SEOUL, SOUTH KOREA (AP) - A Chinese Internet address was the source of a cyberattack on one company hit in a massive network shutdown that affected 32,000 computers at six banks and media companies in South Korea, initial findings indicated Thursday.
It’s too early to assign blame _ Internet addresses can easily be manipulated and the investigation could take weeks _ but suspicion for Wednesday’s shutdown quickly fell on North Korea, which has threatened Seoul and Washington with attack in recent days because of anger over U.N. sanctions imposed for its Feb. 12 nuclear test.
South Korean regulators said they believe the attacks came from a “single organization,” but they’ve still not finished investigating what happened at the other companies.
Experts say hackers often attack via computers in other countries to hide their identities. South Korea has previously accused North Korean hackers of using Chinese addresses to infect their networks.
The attack Wednesday caused computer networks at major banks and top TV broadcasters to crash simultaneously. It paralyzed bank machines across the country and raised fears that this heavily Internet-dependent society was vulnerable. On Thursday, only one of the attacked banks, Shinhan, was fully online, officials said.
A Chinese address created the malicious code in the server of Nonghyup bank, according to an initial analysis by the state-run Korea Communications Commission, South Korea’s telecom regulator.
Investigators are analyzing the log-in records and the malicious code collected from the infected servers and computers. It could take at least four to five days for the infected computers to recover fully. Experts say the entire investigation could take weeks.
South Korean regulators have also distributed vaccine software to government offices, banks, hospitals and other institutions to prevent more outages.
In an indication of the high tension on the Korean Peninsula, South Korean media reported that North Korea sounded air-raid warnings in radio broadcasts Thursday morning as part of military drills.
The network paralysis took place just days after North Korea accused South Korea and the U.S. of staging a cyberattack that shut down its websites for two days last week. Loxley Pacific, the Thailand-based Internet service provider, confirmed the North Korean outage but did not say what caused it. South Korea denied the allegation.
The attack may have also extended to the United States. Greg Scarlatoiu, executive director of the U.S.-based Committee for Human Rights in North Korea, said he discovered early Wednesday that their website had been hacked. They have yet to establish who was behind it but strongly suspect it came from North Korea.
Several of the committee’s publications, including lengthy reports with satellite imagery of North Korean prison camps, had been removed, along with biographies of their staff and board, and their policy recommendations to the Obama administration.
The South Korean shutdown did not affect government agencies or sensitive targets such as power plants or transportation systems, and there were no immediate reports that bank customers’ records were compromised, but the disruption froze part of the country’s commerce.
Some customers were unable to use the debit or credit cards that many rely on more than cash. At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines formed outside disabled bank machines.