The attacks, which left many South Koreans unable to withdraw money from A.T.M.’s and news broadcasting crews staring at blank computer screens, came as the North’s official Korean Central News Agency quoted the country’s leader, Kim Jong-un, as threatening to destroy government installations in the South, along with American bases in the Pacific.
Though American officials dismissed those threats, they also noted that the broadcasters hit by the virus had been cited by the North before as potential targets.
The Korea Communications Commission said Thursday that the disruption originated at an Internet provider address in China but that it was still not known who was responsible.
Many analysts in Seoul suspect that North Korean hackers honed their skills in China and were operating there. At a hacking conference here last year, Michael Sutton, the head of threat research at Zscaler, a security company, said a handful of hackers from China “were clearly very skilled, knowledgeable and were in touch with their counterparts and familiar with the scene in North Korea.”
But there has never been any evidence to back up some analysts’ speculation that they were collaborating with their Chinese counterparts. “I’ve never seen any real evidence that points to any exchanges between China and North Korea, ” said Adam Segal, a senior fellow who specializes in China and cyberconflict at the Council on Foreign Relations,
Wednesday’s attacks, which occurred as American and South Korean military forces were conducting major exercises, were not as sophisticated as some from China that have struck United States computers, and certainly less sophisticated than the American and Israeli cyberattack on Iran’s nuclear facilities. But it was far more complex than a “denial of service” attack that simply overwhelms a computer system with a flood of data.
The malware is called “DarkSeoul” in the computer world and was first identified about a year ago. It is intended to evade some of South Korea’s most popular antivirus products and to render computers unusable. In Wednesday’s strikes, the attackers made no effort to disguise the malware, leading some to question whether it came from a state sponsor — which tend to be more stealthy — or whether officials or hackers in North Korea were sending a specific, clear message: that they can reach into Seoul’s economic heart without blowing up South Korean warships or shelling South Korean islands.
North Korea was accused of using both those techniques in attacks over the past three years.
The cyberattacks Wednesday come just days after North Korea blamed South Korea and the United States for attacks on some of its Web sites. The North’s official Korean Central News Agency said last week that North Korea “will never remain a passive onlooker to the enemies’ cyberattacks that have reached a very grave phase as part of their moves to stifle it.”
The South Korean government cautioned that it was still too early to point the finger for Wednesday’s problems at the North, which has been threatening “pre-emptive nuclear attacks” and other, unspecified actions against its southern neighbor for conducting the military exercises with the United States this month and for supporting new American-led United Nations sanctions against the North.
“We cannot rule out the possibility of North Korean involvement, but we don’t want to jump to a conclusion,” said Kim Min-seok, a spokesman for the Defense Ministry.
The military raised its alert against cyberattacks, he added, and the Korea Communications Commission asked government agencies and businesses to triple the number of monitors for possible hacking attacks. South Korea’s new president, Park Geun-hye, instructed a civilian-government task force to investigate the disruptions.
Nicole Perlroth contributed reporting from San Francisco, and David E. Sanger from Washington.
Article source: http://www.nytimes.com/2013/03/21/world/asia/south-korea-computer-network-crashes.html?partner=rss&emc=rss