As computer systems of banks and broadcasters in South Korea were significantly interrupted on Wednesday, fingers were immediately pointed at their neighbours in the north. It’s now emerged that the source of the hacking attack has been traced to an IP address in China, but the identities of those responsible have not yet been confirmed.
On 20 March the computer networks of three South Korean broadcasting stations – KBS, MBC and YTN – plus two banks, Shinhan and Nonghyup froze at around 2pm local time. Shinhan said its ATMs, payment terminals and mobile banking in the south were affected, but TV stations were not.
People reported that signs appeared on some computer screens from a previously unknown group calling themselves the “WhoisTeam”, showing images of skulls and a message stating it was only the beginning of “our movement”.
The South’s communications security system raised its alert level on cyber-attacks to level three on a five-tier scale, tripling the number of staff to monitor the situation. This was then raised to a level four on the five-tier scale after an emergency security meeting.
The banks and television stations restored their main operations on Thursday morning.
This is not the first time South Korean computer systems have been targeted. Anti-virus firm McAfee said it believed a 10-day denial of service attack in 2011 originated from North Korea and suggested it was an attempt to test the South’s computer defenses in preparation for potential future conflicts. Another attack on a newspaper last year was also blamed on North Korean hackers.
They warned that it would take months to determine the source of the attacks.
Article by Jacob and Cadel