Cyber attacks that caused a wave of Web site outages in the US and South Korea used 86 IP addresses in 16 countries, South Korea’s spy agency told lawmakers yesterday, amid suspicions North Korea was behind the effort.
The countries included South Korea, the US, Japan and Guatemala, Chung Chin-sup, a member of the parliamentary intelligence committee, told reporters.
He spoke after being briefed by the National Intelligence Service (NIS) on preliminary investigations of the Internet protocol (IP) addresses — the Internet equivalent of a street address or phone number.
The assaults on Web sites in the US and South Korea have been described as so-called denial of service attacks in which floods of computers try to connect to a single site at the same time, overwhelming the server.
The NIS also briefed lawmakers on circumstantial and technical reasons for believing that North Korea could be behind the attacks, Chung said without elaborating.
But the spy agency cautioned it was too early to conclude that North Korea was responsible as the investigations were still under way, said Park Young-sun, another member of the intelligence committee.
“So far, North Korea was not included among the 16 countries’ IP addresses,” she told reporters.
US authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to identify the attackers quickly.
Three US officials said this week that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong-il’s government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.
It follows a turbulent few months in which secretive North Korea has engaged in a series of threats and provocative actions widely condemned by the international community, including a nuclear test and missile launches.
North Korea has not responded to the allegations of its involvement in the Web site outages.
On Thursday, seven South Korean Web sites — one belonging to the government and the others to private entities — were attacked in the third round of cyber assaults, said Ku Kyo-young, an official from the state-run Korea Communications Commission, but most were back up and running quickly.
As previously, it was caused by so-called denial of service attacks, Ku said, adding that attacks were continuing on the seven sites yesterday, but they were still accessible.
Some 50 cases of problems regarding computer hard disks or data were reported yesterday morning in South Korea, the commission said, without giving details.
Park, the South Korean lawmaker, said on Thursday that a senior intelligence official told her the NIS suspected the North because Pyongyang earlier warned it wouldn’t tolerate what it claimed were South Korean moves to participate in a US-led cyber warfare exercise, according to a statement from the opposition Democratic Party.
South Korean media reported in May that North Korea was running a cyber warfare unit that tries to hack into US and South Korean military networks to gather confidential information and disrupt service.
Japan was also being extra vigilant against possible cyber attacks, although there was no sign it had been targeted, officials said.
Japan has a “cyber clean center,” set up in 2006, to protect its government computers from attacks, including a decoy computer to analyze possible viruses, Kazuaki Nakakoshi, an information security official at the Ministry of Internal Affairs and Communications, said Friday.