Third wave of cyber attacks
2009-07-10 09:19
Seoul - A third wave of cyber attacks hit South Korea on Thursday evening, blocking or impeding access to official and private websites, amid suspicions North Korea or its supporters are to blame.
The US State Department said its website also came under attack for a fourth day as it tried to prevent further attacks after the White House and Pentagon websites were among US government entities targeted this week.
AhnLab, a South Korean developer of anti-virus software, had forecast the virus, which hit dozens of US and Korean sites in recent days, would return at 18:00 on Thursday and hit seven domestic sites.
"The third attack was bigger than our office had predicted, affecting some of the sites also hit earlier in the week," a company official told AFP.
The websites of parliament, the defence ministry, the foreign ministry and the National Intelligence Service were either responding slowly or shut down intermittently.
The largest bank, Kookmin, also said access to its website was blocked at one point and it was trying hard to normalise internet banking.
Officials at the government's Korea Information Security Agency told Yonhap news agency the damage appeared less serious on Thursday thanks to concerted efforts to combat the problem.
Hackers have planted the viruses in thousands of personal computers in South Korea and overseas. In what is called a "distributed denial of service" (DDoS), they are programmed to swamp certain websites at selected times.
Further disruptions?
In a sign of further disruption to come, Yonhap quoted the Korea Communications Commission (KCC) as saying that tens of thousands of virus-contaminated personal computers "appear automatically programmed to destroy their own stored data starting Friday".
The KCC said the virus was set to destroy the data of at least 20 000 contaminated PCs across South Korea.
The report added that government agencies and private network security firms said they have identified and closed four overseas-based intermediate hosts suspected of participating in the latest wave of attacks, without elaborating.
The White House, State Department and Pentagon websites were among government entities targeted this week in the United States, experts said, along with private institutions.
In response, the South Korean military said an information security command will be launched on January 1, two years earlier than planned, and become operational six months later.
The National Intelligence Service (NIS) said 12 South Korean and 14 US organisations were hit in the first wave early this week.
It said a second wave of attacks on Wednesday was aimed at domestic banks and a security solution provider.
A new tactic
The NIS has not publicly suggested who is mounting the attacks.
But it told members of parliament's intelligence committee on Wednesday that it believes the North or its sympathisers may be to blame, according to several legislators.
The North has staged a nuclear test and numerous missile launches in recent weeks, raising regional tensions. A cyber attack, if confirmed, would be a new tactic.
Yonhap quoted an NIS report to the committee as forecasting potential "financial chaos" in the event of a larger cyber attack.
It said the daily value of all online transactions in South Korea - one of the world's most wired nations - is $4.7bn.
The NIS said the internal networks of the Seoul government are safe and no information has been leaked.
The Korea Information Security Agency said most sites had been restored after the first attacks began in the country late on Tuesday - using 12 000 domestic PCs and 8 000 abroad.
However it said the second round - using 29 000 "hijacked" PCs - hit one foreign site and 15 domestic sites, including government agencies, banks and a security solution provider.
Kwon Tae-Shin, senior secretary to the prime minister, described the viruses as "an attack on our system and a provocative activity which poses a threat to our security".
He was speaking after chairing a vice minister-level meeting on the incidents.
"This is the worst cyber attack I have seen in my 15-year career," AhnLab CEO Hongsun Kim told reporters. "This is an online equivalent of 9/11.
"I don't think an individual hacker can do this. This is an organised attack," he said, adding "very complicated" codes are being planted.
- AFP