North Korea suspected in major South Korea computer crash
SEOUL, South Korea (AP) - A cyberattack caused computer networks at major South Korean banks and top TV broadcasters to crash simultaneously Wednesday, paralyzing bank machines across the country and prompting speculation of North Korean involvement.
Screens went blank at 2 p.m. (0500 GMT), the state-run Korea Information Security Agency said, and more than seven hours later some systems were still down.
Police and South Korean officials couldn't immediately determine responsibility and North Korea's state media made no immediate comments on the shutdown. But some experts suspected a cyberattack orchestrated by Pyongyang. The rivals have exchanged threats amid joint U.S.-South Korean military drills and in the wake of U.N. sanctions meant to punish North Korea over its nuclear test last month.
The network paralysis took place just days after North Korea accused South Korea and the U.S. of staging a cyberattack that shut down its websites for two days last week. Loxley Pacific, the Thailand-based Internet service provider, confirmed the North Korean outage but did not say what caused it.
The South Korean shutdown did not affect government agencies or potential targets such as power plants or transportation systems, and there were no immediate reports that bank customers' records were compromised, but the disruption froze part of the country's commerce.
Some customers were unable to use the debit or credit cards that many rely on more than cash. At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines formed outside disabled bank machines.
Shinhan Bank, a major South Korean lender, reported a two-hour system shutdown, including online banking and automated teller machines. It said networks later came back online and that banking was back to normal. Shinhan said no customer records or accounts were compromised.
Another big bank, Nonghyup, said its system eventually came back online. Officials didn't answer a call seeking details on the safety of customer records. Jeju Bank said some of its branches also reported network shutdowns.
Broadcasters KBS and MBC said their computers went down at 2 p.m., but that the shutdown did not affect TV broadcasts. Computers were still down about seven hours after the shutdown began, according to the state-run Korea Communications Commission, South Korea's telecom regulator.
The YTN cable news channel also said the company's internal computer network was paralyzed. Footage showed workers staring at blank computer screens.
KBS employees said they watched helplessly as files stored on their computers began disappearing.
Last year, North Korea threatened to attack several news companies, including KBC and MBC, over their reports critical of children's' festivals in the North.
"It's got to be a hacking attack," said Lim Jong-in, dean of Korea University's Graduate School of Information Security. "Such simultaneous shutdowns cannot be caused by technical glitches."
The Korea Information Security Agency had reported that an image of skulls and a hacking claim had popped up on some of the computers that shut down, but later said those who reported the skulls did not work for the five companies whose computers suffered massive outages. KISA was investigating the skull images as well.
An official at the Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches.
LG Uplus Corp., which provides network services for the companies that suffered outages, saw no signs of a cyberattack on its networks, company spokesman Lee Jung-hwan said.
The South Korean military raised its cyberattack readiness level but saw no signs of cyberattacks on its networks, the Defense Ministry said.
No government computers were affected, officials said. President Park Geun-hye called for quick efforts to get systems back online, according to her spokeswoman, Kim Haing.
The shutdown raised worries about the overall vulnerability to attacks in South Korea, a world leader in broadband and mobile Internet access. Previous hacking attacks at private companies compromised millions of people's personal data. Past malware attacks also disabled access to government agency websites and destroyed files in personal computers.
Seoul believes North Korea runs an Internet warfare unit aimed at hacking U.S. and South Korean government and military networks to gather information and disrupt service.
Seoul blames North Korean hackers for several cyberattacks in recent years. Pyongyang has either denied or ignored those charges. Hackers operating from IP addresses in China have also been blamed.
In 2011, computer security software maker McAfee Inc. said North Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites earlier that year. The analysis also said North Korea appeared to be linked to a 2009 massive computer-based attack that brought down U.S. government Internet sites. Pyongyang denied involvement.
The shutdown comes amid rising rhetoric and threats of attack from Pyongyang over the U.N. sanctions. Washington also expanded sanctions against North Korea this month in a bid to cripple the government's ability to develop its nuclear program.
North Korea has threatened revenge for the sanctions and for ongoing U.S.-South Korean military drills, which the allies describe as routine but which Pyongyang says are rehearsals for invasion.
On Wednesday, North Korean leader Kim Jong Un inspected military drills in which drone planes hit targets and rockets shot down mock enemy cruise missiles. Kim told officers the North should "destroy the enemies without mercy so that not a single man can survive to sign a document of surrender when a battle starts," according to the official Korean Central News Agency.
Last week, North Korea's Committee for the Peaceful Reunification of Korea warned South Korea's "reptile media" that the North was prepared to conduct a "sophisticated strike" on Seoul.
North Korea also has claimed cyberattacks by the U.S. and South Korea. The North's official Korean Central News Agency accused the countries of expanding an aggressive stance against Pyongyang into cyberspace with "intensive and persistent virus attacks."
South Korea denied the allegation and the U.S. military declined to comment.
Lim said he believes hackers in China were likely culprits in the outage in Pyongyang, but that North Korea was probably responsible for Wednesday's attack.
"Hackers attack media companies usually because of a political desire to cause confusion in society," he said. "Political attacks on South Korea come from North Koreans."
Orchestrating the mass shutdown of the networks of major companies would have taken at least one to six months of planning and coordination, said Kwon Seok-chul, chief executive officer of Seoul-based cybersecurity firm Cuvepia Inc.
Kwon, who analyzed personal computers at one of the three broadcasters shut down Wednesday, said he hasn't yet seen signs that the malware was distributed by North Korea.
"But hackers left indications in computer files that mean this could be the first of many attacks," he said.
Lim said tracking the source of the outage would take months.
Screens went blank at 2 p.m. (0500 GMT), the state-run Korea Information Security Agency said, and more than seven hours later some systems were still down.
Police and South Korean officials couldn't immediately determine responsibility and North Korea's state media made no immediate comments on the shutdown. But some experts suspected a cyberattack orchestrated by Pyongyang. The rivals have exchanged threats amid joint U.S.-South Korean military drills and in the wake of U.N. sanctions meant to punish North Korea over its nuclear test last month.
The network paralysis took place just days after North Korea accused South Korea and the U.S. of staging a cyberattack that shut down its websites for two days last week. Loxley Pacific, the Thailand-based Internet service provider, confirmed the North Korean outage but did not say what caused it.
The South Korean shutdown did not affect government agencies or potential targets such as power plants or transportation systems, and there were no immediate reports that bank customers' records were compromised, but the disruption froze part of the country's commerce.
Some customers were unable to use the debit or credit cards that many rely on more than cash. At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines formed outside disabled bank machines.
Shinhan Bank, a major South Korean lender, reported a two-hour system shutdown, including online banking and automated teller machines. It said networks later came back online and that banking was back to normal. Shinhan said no customer records or accounts were compromised.
Another big bank, Nonghyup, said its system eventually came back online. Officials didn't answer a call seeking details on the safety of customer records. Jeju Bank said some of its branches also reported network shutdowns.
Broadcasters KBS and MBC said their computers went down at 2 p.m., but that the shutdown did not affect TV broadcasts. Computers were still down about seven hours after the shutdown began, according to the state-run Korea Communications Commission, South Korea's telecom regulator.
The YTN cable news channel also said the company's internal computer network was paralyzed. Footage showed workers staring at blank computer screens.
KBS employees said they watched helplessly as files stored on their computers began disappearing.
Last year, North Korea threatened to attack several news companies, including KBC and MBC, over their reports critical of children's' festivals in the North.
"It's got to be a hacking attack," said Lim Jong-in, dean of Korea University's Graduate School of Information Security. "Such simultaneous shutdowns cannot be caused by technical glitches."
The Korea Information Security Agency had reported that an image of skulls and a hacking claim had popped up on some of the computers that shut down, but later said those who reported the skulls did not work for the five companies whose computers suffered massive outages. KISA was investigating the skull images as well.
An official at the Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches.
LG Uplus Corp., which provides network services for the companies that suffered outages, saw no signs of a cyberattack on its networks, company spokesman Lee Jung-hwan said.
The South Korean military raised its cyberattack readiness level but saw no signs of cyberattacks on its networks, the Defense Ministry said.
No government computers were affected, officials said. President Park Geun-hye called for quick efforts to get systems back online, according to her spokeswoman, Kim Haing.
The shutdown raised worries about the overall vulnerability to attacks in South Korea, a world leader in broadband and mobile Internet access. Previous hacking attacks at private companies compromised millions of people's personal data. Past malware attacks also disabled access to government agency websites and destroyed files in personal computers.
Seoul believes North Korea runs an Internet warfare unit aimed at hacking U.S. and South Korean government and military networks to gather information and disrupt service.
Seoul blames North Korean hackers for several cyberattacks in recent years. Pyongyang has either denied or ignored those charges. Hackers operating from IP addresses in China have also been blamed.
In 2011, computer security software maker McAfee Inc. said North Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites earlier that year. The analysis also said North Korea appeared to be linked to a 2009 massive computer-based attack that brought down U.S. government Internet sites. Pyongyang denied involvement.
The shutdown comes amid rising rhetoric and threats of attack from Pyongyang over the U.N. sanctions. Washington also expanded sanctions against North Korea this month in a bid to cripple the government's ability to develop its nuclear program.
North Korea has threatened revenge for the sanctions and for ongoing U.S.-South Korean military drills, which the allies describe as routine but which Pyongyang says are rehearsals for invasion.
On Wednesday, North Korean leader Kim Jong Un inspected military drills in which drone planes hit targets and rockets shot down mock enemy cruise missiles. Kim told officers the North should "destroy the enemies without mercy so that not a single man can survive to sign a document of surrender when a battle starts," according to the official Korean Central News Agency.
Last week, North Korea's Committee for the Peaceful Reunification of Korea warned South Korea's "reptile media" that the North was prepared to conduct a "sophisticated strike" on Seoul.
North Korea also has claimed cyberattacks by the U.S. and South Korea. The North's official Korean Central News Agency accused the countries of expanding an aggressive stance against Pyongyang into cyberspace with "intensive and persistent virus attacks."
South Korea denied the allegation and the U.S. military declined to comment.
Lim said he believes hackers in China were likely culprits in the outage in Pyongyang, but that North Korea was probably responsible for Wednesday's attack.
"Hackers attack media companies usually because of a political desire to cause confusion in society," he said. "Political attacks on South Korea come from North Koreans."
Orchestrating the mass shutdown of the networks of major companies would have taken at least one to six months of planning and coordination, said Kwon Seok-chul, chief executive officer of Seoul-based cybersecurity firm Cuvepia Inc.
Kwon, who analyzed personal computers at one of the three broadcasters shut down Wednesday, said he hasn't yet seen signs that the malware was distributed by North Korea.
"But hackers left indications in computer files that mean this could be the first of many attacks," he said.
Lim said tracking the source of the outage would take months.
Welcome to the 21st century.
The old plans by our enemies to disrupt the phone systems are in the dumpster (and they did exist when I was stationed and working in the Pentagon; I actually saw some our intelligence "assets" obtained). I'm very sure new plans to hit the cell phone networks are either here or in the works.
The power grid is very vulnerable and the sacred Private sector has a cow whenever mandatory upgrades are even discussed in DC. I'd like to see a law holding those companies responsible if they are attacked and haven't bothered to instigate any defense.
Financial system? See the comments on the power grid. And the revelations that China's cyber-espionage army unit virtually owns their data hasn't caused widespread outrage.
It seems the Private bottom line is more important then national security. I guess that makes conservatives the group weakest on National Defense . . . .
Time to turn off their power.
Welcome to the state of warfare in 2013. No fingerprints, no artillery, no evidence. This is the state of modern warfare.
Be scared ! Be VERY scared tax payers......we can't cut military spending even though the US Military budget is equal to the next 12 highest countries COMBINED !!!
I kind of agree, but the whole time I was in the Army little N. Korea was the one that was the most likely to start the next war and just out of sheer stupidity. Look at all the BS they have done in the recent past. I guarantee you, if it wasnât for huge brother China having their back we would have punched their lights out in the 50s. Now spending more money in the defense of NK? No way!!! Get one or two of those Non Nuke Mountain Busters they blew off in Florida a couple of years ago. Drop it on the 24 year old head, after that the Country will cry uncle.
@dkgiovenco They're falling apart as this happens anyway. I suspect un is trying to egg on so he can get china to bite and they won't ! We'd be fools to get into another conflict. Haven't we learned from vietnam, afghanistan and iraq that these "limited conflicts" drain our economy and the rest of the world just picks up where our economy left off then when we're done we end up with a smaller piece everytime ??
I agree, NK is a leftover by product of WWII. America and China are huge business partners (good/bad). Is it in our best interest to nuke a business partner? Hell no.I really wish that Reagan not only said âtear down these wallsâ but also would have said to tear up the DMZ. S Koreans are nice people; the country needs to be united. An interesting note, have you noticed how the two countries people are starting to look slightly different? Several generations of separation and you can start to tell the difference.
oh not again, sarge, we could spend nothing next year and we'd still be untouchable
@SKVmutant I had my sarcasmatron on medium high !
Now wouldn't it be something if it turned out to be an outside attack intended to spark conflict between the two Korea's? I do expect North Korea to instigate some kind of confrontation with the south, or another ally maybe sometime within this year.
@danoseknows North Korea is one of only three countries left in the world whose central bank is not under Rothschild control. Before 9-11 there were reportedly seven: Afghanistan, Iraq, Sudan, Libya, Cuba, North Korea and Iran. By 2003, however, Afghanistan and Iraq were swallowed up by the Rothschild octopus, and by 2011 Sudan and Libya were also gone. In Libya, a Rothschild central banking system was established in Benghazi while the country was still at war.
Is this merely a coincidence that this list contains the names of the countries that were either invaded by us or had their regimes toppled?
@str1ngb3nd3r @danoseknows We, meaning the US, like North Korea, have certain distinct historical patterns. North Korea "misbehaves" and then maneuvers foreign aid from us, China, Japan South Korea etc, and the US seems to have a hard time avoiding direct, and more often than not, indirect conflict, because we really do gain financially by our military-industrial complex, as well as other capitalist nations.After all, it finally took WWII to pull this country out of the first major depression. Again, just like a game of football, you (meaning both the DPRK and the US) keep running a play until your opponent figures out how to stop you,...... and on it goes.
@str1ngb3nd3r @danoseknows One world order swallowing us while we blindly watch dances with the stars
I would guess it was most likely China. N Korea does not have the technology to pull this off.