South Korea blames North Korea for cyberattack

Seoul says North Korea behind June cyberattack on South Korean government, media websites

Associated Press
South Korea blames North Korea for cyberattack
.

View photo

A woman walks by a sign at Cyber Terror Response Center of National Police Agency in Seoul, South Korea, Tuesday, July 16, 2013. North Korea is to blame for last month's cyberattacks on the websites of South Korean media companies and the president and prime minister's offices, a South Korean investigation concluded Tuesday. South Korea's ministry of science said it was blaming North Korea based on analysis of codes, Internet addresses and personal computers used to launch the attacks. The attacks occurred June 25, the 63rd anniversary of the beginning of the Korean War. (AP Photo/Ahn Young-joon)

GWACHEON, South Korea (AP) -- South Korean investigators on Tuesday blamed rival North Korea for a cyberattack last month on dozens of South Korean media and government websites, including those of the president and prime minister.

The biggest piece of evidence linking Pyongyang to the attacks on June 25, which marked the 63rd anniversary of the beginning of the Korean War, was a North Korean Internet protocol address found in some of the websites and malicious codes, South Korea's Ministry of Science said.

Investigators said North Korea was found responsible after an analysis of Internet addresses, access logs and 82 malicious codes found in the attacked servers, computers and websites.

Last month's attack was the latest of several that South Korea has blamed on North Korea since 2009, including an attack on South Korean broadcasters and banks in March.

Pyongyang has rejected previous accusations and has blamed the United States and South Korea for a cyberattack, also in March, that shut down its websites for two days. There was no immediate comment from North Korea's state media on Tuesday's accusation.

The South Korean government-led team of investigators said the June online assaults, which hit 69 government and private companies' websites and servers, were planned for at least six months. Part of that planning included hacking file-sharing websites in South Korea.

One of the investigators declined to disclose how the attackers hacked the presidential website because other hackers may mimic the attack. But he said the attackers employed a variety of methods to launch the attack and one of them was to make computers automatically send a massive amount of traffic to a targeted website when a user downloaded a malicious code from a file-sharing site. This type of offensive of shutting down a website by incurring huge traffic is called DDoS attack, or distributed denial of service. Such an attack targeted some government servers in the June attack.

The fact that attackers were preparing cyberattacks months ahead of time raises questions about whether authorities failed to detect early warning signs. Officials could have detected a problem if someone had discovered the file-sharing hacking, but no one did, even while authorities were investigating the March 20 cyberattacks that shut down tens of thousands of computers at South Korean broadcasters and banks.

Chun Kilsoo, director of the government-run Korea Internet Security Center, told reporters in a briefing that the evidence investigators have collected so far points to North Korea. In response to criticism about officials not detecting the June attack preparations, Chun said it was difficult to spot ahead of time because the targets of the March and June attacks were different.

Chun said the attackers tried to steal personal information from the websites targeted in the June 25 cyberattacks. He said investigators could not find out whether that information was stolen during hacking preparations before the attack or during the attack itself.

Local media reported that the personal information of hundreds of thousands of people was stolen from the presidential office's website and the ruling party.

Investigators managed to recover data on the hard drives that the attackers destroyed June 25 and found an Internet protocol address that was used by North Korea.

The attackers in June tried to hide their identities by destroying hard drives and hiding the Internet protocol addresses they used, the ministry said. The attackers also tried to mislead investigators by using the picture of a global hacking collective called Anonymous, the ministry said.

Hackers can usually disguise IP addresses. But the attackers used the same IP addresses two ways for the June 25 attacks — to send and to receive data — so they could not have been falsified, Chun said.

Investigators also found that the codes used in the June attacks had the same features as the codes used in larger March 20 cyberattacks that shut down tens of thousands of computers at South Korean broadcasters and banks, indicating that the same group of hackers was behind both attacks.

Earlier this month, cybersecurity firms said the hackers behind the March attacks also have been trying to steal South Korean and U.S. military secrets for years with a malicious set of codes they've been sending through the Internet. They did not specifically blame North Korea, but they also didn't dispute South Korea's finding that held North Korea as responsible.

Researchers at Santa Clara, California-based McAfee Labs said the malware was designed to find and upload information referring to U.S. forces in South Korea, joint exercises or even the word "secret."

McAfee said versions of the malware have infected many websites in an ongoing attack that it calls Operation Troy because the code is peppered with references to the ancient city.

South Korea's National Intelligence Service blames North Korea for a denial of service attack in 2009 that crippled dozens of websites, including that of the presidential office. Seoul also believes the North was responsible for cyberattacks on servers of Nonghyup Bank in 2011 and Joongang Ilbo, a national daily newspaper, in 2012.

Experts believe North Korea trains large teams of cyber warriors, and that the South and its allies should be prepared against possible attacks on key infrastructure and military systems. If the inter-Korean conflict were to move into cyberspace, South Korea's deeply wired society would have more to lose than North Korea's, which largely remains offline.

Tuesday's announcement from Seoul comes a day after a meeting in which officials from the rival Koreas failed to find a way to reopen a jointly run factory park. The countries plan another round of talks Wednesday on restarting the Kaesong complex, which had been the last remaining symbol of rapprochement before being shut down in April during a period of unusually high animosity.

__

Follow Youkyung Lee on Twitter: https://www.twitter.com/YKLeeAP

Rates

View Comments (14)

Recommended for You

  • Tycoon buys 30 Rolls-Royces for Macau hotel

    A Hong Kong tycoon has placed the biggest ever order for Rolls-Royce cars, agreeing to buy 30 Phantoms to chauffeur guests at a luxury resort he's building in the global gambling capital of Macau. Stephen Hung's $20 million purchase surpasses the 14 Phantoms bought by Hong Kong's Peninsula Hotel in…

    Associated Press
  • 1 Tip To Lose Belly Fat

    It's Hollywood's Hottest Diet And Gets Rid Of Stubborn Fat Areas Like Nothing Else.

    AdChoicesagoodcooksSponsored
  • Before You Buy Alibaba, Check Out 4 Top China Stocks

    Before You Buy Alibaba, Check Out 4 Top China Stocks While investors gear up for Alibaba Group 's (BABA) hotly anticipated initial public offering, don't forget about other Chinese stocks that are worth keeping an eye on. Today's Young Guns Screen of

    Investor's Business Daily
  • Costco Stores in Canada to Stop Taking American Express

    “The credit card relationship between American Express and Costco Wholesale Canada will not be renewed when it expires” on Dec. 31, the company said today in an e-mail to Canadian customers. The message was attributed to Lorelle Gilpin, vice president of marketing and membership for Costco…

    Bloomberg
  • Play

    Citi, Bank of America Offer Discounted Mortgages

    Citigroup and Bank of America will offer mortgages at discounted interest rates to help borrowers with low incomes or subprime credit. AnnaMaria Andriotis joins MoneyBeat. Photo: Getty.

    WSJ Live
  • As Fed takes baby steps, Cramer's trick for profit

    In turn, Cramer says making money in the market, involves looking at the environment through the lens of the Fed. "The trick is to remember that they speak for the common person," Cramer said. "The Fed wants the common person to make money." With that backdrop always in mind, Cramer says it becomes…

    CNBC
  • "The Retiree Next Door": How successful retirees stretch their savings

    "The Retiree Next Door": How successful retirees stretch their savingsBy the time she hit her late 40s, Toni Eugenia wasn’t sure she would ever be able to retire. Eugenia, 56, a pharmacy technician who lived in Houston, was nearly $200,000 in debt and

    Yahoo Finance
  • CNBC Anchor Calls Out Fed-Hater Bill Fleckenstein In Startling Shouting Match

    CNBC Bill Fleckenstein of Fleckenstein Capital appeared on CNBC's Futures Now program on Tuesday. Futures Now host Jackie DeAngelis came out swinging, asking Fleckenstein right at the top if he was willing to admit that he had misunderstood monetary policy. Sounding taken aback, Fleckenstein…

    Business Insider
  • Tired of Living Paycheck to Paycheck?

    New website reveals how to save $1,000's when you're living paycheck to paycheck. See exactly how.

    AdChoices Media ForceSponsored
  • Beanie Babies creator's sentence debated in court

    Beanie Babies creator's sentence debated in court CHICAGO (AP) — Federal prosecutors seeking to put the billionaire creator of Beanie Babies in prison for hiding millions in Swiss bank accounts told appellate court judges Wednesday that the toymaker's sentence of probation threatens to erode the…

    Associated Press
  • Apple to unveil new iPads, operating system on Oct. 21 : report

    The company plans to unveil the sixth generation of its iPad and the third edition of the iPad mini, as well as its operating system OS X Yosemite, which has undergone a complete visual overhaul, the Internet news website said. Trudy Muller, a spokeswoman for Apple, declined to comment. The iPad is…

    Reuters
  • Margaritaville casino owners seek bankruptcy

    The owner of Biloxi's Margaritaville casino has filed for Chapter 11 bankruptcy protection Tuesday, only hours before a hearing where the landlord aimed to seize the property. The filing by MVB Holding LLC in U.S. Don Dornan, a lawyer for landlord Clay Point LLC, said the company had planned to ask…

    Associated Press
  • Embraer to sell 50 E-175 jets to Republic in $2.1 billion deal

    Brazil's Embraer SA, the world's third largest commercial planemaker, said on Wednesday it booked a firm order from U.S. The deal, which will be included in Embraer's order book for the third quarter, is valued at $2.1 billion, the planemaker said in a securities filing. The planes will be operated…

    Reuters
  • Gilead Stock Is Falling On These Drug Setbacks

    Gilead Stock Is Falling On These Drug Setbacks Gilead Sciences (GILD) shares are backsliding Wednesday on news that the patient drop-out rate for hepatitis C drug Sovaldi is quadruple that of clinical trials. In addition, the biotech's Phase 2 study results

    Investor's Business Daily
  • Here's What Mark Cuban Wishes He Knew About Money In His 20s

    Cuban is the owner of the Dallas Mavericks basketball team. Billionaire investor and entrepreneur Mark Cuban is generous with his advice. When we asked him what he wishes he'd known about money in his 20s, he said:

    Business Insider
  • Best Womens Wrinkle Creams 2014

    Mom reveals simple wrinkle solution that has researchers very excited. Try this free solution today to look and feel years younger.

    AdChoicesBellaLabs.comSponsored
  • Play

    What the Fed Meeting Means for Bonds

    Janet Yellen & Co. are expected to hint at their timetable for raising interest rates. Here's how investors should prepare ahead of the meeting.

    WSJ Live
  • SHOE COMPANY: Our CEO Just Disappeared And Most Of The Money Is Gone

    "and like that: he's gone." This is an actual headline from a company press release: "CEO and COO disappeared, most of the company's cash missing." (Via FastFT) In a statement, German-based shoe company Ultrasonic said its CFO,  Chi Kwong Clifford Chan, has been unable to reach the company's CEO,…

    Business Insider
  • Billionaire Investor Says Chinese People Work Harder And Western Companies Could Face Deep Trouble After Alibaba IPO

    Michael Moritz, the chairman of VC firm Sequoia Capital, is a huge fan of Chinese internet companies and reiterated his enthusiasm for the Chinese market in an interview with The Wall Street Journal Wednesday. The billionaire investor described the Alibaba IPO as a “major landmark event” that is as…

    Business Insider
  • Top Analyst Upgrades and Downgrades: AEP, BHP, GE, Incyte, 3M, Tyco, Under Armour and More

    Top Analyst Upgrades and Downgrades: AEP, BHP, GE, Incyte, 3M, Tyco, Under Armour and More Stocks were firm on Wednesday morning ahead of the FOMC meeting outcome. Tuesday’s rally may have sparked higher interest again, and investors are looking for bargains

    24/7 Wall St.
  • 6 Things Debt Collectors Wish You Knew

    The work debt collectors do is not popular, and has become increasingly derided by those who don’t like what we do or simply don’t know the facts about debt collection. Too often, debt collection is painted with a broad brush to create a portrait that isn’t accurate, and doesn’t properly educate…

    Credit.com
  • Boeing may have outfoxed Musk, but it could have bigger problems

    Elon Musk is arguably one of the greatest entrepreneurial minds of the 21st Century, but he was outsized an old school aerospace giant. Boeing won the bulk of NASA’s contract for a space taxi.  One of the other companies vying for the deal is SpaceX, the company headed by Tesla’s Musk, will get a…

    Talking Numbers
  • The New 2015 Sonata®: A Step Above the Competition

    There's a Sonata® that's perfect for you, and this is your chance to build it! Visit the Hyundai® Official Site to customize your 2015 Sonata® today!

    AdChoicesHyundaiSponsored
  • Romney-Sized IRAs Scrutinized as Government Studies Taxes

    The preliminary report attaches data to an issue that drew attention during the 2012 presidential campaign, when Republican nominee Mitt Romney reported an IRA worth $20 million to $102 million. Senate Finance Committee Chairman Ron Wyden said many of these "massive" accounts come from deals…

    Bloomberg