus'

Blank computer screens at YTN broadcaster, Seoul. 20 March 2013 Staff at broadcaster YTN were faced with error messages on computer screens

Related Stories

Disruption that paralysed the computer networks of broadcasters and banks in South Korea appears to have been caused by a virus, an official close to the investigation has told the BBC.

The official said it was believed a "malicious" code was to blame for the system failure.

He said investigators were trying to identify and analyse the virus.

Last week, North Korea accused the US and its allies of attacks on its internet servers.

In the latest incident, two South Korean banks, Shinhan Bank and Nonghyup, and three TV stations KBS, MBS and YTN, all reported that their networks had suddenly shut down on Wednesday afternoon.

The BBC's Lucy Williamson in Seoul says that, for one of the world's most networked populations, South Korea has had more than its share of cyber attacks.

Analysis

North Korea is the obvious suspect but proving that Pyongyang was behind these latest attacks on computer systems at South Korean banks and broadcasters, if it was, is expected to take weeks or even months of painstaking research.

Security experts say an early line of inquiry will be attempting to identify the server or severs used to mount the attacks. North Korea has been accused of several previous rounds of hacker attacks on its neighbour to the South.

But there is plenty of free software easily available on the internet that would-be hackers can download and use without advanced skills.

That kind of software won't penetrate highly secure systems. But the latest targets in South Korea - certainly the broadcasters - probably weren't well defended.

It is seen as likely the hackers deliberately picked relatively easy targets that gained them a lot of publicity but caused little long-term damage.

North Korea has been blamed for several breaches over the past few years, she says.

Initially, South Korea's Communications Commission suspected a cyber-attack. However, the BBC was later told that experts had concluded it was not a denial-of-service attack, of the kind South Korea has experienced in the past.

'Skulls' on screens

Staff at the three broadcasters said their computers crashed and could not be restarted, with screens simply displaying an error message, although they have continued to make television broadcasts, our correspondent said.

There were also reports of skulls popping up on some computer screens, which could indicate that hackers had installed malicious code in the networks, the Korean Internet Security Agency said.

Some services at Shinhan bank, including internet banking and ATM machines, were also affected, although operations now appear to have been restored.

In the immediate aftermath of the incident, South Korean internet service provider LG Uplus said it believed its network had been hacked, Reuters news agency reported.

An official from the presidential office told Yonhap news agency it was not yet known whether North Korea was involved.

"We do not rule out the possibility of North Korea being involved, but it's premature to say so," Defence Ministry spokesman Kim Min-seok said.

Hackers can cover their tracks by launching their attacks indirectly by hijacking other people's computer systems, says the BBC's technology correspondent Mark Gregory.

Tracing an attack to its original source can be complex in the extreme, he adds.

Depositors try to use automated teller machines of Shinhan Bank while the bank's computer networks are paralyzed at a subway station in Seoul, South Korea, Wednesday, March 20, 2013. Services at two banks were hit by the incident, which began at around 14:00 local time

However, in some highly sophisticated attacks, hackers' precise methods have provided clues to their identity.

Slight variations in method have acted as a kind of digital signature, to help investigators trace who they are, our correspondent says.

Surveillance upgrade

No government-related computer networks were affected, an official from the National Computing and Information Agency (NCIA) told Yonhap.

The military has upgraded its information surveillance status by one level, Yonhap said.

North Korea is believed to have been behind two major cyber attacks on the South, in 2009 and 2011, that targeted government agencies and financial firms.

Nonghyup bank was one of the victims of the 2011 attack, which left its customers unable to access or transfer their cash for three days.

North Korea has stepped up rhetoric in recent days in response to fresh UN sanctions over its nuclear test in February and joint annual military drills between the US and South Korea, which it bitterly opposes.

On 15 March, North Korea's KCNA news agency accused the US and its allies of "intensive and persistent" hacking attacks on its networks.

Official sites such as KCNA, Air Koryo and Rodong Sinmun, the party newspaper, were reportedly inaccessible for short periods.

More on This Story

Related Stories

More Asia stories

RSS

Features & Analysis

Elsewhere on the BBC

  • HouseboatLife on the water

    Could a floating house be the home of the future? The BBC's Adam Shaw takes a look

Programmes

  • The Audi RS7Click Watch

    Tech news review of the week including a speed record for a self-driving car

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.