comments_image Comments

S. Korean TV networks, banks suffer suspect cyber attack

Members of the Korea Internet Security Agency monitor a cyber attack from their offices in Seoul, on March 20, 2013
Members of the Korea Internet Security Agency (KISA) monitor a cyber attack from their offices in Seoul, on March 20, 2013. The South Korean military has raised its cyber attack warning level after computer networks crashed at major TV broadcasters and ba

The South Korean military raised its cyber attack warning level Wednesday after computer networks crashed at major TV broadcasters and banks, with initial suspicions focused on North Korea.

The state-run Korea Internet Security Agency said computer networks at three TV broadcasters -- KBS, MBC and YTN -- as well as the Shinhan and Nonghyup banks had been "partially or entirely crippled".

LG Uplus, an Internet service provider, also reported a network crash.

An investigator from the specialist cyber wing of the national police agency said the shutdown appeared to have been triggered by a "virus or malicious code", suggesting a concerted hacking operation.

There was no immediate confirmation of who or what was behind the multiple shutdown, which occurred around 2:00 pm (0500 GMT), but the main finger of suspicion is likely to point at Pyongyang.

Wednesday's crash came days after North Korea accused South Korea and the United States of being behind a "persistent and intensive" hacking assault that took a number of its official websites offline for nearly two days.

Members of the Korea Internet Security Agency check on cyber attacks at a briefing room in Seoul, on March 20, 2013
Members of the Korea Internet Security Agency (KISA) check on cyber attacks at a briefing room in Seoul, on March 20, 2013.

The North was believed to be behind two major cyber attacks, in 2009 and 2011, that targeted South Korean government agencies and financial institutions, causing their networks to crash.

In June last year, the conservative JoongAng Ilbo newspaper had its server and website paralysed by a cyber attack that police again attributed to Pyongyang.

The South Korean Defence Ministry said it had raised its five-level "Infocon" cyber threat alert status from four to three.

With military tensions on the Korean peninsula at their highest level for years following the North's nuclear test last month, the Infocon level was only recently raised from five to four -- with one being the top threat level.

"We do not rule out the possibility of North Korea being involved, but it's premature to say so," Defence Ministry spokesman Kim Min-Seok said.

Disconnected computer monitors are seen at a visitors center of Korean Broadcasting System headquarters, March 20, 2013
Disconnected computer monitors are seen at a visitors center of Korean Broadcasting System (KBS) headquarters in Seoul on March 20, 2013.

Shinhan Bank said in a statement that it had been forced to turn away branch customers, while its Internet banking and ATM operations were also badly affected.

However, the network was restored after four hours, the bank said.

A KBS labour union spokesman said all the broadcaster's computers had crashed simultaneously. Although it remained on air, journalists had difficulty filing stories because they could not access the network, he said.

"We still have no idea who was behind the attacks," said a spokesman from the broadcasting watchdog Korea Communications Commission.

"The related government agencies are investigating affected PCs. We need more time to figure out who did it, and why," the spokesman said.

The National Computing and Information Agency, which oversees all the computer networks of government organisations, said its system had been unaffected.

South Korean intelligence officials say North Korea is believed to have a cyber warfare unit staffed by around 3,000 people handpicked for their computing prowess.

South Korea's YTN broadcaster staffs shut down computers in their offices in Seoul on March 20, 2013
South Korea's YTN broadcaster staffs shut down computers in their offices in Seoul on March 20, 2013.

Seoul's Korea Internet Security Agency recorded 40,000 cases of cyber attacks from foreign and domestic sources in 2012, up sharply from 24,000 in 2008.

"South Korea is an IT superpower with good infrastructure but remains relatively vulnerable to hacking," Park Soon-Tai, manager of the agency's hacking response team, told AFP in a recent interview.

China, North Korea's main patron which has angrily denied being behind a spate of cyber attacks on US interests, said the incident in South Korea showed the importance of a collective response to IT threats.

"China would like to work with other countries based on mutual respect and mutual trust in constructive cooperation in this field," foreign ministry spokesman Hong Lei said.

In a phone call to South Korean President Park Geun-Hye, China's new leader Xi Jinping said Beijing was willing to help promote "reconciliation" between Seoul and Pyongyang amid the current tensions.

Share