South Korea ready for more cyber attacks

Black Hat Hackers
Black Hat Hackers
Seoul - South Korea said on Friday it was preparing for the possibility of more cyber attacks as a new team of investigators tried to determine if North Korea was behind a synchronised shutdown of tens of thousands of computers at six South Korean banks and media companies.

Many in Seoul suspect hackers loyal to Pyongyang for Wednesday's attack, but South Korean officials have yet to assign blame and say they have no proof yet of North Korea's involvement. The investigation could take weeks, but an initial finding linked a Chinese internet protocol address to one of the banks affected.

South Korea has set up a team of computer security experts from the government, military and private sector to identify the hackers and is preparing to deal with more possible attacks, presidential spokesperson Yoon Chang-jung told reporters on Friday. He didn't elaborate on the possibility of more attacks.

Determining who's behind a digital attack is often difficult. But North Korea is a leading suspect for several reasons. It has unleashed a torrent of threats against Seoul and Washington since punishing UN sanctions were imposed for Pyongyang's 12 February nuclear test.

It calls ongoing routine US-South Korean military drills a threat to its existence. Pyongyang also threatened revenge after blaming Seoul and Washington for a separate internet shutdown that disrupted its own network last week. Seoul alleges six cyber attacks by North Korea on South Korean targets since 2009.

Internet security


If the attack was in fact carried out by North Korea, it may be a warning to Seoul that Pyongyang is capable of breaching its computer networks with relative ease.

The cyber attack did not affect South Korea's government, military or infrastructure, and there were no initial reports that customers' bank records were compromised.

But it disabled cash machines and disrupted commerce in this tech-savvy, internet-dependent country, renewing questions about South Korea's internet security and vulnerability to hackers.

The attack disabled some 32 000 computers at broadcasters YTN, MBC and KBS, as well as three banks. The broadcasters said their programming was never affected, and all ATMs were back online.

All three of the banks that were hit were back online and operating regularly on Friday. It could be next week before the media companies have fully recovered.

A malicious code that spread through the server of one target, Nonghyup Bank, was traced to an IP address in China, the state-run Korea Communications Commission said in an announcement of initial findings. Regulators said all six attacks appeared to come from "a single organisation". The investigation is continuing into the shutdown at the five other firms.

An IP address can be an important clue as to the location of an internet-connected computer but can easily be manipulated by hackers operating anywhere in the world.

Intellectual property

The Chinese IP address identified by the South Korean communications regulator belongs to an internet services company, Beijing Teletron Telecom Engineering, according to the website tracking and verification service Whois.

A woman who answered the telephone number listed on Beijing Teletron's website denied the company was involved in the cyber attack. She refused to identify herself or provide further information.

Wednesday's cyber attack does not fit the mould of previous attacks blamed on China. Chinese hacking, either from Beijing's cyber-warfare command or freelance hackers, tends to be aimed at collecting intelligence and intellectual property - not at disrupting commerce.

China is home to a sizable North Korean community, both North Koreans working in the neighbouring nation and Chinese citizens of ethnic ancestry who consider North Korea their motherland.
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Lockdown For
DAYS
HRS
MINS
Voting Booth
When assisting your child with remote learning this year, did you:
Please select an option Oops! Something went wrong, please try again later.
Results
Follow the school's comprehensive sexuality education (CSE) curriculum?
13% - 28 votes
Adjust the CSE curriculum to suit the family's morals?
22% - 50 votes
Ignore the schools CSE programme and do your own teaching?
65% - 145 votes
Vote
ZAR/USD
15.16
(+0.32)
ZAR/GBP
20.26
(+0.22)
ZAR/EUR
18.08
(+0.23)
ZAR/AUD
11.19
(+0.02)
ZAR/JPY
0.15
(+0.09)
Gold
1810.29
(+0.06)
Silver
23.28
(+0.44)
Platinum
962.34
(+0.46)
Brent Crude
47.75
(-1.52)
Palladium
2386.52
(+1.32)
All Share
58054.03
(+0.23)
Top 40
53222.52
(+0.26)
Financial 15
11874.34
(+1.97)
Industrial 25
80135.06
(+0.18)
Resource 10
52510.50
(-0.53)
All JSE data delayed by at least 15 minutes morningstar logo