The computer networks of three television networks and two banks were paralyzed Wednesday by malicious codes from unknown hackers, according to government officials.
The presidential office said the National Security Office (NSO) was investigating the cause of the problems; while the Korea Communications Commission, the government watchdog, called it a hacking attack.
President Park Geun-hye received the first report about the case at 2:50 p.m. from NSO head Kim Jang-soo who was apprised of the situation first at 2:10 p.m. according to presidential spokeswoman Kim Haing.
Over the possibility of a hacking attack by North Korea, Kim declined to provide further details. Experts, however, said that the chance was high that the North was involved.
“Restore the paralyzed computer networks first, and then figure out the cause and set up measures,” Park was quoted as saying.
The spokeswoman said the government formed a private, public and military joint reaction team and is handling the case in real time.
The Ministry of National Defense enhanced its “Infocon” level ― an alert against cyber terror ― by one notch but added it was premature to conclude North Korea was responsible.
State-run broadcaster KBS reported the paralysis of its computer network first to the National Intelligence Service (NIS) at around 2 p.m.
MBC and the news cable channel YTN were the next to be affected.
Networks at Shinhan Bank, Nonghyup and Jeju Bank also went down.
Shinhan Bank, the flagship unit of the country's No. 3 banking group Shinhan Financial Group, experienced interruption in its electronic transaction system around 2 p.m., including Internet banking, smartphone banking and use of automated teller machines.
Shinhan Bank said the lenders' electronic transaction system was restored about two hours later.
Two insurance arms of NongHyup Financial Group also reported computer network shutdowns at some of their branches at 2:15 p.m., with some of their employees finding files on their hard drives had been erased. NongHyup Financial Group also said its computer network was normalized two hours later.
Computer glitches were also reported at Woori Bank and Jeju Bank, a subsidiary of Shinhan Financial Group.
SBS said its computer network was not attacked.
The National Police Agency assigned the case to its cyber terror response center and said an investigation is underway.
The three broadcasters attacked share the same communications network, provided by LG Uplus.
Experts said there is a possibility the network itself was hacked.
“The hacking was not initiated at an individual level. An individual could hack into the network of one institution, but cannot conduct simultaneous attacks as happened,” said Lim Jong-in, chief director of the Center for Information Security Technology at Korea University.
Lim also raised the possibility of the shutdowns being a North Korean attack.
“Cyber terror is one of the easiest ways for them to attack the South as it does not damage humans,” he said.
Lim made clear the incidents were different from Distributed Denial-of-Service, or DDoS, attacks. “This hacking is seen as an attack by various methods including manipulating the Uniform Resource Locator,” he said.
Netizens raised fresh suspicions that the attack was conducted by an unidentified hacking group called “Whois.”
A tweeter with ID @r*****, who said he is a worker for companies that use LG Uplus’s communication networks, posted a captured page of his computer screen after the hacking, which showed the message, “Hacked by Whois Team,” with the pictures of three skulls.
The incident caused huge inconvenience to workers at the companies.
A YTN reporter said, “I am not able to send my news story to headquarters at the moment.”
A KBS staff member said a warning message saying “operating system not found” was shown on a black screen when she tried to turn on her personal computer.
She added KBS began tracking Internet Protocol addresses to ascertain where the outage started.
The government official pointed out that, considering broadcasters and financial institutes dealing with confidential information and documents, even the NIS cannot take a close look at their internal servers.
“So the hacker might have targeted those institutes,” he said.
He added the case should be managed as a national security situation as the possibility of an attack by the North could not be ruled out.
Source: The Korea Times
Slightly more legal source