SEOUL, South Korea (July 9) - South Korean Web sites were attacked again Thursday after a wave of Web site outages in the U.S. and South Korea that several officials suspect North Korea was behind.
Seven sites — one belonging to the government and the others to private entities — were attacked in the third round of cyber assaults, said Ku Kyo-young, an official from the state-run Korea Communications Commission.
Skip over this content
Ahn Young-joon, AP
An employee of the Korea Internet Security Center works in a monitoring room Wednesday. A spate of computer attacks has disabled at least 30 South Korean Web sites in recent days.
Earlier in the day, the country's leading computer security company, AhnLab, had warned of a new attack after analyzing a virus program that sent a flood of Internet traffic to paralyze Web sites in both South Korea and the United States.
About two hours after the latest attack, all but one shopping site were working normally. The Yonhap news agency had earlier reported that the Web site of the leading Kookmin Bank was down for about 30 minutes.
Twelve South Korean sites were initially attacked Tuesday, followed by strikes Wednesday on 10 others, including those for government offices. The U.S. targets included the White House, Pentagon, Treasury Department and the Nasdaq stock exchange.
Like previous ones, the latest assault was also caused by so-called denial of service attacks in which floods of computers try to connect to a single site at the same time, overwhelming the server, the commission official said.
Some South Korean sites hit in the past few days remained inaccessible or unstable on Thursday, including the National Cyber Security Center, affiliated with the main spy agency. No major disruptions, however, were reported.
"The damage from the latest attack appear to be limited because those sites took necessary measures to fend off the attack," Ku said.
Seoul's main intelligence agency, the National Intelligence Service, informed members of parliament's intelligence committee Wednesday that it believes North Korea or pro-Pyongyang forces were behind the cyber attacks, a lawmaker said.
Park Young-sun, a member of the committee, said Thursday that a senior intelligence official told her the NIS suspects the North because the country warned it won't tolerate what it claimed were South Korean moves to participate in a U.S.-led cyber warfare exercise, according to a statement from the opposition Democratic Party.
Park also told a party meeting that the NIS official cited the fact that most of the attacked sites were those of conservative organizations that have pushed the government to take a harder line on North Korea. Among the sites targeted were those of the presidential Blue House and the ruling Grand National Party.
Park said the NIS official told her the spy agency only gave the committee members the information in the form of a progress report, suggesting no conclusions had been made. Park didn't identify the official.
The spy agency said it could not immediately confirm Park's remarks.
The agency said in a statement Thursday that it was strengthening cyber security measures for government computer networks, citing a possible new wave of attacks that could target national infrastructure operators like energy, telecommunications and media companies.
But it did not mention suspected North Korean involvement and only repeated it was closely cooperating with the U.S. and other countries to discover the origin of the attacks. On Wednesday it said the sophistication of the attacks suggested they were carried out at a higher level than rogue or individual hackers.
U.S. authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to identify the attackers quickly.
Three U.S. officials said while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong Il's government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.
On Thursday, the Dong-a Ilbo newspaper reported that South Korea has detected signs that North Korea or its sympathizers in China or elsewhere committed the cyber attacks.
The paper, citing an unidentified government official, said the assessment was made after an investigation of infected computers' IP addresses — the Internet equivalent of a street address or phone number.
South Korean media reported in May that North Korea was running a cyber warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.
The communist North has recently engaged in a series of threats and provocative actions widely condemned by the international community, including a nuclear test and missile launches.
Ku of the communications commission said about 20,000 computers in South Korea had been infected by Wednesday evening and the number could have increased.
There were no immediate reports of financial damage or leaking of confidential national information, according to the Korea Information Security Agency. The attacks appeared aimed only at paralyzing Web sites.
Associated Press writers Jae-soon Chang and Wanjin Park in Seoul and Lolita C. Baldor in Washington contributed to this report.
