Cyber attacks from 16 countries
2009-07-10 13:54
Park Chan-Kyong
Seoul - This week's cyber attacks on South Korea and the United States came from 16 countries, Seoul's spy agency said on Friday, highlighting the problems it faces in proving any North Korean involvement.
The National Intelligence Service (NIS) told legislators the attacks were tracked to 86 internet protocol addresses in 16 countries including the United States, Japan, China and Guatemala, lawmakers said.
Though not on the list of countries, North Korea is still suspected of involvement.
"The NIS suspects North Korea or its sympathisers are behind the attacks but it says it cannot be sure until the ongoing probe is completed," said Park Young-Sun from the opposition Democratic Party.
The North has staged a nuclear test and numerous missile launches in recent weeks, raising regional tensions.
But a cyber attack, if confirmed, would be a new tactic.
The spy agency based its suspicion on a statement by Pyongyang last month apparently warning of cyber warfare and on the fact that some of the targets were websites operated by conservatives, the lawmakers said.
'Ready for high-tech war'
The North's Committee for the Peaceful Reunification of Korea, lambasting Seoul over its plan to take part in a US-led drill against cyber attacks, said on June 27 that Pyongyang was "fully ready for any form of high-tech war".
The attacks this week have targeted government and private websites in the US and South Korea.
The US State Department said its site also came under attack for a fourth day on Thursday. The White House and Pentagon websites were among US government entities targeted earlier this week.
A third wave hit South Korea on Thursday evening, blocking or impeding access to at least seven sites operated by the country's largest lender Kookmin Bank plus government and media organisations.
Seoul-based portals said their mail services were temporarily disrupted.
Hackers have planted viruses in thousands of personal computers in South Korea and overseas.
These mounted "distributed denial of service" (DDoS) attacks designed to seek simultaneous access to selected sites and swamp them with traffic.
The network of virus-infected computers is known as a "botnet".
'It could be anybody'
The Korea Communications Commission said on Friday there had been a lull in the attacks after "botnet" hosting servers were isolated and "vaccine" programmes were widely distributed to PC users.
"The volume of attacks in the third round of cyber attacks was small and the impact was rather meagre," Park Cheol-Soon, a senior commission official, told AFP.
Hong Min-Pyo, president of security solution provider Shiftworks, said his company tracked down a server in New Jersey which was believed to have been spreading the bad codes.
"However, it's technically impossible to find out who initiated the attacks," he told AFP.
US experts were divided on whether the North was behind them.
"I don't think it was North Korea but there's really no proof either way," said Johannes Ullrich, chief technology officer for the Sans Institute's Internet Storm Centre.
"The way this particular malware was written it looks like one guy wrote it in his basement over a weekend," he said. "But maybe that's what North Korea's cyberwarfare unit looks like."
"It could be anybody," he continued. "It could be a South Korean. It could be a Chinese, whoever had motivation and the tools to do it. There's really nothing that points to a nation state."
- Sapa - AFP