South Korea was on high alert yesterday for more cyber attacks amid suspicions that North Korea was behind a recent wave of Web site outages in the South and in the US. The South warned that computer networks of key infrastructure could be targeted.
The National Intelligence Service said in a statement that it was strengthening cyber security measures for government computer networks, citing a possible new wave of attacks which could target national infrastructure operators like energy, telecommunications and media companies.
The intelligence agency said the sophistication of the attacks suggested they were carried out at a higher level than rogue or individual hackers.
Earlier yesterday, the country’s leading computer security company also said that another wave of attacks was expected in South Korea later in the day.
Seoul-based antivirus software developer AhnLab said it has analyzed a virus program that sent a flood of Internet traffic to paralyze Web sites in both South Korea and the US.
It said seven South Korean sites were likely to be targeted yesterday, including those of the Ministry of Public Administration and Security, Kookmin Bank and the mass-circulation Chosun Ilbo newspaper.
Intelligence officials in South Korea believe North Korea or pro-Pyongyang forces were behind the cyber attacks in the US over the July 4 US Independence Day holiday weekend and in South Korea since Tuesday.
Some South Korean sites remained inaccessible or unstable on Thursday, including the National Cyber Security Center, affiliated with the main spy agency.
US authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to identify the attackers quickly.
Three US officials said that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.
On Thursday, the Dong-a Ilbo newspaper reported that South Korea has detected signs that North Korea or its sympathizers in China or elsewhere committed the cyber attacks.
The paper, citing an unidentified government official, said the assessment was made after an investigation on infected computers’ IP addresses — the Internet equivalent of a street address or phone number.
The cyber outages were caused by so-called denial of service attacks in which floods of computers all try to connect to a single site at the same time, overwhelming the server that handles the traffic, the state-run Korea Information Security Agency said.
In South Korea, 12 sites were initially attacked on Tuesday, followed by attacks on Wednesday on 10 others, including those of government offices like the presidential Blue House and the Defense Ministry, banks, vaccine firms and Web portals. The US targets included the White House, the Pentagon, the US Treasury Department and the New York Stock Exchange.
The state-run Korea Communications Commission said on Thursday it was considering raising the alert level again to “orange,” the second highest of four levels of alertness, if more cyber attacks occur and cause serious problems.
The “orange” level requires the government to mobilize more personnel and equipment to cope with cyber attacks, said agency official Ku Kyo-young. The current level is “yellow.” Ku said about 20,000 computers in South Korea had been infected by Wednesday evening and the number could have increased.
There were no immediate reports of financial damage or leaking of confidential national information, according to the Korea Information Security Agency. The attacks appeared aimed only at paralyzing Web sites.