Seoul’s spy agency has yet to be sure that North Koreans were behind recent cyber attacks on South Korea and the US but it still sees Pyongyang as a prime suspect, officials said yesterday.
The National Intelligence Service (NIS) said in a statement it was still looking into “various pieces of evidence” indicating that North Koreans might have orchestrated the attacks against South Korean and US government and private websites.
“The NIS ... has yet to reach a final conclusion that the acts have been committed by North Korea,” the statement said.
It denied a report by Chosun Ilbo newspaper on Saturday that the NIS had found an Internet protocol (IP) address used by a North Korean hacker surnamed Yun, who could be behind the cyber attacks.
It said the Chosun Ilbo report went “too far” and urged local media outlets to be prudent in reporting on the case.
Hackers have planted viruses in thousands of personal computers in South Korea, one of the world’s most wired societies, as well as overseas. These mounted “distributed denial of service” attacks designed to seek simultaneous access to selected sites and swamp them with traffic.
The Korea Communications Commission in Seoul said yesterday more than 690 personal computers had been damaged in the wake of the cyber raid.
The attacks that had crippled some South Korean government Web sites have now come under control after virus-infected “botnet” hosting servers were isolated and “vaccine” programs were widely distributed to PC users.
The state-run Korea Communications Commission has said that tens of thousands of computers were infected. The commission says it has identified and blocked five Internet Protocol, or IP, addresses in five countries used to distribute computer viruses that caused the wave of Web site outages, which began in the US on July 4.
They were in Austria, Georgia, Germany, South Korea and the US, a commission official said. He spoke on condition of anonymity because he is not authorized to speak to the media on the record.
Meanwhile, the police are analyzing a sample of the tens of thousands of infected computers used to crash the Web sites.
The JoongAng Ilbo reported on Saturday that the NIS had told lawmakers on Friday that a North Korean military research institute had been ordered to destroy the South’s communications networks.
The paper, citing unidentified members of parliament’s intelligence committee, said the institute, known as Lab 110, specializes in hacking and spreading malicious programs.
South Korea’s Yonhap news agency carried a similar report, saying the NIS obtained a North Korean document issuing the June 7 order.
The report, quoting an unidentified senior ruling party official, said the North Korean institute is affiliated with the North Korean People’s Army.
An Chan-soo, a senior police officer investigating the cyberattacks, said yesterday that investigators had obtained 27 computers infected with malicious computer code, known as malware, in an attempt to trace the “contamination paths” of the programs that launched the attacks.
North Korea has not responded to the allegations of its involvement in the Web site outages.
The assaults appear to be on the wane. No new similar cyberattacks have been reported in South Korea since Friday evening, the state-run Korea Information Security Agency said.