Email

South Korea network attack ‘a computer virus’

Staff at broadcaster YTN were faced with error messages on computer screens

Disruption that paralysed the computer networks of broadcasters and banks in South Korea appears to have been caused by a virus, an official close to the investigation has told the BBC.

Staff at broadcaster YTN were faced with error messages on computer screens

The official said it was believed a “malicious” code was to blame for the system failure.

He said investigators were trying to identify and analyse the virus.

Last week, North Korea accused the US and its allies of attacks on its internet servers.

In the latest incident, two South Korean banks, Shinhan Bank and Nonghyup, and three TV stations KBS, MBS and YTN, all reported that their networks had suddenly shut down on Wednesday afternoon.

The BBC’s Lucy Williamson in Seoul says that, for one of the world’s most networked populations, South Korea has had more than its share of cyber attacks.

North Korea has been blamed for several breaches over the past few years, she says.

Initially, South Korea’s Communications Commission suspected a cyber-attack. However, the BBC was later told that experts had concluded it was not a denial-of-service attack, of the kind South Korea has experienced in the past.

‘Skulls’ on screens

Staff at the three broadcasters said their computers crashed and could not be restarted, with screens simply displaying an error message, although they have continued to make television broadcasts, our correspondent said.

There were also reports of skulls popping up on some computer screens, which could indicate that hackers had installed malicious code in the networks, the Korean Internet Security Agency said.

Some services at Shinhan bank, including internet banking and ATM machines, were also affected, although operations now appear to have been restored.

In the immediate aftermath of the incident, South Korean internet service provider LG Uplus said it believed its network had been hacked, Reuters news agency reported.

An official from the presidential office told Yonhap news agency it was not yet known whether North Korea was involved.

“We do not rule out the possibility of North Korea being involved, but it’s premature to say so,” Defence Ministry spokesman Kim Min-seok said.

Surveillance upgrade

No government-related computer networks had been affected, an official from the National Computing and Information Agency (NCIA) told the agency.

The military has upgraded its information surveillance status by one level, Yonhap said.

North Korea is believed to have been behind two major cyber attacks on the South, in 2009 and 2011, that targeted government agencies and financial firms.

Nonghyup bank was one of the victims of the 2011 attack, which left its customers unable to access or transfer their cash for three days.

North Korea has stepped up rhetoric in recent days in response to fresh UN sanctions over its nuclear test in February and joint annual military drills between the US and South Korea, which it bitterly opposes.

On 15 March, North Korea’s KCNA news agency accused the US and its allies of “intensive and persistent” hacking attacks on its networks.

Official sites such as KCNA, Air Koryo and Rodong Sinmun, the party newspaper, were reportedly inaccessible for short periods.

Related posts

New York City police investigate the death of a woman found on fire in subway car

Death toll in attack on Christmas market in Germany rises to 5 and more than 200 injured

US Senate passes government funding bill, averts shutdown