North Korea hackers blamed for South Korea shutdown

20 March 2013
By Sofia Mitra-Thakur
Mobile version
Share |
A reporter uses his mobile phone at the main office of television network YTN in Seoul

A reporter uses his mobile phone at the main office of television network YTN in Seoul

Computer networks at two major South Korean banks and three top TV broadcasters went into mass shutdown today, paralysing bank machines across the country and prompting speculation of a cyber attack by North Korea.

Servers at television networks YTN, MBC and KBS were affected as well as Shinhan Bank and NongHyup Bank, two major banks, the police and government officials said.

At least some of the computers affected by the attacks had some files deleted, according to the authorities.

Screens went blank at 2pm local time (0500 GMT), with skulls popping up on the screens of some computers - a strong indication that hackers had planted a malicious code in South Korean systems, the state-run Korea Information Security Agency said.

Some computers started to get back online more than two and a half hours later.

"We sent down teams to all affected sites. We are now assessing the situation. This incident is pretty massive and will take a few days to collect evidence," a police official said.

The banks have since restored their operations, but the TV stations could not say when they would be able to get their systems back up. Some workers at the stations could not boot their computer.

Broadcasts were not affected.

Police and South Korean officials investigating the shutdown said the cause was not immediately clear.

Speculation centred on North Korea, with experts saying a cyber attack orchestrated by Pyongyang was probably to blame.

The shutdown comes amid rising rhetoric and threats of attack from Pyongyang in response to UN punishment for its December rocket launch and February nuclear test.

Washington also expanded sanctions against North Korea this month in a bid to cripple the regime's ability to develop its nuclear programme.

North Korea has threatened revenge for the sanctions and for ongoing routine US-South Korean military drills it considers invasion preparation.

Accusations of cyber attacks on the Korean Peninsula are not new. Seoul believes Pyongyang was behind at least two cyber attacks on local companies in 2011 and 2012.

The latest network paralysis took place just days after North Korea accused South Korea and the US of staging a cyber attack that shut down its websites for two days last week.

The Thai-based internet service provider confirmed the outage, but did not say what caused the shutdown in North Korea.

"It's got to be a hacking attack," Lim Jong-in, dean of Korea University's Graduate School of Information Security, said of today's events.

"Such simultaneous shutdowns cannot be caused by technical glitches."

Shinhan Bank, a lender of South Korea's fourth-largest banking group, reported a system shutdown, including online banking and cash machines.

The company could not conduct any customer activities at bank windows, including retail and corporate banking.

At one Starbucks in central Seoul, customers were asked to pay for their coffee in cash, and queues formed outside disabled bank machines.

Seoul is a largely cashless society, with many people using debit and credit cards.

Broadcasters KBS and MBC said their computers went down at 2pm but officials said the shutdown did not affect daily TV broadcasts.

The YTN cable news channel also said the company's internal computer network was completely paralysed.

Local TV showed workers staring at blank computer screens.

The South Korean military raised its cyber attack readiness level today following the shutdown, the Defence Ministry said.

Defence officials reported no signs of cyber attacks on its ministry's computer network and had no immediate details about the broader shutdown.

LG Uplus Corp, South Korea's third-largest mobile operator, which also operates landline services, said the company's networks were operating normally and it did not see any signs of a cyber attack, company spokesman Lee Jung-hwan said.

The companies whose networks shut down today use not just LG Uplus's services but also other services from SK Telecom Co and KT Corp, he said.

The investigation will take months, Mr Lim said.

"Hackers attack media companies usually because of a political desire to cause confusion in society," he said.

"Political attacks on South Korea come from North Koreans."

Massive shutdowns of the networks of major companies take at least one to six months of planning and co-ordination, said Kwon Seok-chul, chief executive officer of Seoul-based cyber security firm Cuvepia.

Share |

Latest Issue

E&T cover image 1409

"Who's getting the best engineering education? And what did your careers advisor suggest you do when you leave school?"

E&T jobs

E&T Marketplace

The essential source of engineering products and suppliers.

E&T podcast

Tune into our latest podcast

iTunes logo

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T