China IP address link to South Korea cyber-attack

Employees of Korea Internet Security Center work after computer networks at two major South Korean banks and three top TV broadcasters went into shutdown mode en masse, at a monitoring room in Seoul, South Korea, Wednesday, March 20, 2013. Around 32,000 computers at six organisations were affected by Wednesday's attack

Related Stories

A cyber-attack on South Korean banks and broadcasters came from an internet address in China, South Korean officials say, but the identity of those behind it cannot be confirmed.

The telecoms regulator said hackers used a Chinese address to plant a malicious code that hit networks at six organisations on Wednesday.

Officials said they were continuing to investigate the origins of the attack.

North Korea has been blamed for previous attacks in 2009 and 2011.

"Unidentified hackers used a Chinese IP address to contact servers of the six affected organisations and plant the malware which attacked their computers," said Park Jae-moon of South Korea's communications regulator.

"At this stage, we're still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open," he said.

Computer vaccines


North Korea is the obvious suspect but proving that Pyongyang was behind these latest attacks on computer systems at South Korean banks and broadcasters, if it was, is expected to take weeks or even months of painstaking research.

North Korea has been accused of several previous rounds of hacker attacks on its neighbour to the South.

There is plenty of free software easily available on the internet that would-be hackers can download and use without advanced skills.

That kind of software won't penetrate highly secure systems. But the latest targets in South Korea - certainly the broadcasters - probably weren't well defended.

It is seen as likely the hackers deliberately picked relatively easy targets that gained them a lot of publicity but caused little long-term damage.

Officials stressed that the IP address did not reveal who was behind the attack, as hackers can route their attacks through addresses in other countries to obscure their identities.

The discovery has strengthened speculation that North Korea was behind the attack, the BBC's Lucy Williamson reports from Seoul.

An unidentified high-ranking official from South Korea's presidential office, quoted by Yonhap news agency, said the government had "all possibilities open, while bearing a strong suspicion that North Korea conducted the attack."

Intelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks.

A taskforce is being formed to analyse the virus and stop further attacks, and free computer vaccines have been handed out to South Korean companies, our correspondent adds.

Korea's Communications Commission (KCC) said that the attacks on all six organisations appeared to come from a single entity.

South Korean media

Officials may still be investigating the attack, but South Korean media feel that Pyongyang must have played a role.

"Three broadcasters, three banks victims of possible cyber-attack; North Korea suspected," says Joong Ang Daily. "North Korea, which has been ratcheting up tensions with South Korea and the United States over the two allies' joint military exercises, was immediately thought to be behind the problem."

The Korea Times "strongly suspects" North Korea of "masterminding the cyber-attacks" and Choson Ilbo urges Seoul to "not drop its guard against N Korean cyber attacks".

"North Korea has been training cyber-warfare specialists since the 1990s after it could not find the money to bolster its conventional military hardware. The North apparently has 30,000 cyber-warfare specialists," an editorial in Choson Ilbo says.

"Pyongyang only recently threatened to scrap a ceasefire agreement that halted the 1950-53 Korean War and vowed to attack the South 'in a formidable way' for holding annual joint military drills with the US. That suggests the computer networks that serve South Korea's key state agencies and nuclear power plants could also come under attack," the paper says.

The networks had been attacked by malicious codes, rather than distributed denial-of-service (DDoS) attacks as initially suspected.

"We have said many times that hacker attacks are a global problem, which are anonymous and cross-border. Hackers often use the IP addresses of other countries to carry out their attacks," Chinese Foreign Ministry spokesman, Hong Lei, said.

'Persistent hacking'

Following Wednesday's attack, the KCC raised its cyber-attack alert levels to "caution," the third highest out of five levels.

The banks and broadcasters were reportedly able to restore their main networks by Thursday morning.

Around 32,000 computers were affected by the incident, and some services at Shinhan bank, including internet banking and ATM machines, were disrupted.

So far no damage had been detected in public institutions and infrastructure, the KCC was quoted as saying by Yonhap.

The incident comes with tensions between the two Koreas high.

North Korea has stepped up rhetoric in recent days in response to fresh UN sanctions over its nuclear test in February and joint annual military drills between the US and South Korea, which it bitterly opposes.

On Thursday, Pyongyang threatened to attack American naval bases in Japan and an air base in Guam.

On 15 March, North Korea's KCNA news agency accused the US and its allies of "intensive and persistent" hacking attacks on its internet servers.

Meanwhile, the United Nations has for the first time set up a commission of inquiry into human rights abuses in North Korea, which it says may amount to crimes against humanity.

The UN Human Rights Council in Geneva unanimously adopted a resolution that was proposed by the European Union and Japan and backed by the US.

More on This Story

Related Stories

More Asia stories


Features & Analysis

  • Dana Lone HillDana Lone Hill

    The Native American names that break Facebook rules

  • Painting from Rothschild collectionDark arts Watch

    The 50-year fight to recover paintings looted by the Nazis

  • Mukesh SinghNo remorse

    Delhi bus rapist says victim shouldn't have fought back

  • Signposts showing the US and UK flagsAn ocean apart

    How British misunderstanding of the US is growing

Elsewhere on the BBC

  • StudentsBull market

    Employers are snapping up students with this desirable degree


  • 3D model of Christ the Redeemer statueClick Watch

    Using drones to 3D map the famous Brazilian landmark Christ the Redeemer

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.