South Korea today said it was preparing for the possibility of more cyberattacks as a new team of investigators tried to determine if North Korea was behind a synchronised shutdown of tens of thousands of computers at six South Korean banks and media companies.
Many in Seoul suspect hackers loyal to Pyongyang were responsible for Wednesday’s attack, but South Korean officials have yet to assign blame and say they have no proof yet of North Korea’s involvement. Pyongyang hasn’t yet mentioned the shutdown.
The investigation could take weeks, but an initial finding linked a Chinese Internet Protocol address to one of the banks affected.
South Korea has set up a team of computer security experts from the government, military and private sector to identify the hackers and is preparing to deal with more possible attacks, presidential spokesman Yoon Chang-jung told reporters today. He didn’t elaborate on the possibility of more attacks, but said the Prime Minister would later hold a meeting to discuss ways to beef up cybersecurity at institutions overseeing infrastructure such as roads and electricity.
Determining who’s behind a digital attack is often difficult. But North Korea is a leading suspect for several reasons. It has unleashed a torrent of threats against Seoul and Washington since punishing UN sanctions were imposed for Pyongyang’s February 12 nuclear test. It calls ongoing routine US-South Korean military drills a threat to its existence.
Pyongyang also threatened revenge after blaming Seoul and Washington for a separate Internet shutdown that disrupted its own network last week. Seoul alleges six cyberattacks by North Korea on South Korean targets since 2009.
If the attack was in fact carried out by North Korea, it may be a warning to Seoul that Pyongyang is capable of breaching its computer networks with relative ease.
The cyberattack did not affect South Korea’s government, military or infrastructure, and there were no initial reports that customers’ bank records were compromised. But it disabled cash machines and disrupted commerce in this tech-savvy, Internet-dependent country, renewing questions about South Korea’s Internet security and vulnerability to hackers.
The attack disabled some 32,000 computers at broadcasters YTN, MBC and KBS, as well as three banks. The broadcasters said their programming was never affected.
All three of the banks that were hit were back online and operating regularly today. It could be next week before the media companies have fully recovered.