South Korea ready for more cyberattacks; banks recover

KBS/APIn this photo released by Korean Broadcasting System

KBS/APIn this photo released by Korean Broadcasting System

SEOUL, South Korea (AP) — South Korea said Friday it was preparing for the possibility of more cyberattacks as a new team of investigators tried to determine if North Korea was behind a synchronized shutdown of tens of thousands of computers at six South Korean banks and media companies.

Many in Seoul suspect hackers loyal to Pyongyang were responsible for Wednesday's attack, but South Korean officials have yet to assign blame and say they have no proof yet of North Korea's involvement. Pyongyang hasn't yet mentioned the shutdown.

The investigation could take weeks, but an initial finding linked a Chinese Internet Protocol address to one of the banks affected.

South Korea has set up a team of computer security experts from the government, military and private sector to identify the hackers and is preparing to deal with more possible attacks, presidential spokesman Yoon Chang-jung told reporters Friday. He didn't elaborate on the possibility of more attacks, but said the prime minister would later hold a meeting to discuss ways to beef up cybersecurity at institutions overseeing infrastructure such as roads and electricity.

Determining who's behind a digital attack is often difficult. But North Korea is a leading suspect for several reasons. It has unleashed a torrent of threats against Seoul and Washington since punishing U.N. sanctions were imposed for Pyongyang's Feb. 12 nuclear test. It calls ongoing routine U.S.-South Korean military drills a threat to its existence. Pyongyang also threatened revenge after blaming Seoul and Washington for a separate Internet shutdown that disrupted its own network last week. Seoul alleges six cyberattacks by North Korea on South Korean targets since 2009.

If the attack was in fact carried out by North Korea, it may be a warning to Seoul that Pyongyang is capable of breaching its computer networks with relative ease.

The cyberattack did not affect South Korea's government, military or infrastructure, and there were no initial reports that customers' bank records were compromised. But it disabled cash machines and disrupted commerce in this tech-savvy, Internet-dependent country, renewing questions about South Korea's Internet security and vulnerability to hackers.

The attack disabled some 32,000 computers at broadcasters YTN, MBC and KBS, as well as three banks. The broadcasters said their programming was never affected.

All three of the banks that were hit were back online and operating regularly Friday. It could be next week before the media companies have fully recovered.

A malicious code that spread through the server of one target, Nonghyup Bank, was traced to an IP address in China, the state-run Korea Communications Commission said in an announcement of initial findings. Regulators said all six attacks appeared to come from “a single organization.” The investigation is continuing into the shutdown at the five other firms.

An IP address can be an important clue as to the location of an Internet-connected computer but can easily be manipulated by hackers operating anywhere in the world.

The Chinese IP address identified by the South Korean communications regulator belongs to an Internet services company, Beijing Teletron Telecom Engineering Co., according to the website tracking and verification service Whois. A woman who answered the telephone number listed on Beijing Teletron's website denied the company was involved in the cyberattack.

She refused to identify herself or provide further information.

Wednesday's cyberattack does not fit the mold of previous attacks blamed on China. Chinese hacking, either from Beijing's cyber-warfare command or freelance hackers, tends to be aimed at collecting intelligence and intellectual property, not at disrupting commerce.

China is home to a sizable North Korean community, both North Koreans working in the neighboring nation and Chinese citizens of ethnic ancestry who consider North Korea their motherland.

ChinanewsSouth KoreaUS

Just Posted

Cabernet sauvignon grapes sat in a container after being crushed at Smith-Madrone Winery in St. Helena. (Courtesy Smith-Madrone Winery)
San Francisco’s ‘Champagne problems’ — Wine industry suffers supply chain woes

‘Everywhere you turn, things that were easy are no longer easy’

Glasses behind the bar at LUNA in the Mission District on Friday, Oct. 15, 2021. Glassware is just one of the many things restaurants have had trouble keeping in stock as supply chain problems ripple outward. (Kevin N. Hume/The Examiner)
SF restaurants face product shortages and skyrocketing costs

‘The supply chain crisis has impacted us in almost every way imaginable’

A Giants fans hangs his head in disbelief after the Dodgers won the NLDS in a controversial finish to a tight Game 5. (Chris Victorio/Special to The Examiner)
Giants dream season ends at the hands of the Dodgers, 2-1

A masterful game comes down to the bottom of the ninth, and San Francisco came up short

<strong>Workers with Urban Alchemy and the Downtown Streets Team clean at Seventh and Market streets on Oct. 12. <ins>(Kevin N. Hume/The Examiner)</ins> </strong>
<ins></ins>
Why is it so hard to keep San Francisco’s streets clean?

Some blame bureaucracy, others say it’s the residents’ fault

Speaker of the House Nancy Pelosi — seen in Washington, D.C., on Tuesday — touted Congressional Democrats’ infrastructure bill in San Francisco on Thursday. (Stefani Reynolds/The New York Times)
Pelosi touts infrastructure bill as it nears finish line

Climate change, social safety net among major priorities of Democrats’ 10-year funding measure

Most Read