Go to Contents Go to Navigation

(LEAD) Prosecution says N. Korea behind Nonghyup's network breakdown

All Headlines 17:04 May 03, 2011

(ATTN: RECASTS lead, UPDATES throughout with more details)

SEOUL, May 3 (Yonhap) -- South Korea's prosecution said Tuesday that North Korea's intelligence organization was responsible for a cyber attack that paralyzed the computer network of a South Korean bank for weeks last month.

The North's Reconnaissance General Bureau in charge of espionage operations against Seoul hacked into the computer system of South Korea's agricultural cooperative, known as Nonghyup, and deleted key computer files in the bank's servers, the prosecution said.

The hackers remotely operated a laptop of an employee of a Nonghyup subcontractor after turning it into a "zombie computer" for the attack, it said.

"This was an unprecedented act of cyber terror involving North Korea," Kim Young-dae, a senior prosecutor from the Seoul Central Prosecutors' Office in charge of the investigation, told reporters.

The office said the hacking method used in the April 12 cyber attack of Nonghyup is similar to that used by North Korea for previous cyber attacks on key South Korean government and business Web sites in 2009 and in March this year.

One of the Internet Protocol addresses of Chinese servers used to break into the Nonghyup network was identical to one used two months ago for the distributed denial-of-service (DDoS) attack that originated from North Korea, it said.

The laptop, owned by an employee of IBM Korea, the cooperative's computer network maintenance subcontractor, became a zombie computer after downloading North Korea's hacking programs, disguised as update files, from a file storage site in September 2010, the prosecution office said.

Kim said that once the programs penetrated Nonghyup's computer system, they encoded malicious codes and files and hid their tracks, just as in the two previous DDoS attacks.

The Pyongyang-hired hackers stole secret information on Nonghyup's computer network system while closely monitoring the laptop for the next seven months through the implanted programs, it said. In the morning of April 12, the hackers installed "delete" commands on the laptop and activated them three times hours later through a remote control, the prosecutors said.

The command files attacked 273 servers out of 587, including those that control ATM transactions, Internet banking and credit card usage.

Prosecutors said that the North Korean hackers watched the entire process through the laptop and when they thought the attack was successful they deleted all data related to the attack.

The prosecution said that the incident is a new type of cyber terrorism that targets one private firm in an effort to destroy the financial foundation of South Korea's capitalist society.

"We have no plan to prosecute Nonghyup officials as the network disorder is attributable to North Korea. But the financial authorities or Nonghyup can discipline them for neglect of duty," the prosecution said in a statement.

"We will also demand all government offices and agencies conduct thorough inspections on every computer they have to deal with this type of cyber attack."

But some computer experts questioned the prosecution's announcement.

"It's difficult to say that North Korea actually staged it," said a computer security expert, asking for anonymity. "IP addresses can be fabricated. There is no solid evidence that the hackers who attacked Nonghyup and the groups who performed the DDoS attacks in 2009 and 2011 are the same just because they used the same IP address."

He added that it was still uncertain whether North Korea borrowed the IP address to manage the DDoS attack in 2009 or whether a third party possibly used the address to attack the Web sites.

"An IBM official, who is a computer expert, didn't realize that his laptop had become a zombie computer. I can't understand it," another expert said, citing Nonghyup's lax computer security.

The case set off concerns over local financial services firms' cyber security and protection of personal information, which was bolstered by a separate hacking incident into Hyundai Capital Services Inc., the country's leading consumer financial firm.

Nonghyup's customers were unable to use the bank's ATMs or online or phone banking services during the first few days following the attack. The cooperative was only able to fully restore its services 18 days after the hacking, according to the bank.

Some customers who complained of financial damage caused by the weeks-long system crash are expected to take legal action to demand compensation.


Send Feedback
How can we improve?
Thanks for your feedback!